Inactive Multiple Iexplorers in task manager

Status
Not open for further replies.
J

JamesM

Posts: 15   +0
Hi, I noticed my pc has got markedly slower lately. When I open task manager now there is often 10 different iexplorer listed there even when I only have 1 or 2 open.

I stumbled on to this thread https://www.techspot.com/community/...lware-preliminary-removal-instructions.58138/ and have ben following the instructions.

Step 1: First I downloaded comodo antivirus because my norton had ran out. I didnt run a scan as instructed.

Step 2: ran malwarebytes heres my log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.26.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
JAMSYM :: JAMSYM-PC [administrator]
Protection: Enabled
26/05/2012 13:19:07
mbam-log-2012-05-26 (13-19-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243236
Time elapsed: 6 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 1
C:\Users\JAMSYM\Downloads\SetupPoker_af2.exe (PUP.Casino) -> Quarantined and deleted successfully.
(end)

Step 3: Gmer, I ran gmer and it produced no log with I thought was a good sign.

Step 4:DDS. I kept trying to download this program but I keep getting error messages
68105192.png

39168097.png


After reading around a bit more I seen someone had a similar problem and had been told to download roguekiller, itryed that but I got the ssame messages for that. Thats when I decided I dont really know what im doing and should ask for help!

Thanks
 
Now I've tryed to download dds by subs on other pc and flashdrive it to this one but as soon as I put in the flashdrive dds gets removed instantly! Also tryed downloanding some other things such as RKill by grindler and same thing happens!
 
Try this for DDS::
Please download the corresponding file for your operating system:

XP

Vista

Windows 7

Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
==================================================
Multiple iexplore.exe are normal if you use IE8. But malware can also hide in almost any name so we will check them out.
=================================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
 
Downloaded the windows 7 patch and merged the file with registry.

However when I try to download dds I still get permission error as before
 
Tryed to put the file on my pc using flashdrive again and it appears for like 2 seconds when the flash drive is inserted but then it just vanishes :(
 
Please stop downloading those "other things." Follow only my instructions

Both of the images you left show dds2 And it shows in the temporary interent files- which is not where it should be.

Are you having permission issue or 'access id denied' with any other files?

Please search your system amd remove anything related to dds. Delete any entries. Then do the following>>>
:
You can choose a location on your computer where downloads should be saved by default. This means that whenever you using Save As in the File> Save As or when you choose to Save a download, it will automatically default to the location you have set.

You may find that setting the Default Download Location to your Desktop the most convenient. If you want to move the file later, you can. If you want to delete the file, it will be most handy on the Desktop. For the cleaning and scanning programs we use, almost all are directed to be saved to the desktop.

Set Default Download Location in Browsers:

Chrome:
Open Chrome> Customize and control> Options> Under the Hood> Downloads> Change> Select Desktop> OK
(Don't check 'ask where to save each time....')

Firefox:
Open Firefox> Tools> Options> Main/General> Downloads Section> Save Files to> Browse> Navigate to and select Desktop> OK

IE9
Open IE> Gear icon> View Downloads> Options> Browse to and select Desktop> OK

There may be a slight difference in the path dependent on the browser version. There may also be a box to check to "Ask me the location each time". I do not advise checking that box.
========================================================
Even if you've done any of this previously, please remove all previous entries for DDS- then start over.
  • Download DDS by sUBs and save it to your desktop.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click b]No[/b] to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • When the DDS scan finishes,it will open two (2) logs.
    [o] DDS.txt
    [o] Attach.txt
  • Save both to your desktop.(The logs will disappear when you close them otherwise.)
  • Copy and paste both logs into your reply.
  • Close the program window, and delete the program from your desktop.
  • Enable your Antivirus protection and reconnect to the internet.
[o] Ignore instruction to zip and attach the Attach.txt.[/list]
Note1: If you get notice about script running and scan won't run, after the program has been downloaded, disconnect from the internet and disable the AV.
Note2: See How To Disable AV
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by JAMSYM at 18:41:09 on 2012-05-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.1002 [GMT 1:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Internet Explorer Form-Fill Plug-In: {5425b4b8-87f9-4e9c-8b51-8aaba82eba64} - C:\Program Files (x86)\NETELLER app\plugins\IE\Neteller.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NETELLER app] "C:\Program Files (x86)\NETELLER app\NETELLER-app.exe" /BOOT
uRun: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7}\244584F6D656845726D244236373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO-X64: Babylon toolbar helper - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Internet Explorer Form-Fill Plug-In: {5425B4B8-87F9-4E9C-8B51-8AABA82EBA64} - C:\Program Files (x86)\NETELLER app\plugins\IE\Neteller.dll
BHO-X64: NetellerBHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
BHO-X64: AOL Toolbar BHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
IE-X64: {20791AD6-CD8D-47AB-AB10-D27ACC73728F} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe
IE-X64: {34DCB6F7-1F17-48EC-9652-F1C978E96E88} - C:\Microgaming\Poker\stanjamesgibMPP\MPPoker.exe
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=c41f998a00000000000000225feb9783
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\NETELLER app\plugins\Firefox\neteller\components\Neteller.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko10.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko11.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko12.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko8.dll
FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko9.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\JAMSYM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: ST-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: NETELLER: neteller.desktop@klipfolio - C:\Program Files (x86)\NETELLER app\plugins\Firefox\neteller
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - c41f998a00000000000000225feb9783
FF - user.js: extensions.BabylonToolbar_i.hardId - c41f998a00000000000000225feb9783
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59:01
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101385
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
user_pref('extensions.dealply.partner', 'vita');
.
user_pref('extensions.dealply.channel', 'vitafilewin');
.
user_pref('extensions.dealply.installId', 'v23500256101115962458192012031413591739');
.
user_pref('extensions.dealply.installIdSource', 'inst');
.
user_pref('extensions.dealply.sampleGroup', '9');
.
============= SERVICES / DRIVERS ===============
.
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/22 08:06:15];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-22 146928]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-10-5 1737464]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-5-16 412304]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-25 654408]
R2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Program Files (x86)/PostgreSQL/8.3/data" -w --> C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2666880]
R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-4 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-9-18 9216]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-4 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2009-9-7 9216]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-26 16:10:40 -------- d-----w- C:\ProgramData\Panda Security
2012-05-26 16:10:34 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
2012-05-26 12:37:34 -------- d-----w- C:\ProgramData\CPA_VA
2012-05-26 12:36:53 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5BDB4677-B72E-404C-95E8-5415956DB861}
2012-05-26 12:36:34 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{37D06FAD-E36C-4FB2-8722-95F4DA81EF20}
2012-05-26 12:36:15 -------- d--h--w- C:\VritualRoot
2012-05-26 12:01:19 -------- d-----w- C:\ProgramData\Comodo
2012-05-26 12:01:15 -------- d-----w- C:\Program Files\COMODO
2012-05-26 12:01:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\Comodo
2012-05-26 12:00:59 -------- d-----w- C:\Program Files (x86)\Comodo
2012-05-25 17:22:50 -------- d-----w- C:\Program Files (x86)\SkyPoker
2012-05-25 16:21:41 -------- d-----w- C:\Users\JAMSYM\AppData\Roaming\Malwarebytes
2012-05-25 16:21:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-25 16:21:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-25 16:21:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-25 16:00:42 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4EFA9B4D-C769-41C7-BCC1-35B11BAF10B5}
2012-05-25 16:00:32 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{6E5CBD6E-E1D5-4355-A743-42E2C220CDE5}
2012-05-23 15:18:55 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{F0CA11F5-AF3E-4A44-B034-7B61B9D238F5}
2012-05-23 15:18:33 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{AA512BBD-B3F2-40C5-A05A-4BDB7B8094A3}
2012-05-23 03:18:19 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{25312D7D-D498-4DC6-A398-FC0D188D84FC}
2012-05-23 03:17:57 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0F055BCE-51AB-4B29-9D53-02D3A08F8DB0}
2012-05-22 15:15:54 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{D7C1984F-F41A-49ED-9DEE-43E5D0BCAB0C}
2012-05-22 15:14:41 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{3A308B94-17B4-4B17-826A-791350BF0C58}
2012-05-22 12:47:32 -------- d-----w- C:\DOSGAMES
2012-05-22 12:44:55 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
2012-05-22 03:10:45 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C30E7BE3-642F-4A9B-9365-9E19F1A124EE}
2012-05-22 03:10:35 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{CF361608-2C51-4ED8-89C6-AA16CC92C81A}
2012-05-21 15:10:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9E6562C8-2D6B-4804-89EA-74778CBB461D}
2012-05-21 15:09:47 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{8A03C5C1-BF81-4B83-B181-01212AF40B44}
2012-05-21 12:19:28 -------- d-----w- C:\Users\JAMSYM\VirtualBox VMs
2012-05-21 12:18:41 -------- d-----w- C:\Users\JAMSYM\.VirtualBox
2012-05-21 12:18:11 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-05-21 12:17:59 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-05-21 11:33:07 -------- d-----w- C:\Program Files (x86)\Maxis
2012-05-21 11:17:04 304128 ----a-w- C:\Windows\IsUninst.exe
2012-05-21 03:09:19 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9D0AF7AF-AAB9-46C3-9750-333275F6B3AC}
2012-05-21 03:08:57 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{CE69A348-113F-4130-8014-6434161D3B0A}
2012-05-20 15:08:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E4BD2B26-9DF9-4DA1-8E07-917E0719D21B}
2012-05-20 15:08:18 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E845B396-F516-4350-BA16-96EDE6A7C189}
2012-05-20 03:08:04 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{D087676C-694B-428D-A8F3-288DE51A6B18}
2012-05-20 03:07:39 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{50F5C98B-CBBF-4789-999C-749F5836EB5F}
2012-05-19 15:07:25 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{1C2FE063-FD35-4233-B66C-40CFC30A6331}
2012-05-19 15:07:03 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{D5252A37-60BA-4ACE-B7C3-E5C407987399}
2012-05-19 03:06:50 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{6EF8903A-B210-4EEE-9BE8-7F3B1B3F7D92}
2012-05-19 03:06:28 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9DF9E1BC-BC3A-40F1-8303-94060ADB2CD8}
2012-05-18 15:06:13 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{FC24E416-A07A-4B80-8A03-04D210B43B96}
2012-05-18 15:05:51 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5055FCEC-594F-4570-A68B-E67540648527}
2012-05-18 03:05:37 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9B889142-0914-46AB-B9DF-9C8A42AB8600}
2012-05-18 03:05:16 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{F8D39158-E403-4D12-902C-35C0F73A517D}
2012-05-17 15:05:03 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9997EEDB-3832-43D5-B6E9-C67F0F35BAAD}
2012-05-17 15:04:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{375C3557-F8C7-4F9C-8C57-9D921623B76A}
2012-05-17 03:04:29 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0D5D598A-A99B-4D04-AF60-B9F95590E9C5}
2012-05-17 03:04:07 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{CB9D1694-1802-4E11-A4BF-FFDBAB9AEB82}
2012-05-16 15:03:55 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{578E0376-997A-4B54-B937-03A0B79C1D86}
2012-05-16 15:03:33 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A954B465-EDE8-45C4-B053-C2F1D41D360D}
2012-05-16 03:03:13 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C0061663-7194-4207-9A50-06D41CAEDB8A}
2012-05-16 03:03:02 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E6CD64AB-AD6D-4EB3-97BC-3035369C4C1A}
2012-05-15 14:40:44 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5B2B6AB4-0685-40AB-A080-F64AAB6CF977}
2012-05-15 14:40:22 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{18F4324D-BA26-4DD8-903B-DD0E0C467467}
2012-05-15 02:40:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A89624F3-4D6D-4A30-9857-1F1AFA63E263}
2012-05-15 02:39:47 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{648D926A-91F7-4BF7-8C98-B339A0A438C5}
2012-05-14 19:36:37 -------- d-----w- C:\ProgramData\boost_interprocess
2012-05-14 14:39:35 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A1CC4312-374E-4A43-A8A1-BC4A7E5C9851}
2012-05-14 14:39:13 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A537E9BF-C72C-4FAA-96A5-8F5203ED274F}
2012-05-14 02:39:00 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{519FB6C5-C696-4F3D-8AB4-DD4606AF79DB}
2012-05-14 02:38:38 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E1777018-E870-47E6-A84E-4394A2EB3456}
2012-05-13 14:38:22 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{809299F5-9C9D-444F-BA34-62DCF99C8249}
2012-05-13 14:37:58 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{621655B8-8F38-41DC-A9CD-884C892C5DBE}
2012-05-13 01:56:41 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{2C93621A-B31F-4754-B1A8-2E43A661037B}
2012-05-13 01:56:20 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0DF7D9F6-4C1D-407F-93E5-057E56B794F6}
2012-05-12 13:56:07 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{3FEA885D-4C86-4E11-B502-9A28B3E2281E}
2012-05-12 13:55:45 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0CF9C18B-5D7A-4A74-94F6-67A3547D213B}
2012-05-12 01:55:32 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{FBF8F876-4899-4411-9C79-55080CDF8982}
2012-05-12 01:55:10 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{683945E4-9466-4156-B49A-27A9BD1CEE3F}
2012-05-11 13:54:55 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{BA4DB30E-040B-41B6-AAAC-D10C60769AF4}
2012-05-11 13:54:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{B913CA4B-969A-488B-AC94-B3E37DBF48E9}
2012-05-10 23:41:47 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{BE6C5962-386A-4E76-A39B-0C8CCCBF04CD}
2012-05-10 23:41:25 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0AB65314-7830-4066-9995-AB9B17D10AFA}
2012-05-10 11:41:14 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{DF6F234D-6845-4F5A-80A5-06F7DBA21AD8}
2012-05-10 11:40:52 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{274BA458-697C-49AE-BD3E-7008DC3D00DE}
2012-05-09 23:40:39 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{20DA6661-5141-43E7-9D81-B6828D38314D}
2012-05-09 23:40:18 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{65795992-31B0-4B1B-BB91-807848950C46}
2012-05-09 11:40:05 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9648BCA8-7119-4760-844E-FCD4A6BFFDCA}
2012-05-09 11:39:43 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4BF09ABD-0834-41FA-81CC-E2752401C204}
2012-05-08 23:39:30 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{1D6ABCFE-4195-46AE-8A7E-0D168908F6D0}
2012-05-08 23:39:08 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{64564C9C-7B3A-4B72-A9F0-C9BD186A6FA7}
2012-05-08 11:38:54 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{6C380728-A2C3-42FE-B475-7D79D6D3A582}
2012-05-08 11:38:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{3795531A-08A4-4C7F-BB40-5F428232F143}
2012-05-07 16:59:51 -------- d-----w- C:\Windows\en
2012-05-07 16:53:17 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DSETUP.dll
2012-05-07 16:53:17 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DXSETUP.exe
2012-05-07 16:53:17 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\dsetup32.dll
2012-05-07 16:52:42 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4BD0310B-A0A8-40B0-9A27-C4B61EB03ECF}
2012-05-07 16:52:21 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{B14BC67A-23DC-4CE5-9AB1-C839BA445C68}
2012-05-05 10:14:53 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{2D9126CA-D70E-4DA7-A2E3-DB93F12263E7}
2012-05-05 10:14:28 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9BEA89CF-6D4B-4327-AF25-30FC4EF041CE}
2012-05-05 09:10:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4E36DA14-6BCA-4760-BD47-88F2975DD3FD}
2012-05-05 09:10:20 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{126989DE-7116-4A29-97B4-22A39BB1F5F5}
2012-05-04 10:00:17 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5BC2ABB3-6474-4364-8D76-757E030B7D7E}
2012-05-04 09:59:57 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{11F76A88-7D49-4D41-A664-D2F12CBF2C67}
2012-05-03 14:38:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-03 14:38:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-03 14:33:48 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{51CA3E04-5B66-4CEE-A68F-739BB7E84468}
2012-05-03 14:33:23 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E6F4457F-B9E7-4B71-B34E-672493DC13D0}
2012-05-03 14:09:23 -------- d-----w- C:\Windows\System32\SPReview
2012-05-03 14:08:30 -------- d-----w- C:\Windows\System32\EventProviders
2012-05-03 14:02:21 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C7B52A58-7EAA-4A47-8BC5-EA2745897C91}
2012-05-03 09:38:30 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E78D037B-13E1-4C74-8A3A-42E9A756DDC0}
2012-05-03 09:38:07 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C284A61E-A16D-461A-BF1D-7C5ADA27EF84}
2012-05-02 21:38:08 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E0A55F3B-70F3-41EB-BFEB-F240B3452C0B}
2012-05-02 20:40:00 -------- d-----w- C:\Users\JAMSYM\AppData\Roaming\YachtingPoker
2012-05-02 20:39:26 -------- d-----w- C:\Program Files (x86)\YachtingPoker
2012-04-28 01:33:31 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{B76F04EF-8155-4553-A90B-CE652953C907}
2012-04-28 01:33:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{918A5A97-8193-4579-99AC-0B71B4464DB2}
.
==================== Find3M ====================
.
2012-05-05 17:34:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:34:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:34:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 14:19:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-05-03 14:19:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-04-12 17:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2012-04-06 23:20:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-11 20:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-11 20:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-11 20:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-11 20:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-11 20:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-11 20:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 18:42:49.39 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17/12/2009 15:00:31
System Uptime: 26/05/2012 17:33:03 (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 352.826 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.429 GiB free.
E: is CDROM (CDFS)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP200: 13/05/2012 19:51:47 - Windows Update
RP201: 21/05/2012 03:07:16 - Scheduled Checkpoint
RP202: 21/05/2012 13:17:29 - Installed Oracle VM VirtualBox 4.1.14
RP203: 26/05/2012 13:02:53 - Device Driver Package Install: COMODO Network Service
RP204: 26/05/2012 13:43:08 - Removed Oracle VM VirtualBox 4.1.14
RP205: 26/05/2012 16:29:39 - Windows Update
RP206: 26/05/2012 17:30:42 - Windows Modules Installer
RP207: 26/05/2012 18:35:06 - Windows Modules Installer
.
==== Installed Programs ======================
.
24hPoker
3Connect
888poker
ActionPoker.com
Activate Norton Online Backup
Adobe AIR
Adobe Reader 9.2
AOL Toolbar 5.0
Apple Application Support
Apple Software Update
Babylon toolbar on IE
Bestpoker Avatar
Betfair Poker
Betfred Poker
Black Belt Poker
BodogPoker
Boylepoker
Cake Poker
Cake Poker 2.0
Camtasia Studio 6
CarbonPoker
Chilipoker
Comodo Dragon
COMODO GeekBuddy
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
D3DX10
DealPly
DirectX for Managed Code Update (Summer 2004)
Download Updater (AOL LLC)
DownloadX Free 1.1.1
DTD Poker
Eurobet Poker
Expekt Poker
Free RAR Extract Frog
Full Tilt Poker
Genting Poker
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
Holdem Manager
HollywoodPoker.com 1.0.0
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MAINSTREAM KEYBOARD
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
InterActual Player
Java Auto Updater
Java(TM) 6 Update 31
LabelPrint
Ladbrokes Poker
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware version 1.61.0.1400
Messenger Companion
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mouse Recorder Pro 2
Mozilla Firefox (3.6.28)
MS Access 97 SP2
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETELLER app (remove only)
NoiQPoker
Paddy Power Poker
Panda USB Vaccine 1.0.1.4
PartyPoker
PivEnet
PKR
Poker at bet365
PokerStars
PokerStars.fr
PokerStove version 1.24
PokerTime
PostgreSQL 8.3
Power2Go
PowerDirector
PowerRecover
Purple Lounge
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
redbet
Redbet Poker
Registry Patrol
RPM Poker
RuneScape
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
SimCity 3000 UK Edition
Sky Poker
Skype Click to Call
Skype™ 5.8
Stan James
Starters Orders 4
SwiftKit
TeamViewer 7
Titan Poker
True Poker
UB
Uncover
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
Victor Chandler
Victor Chandler Poker
Vodafone Mobile Connect Lite
William Hill Poker
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.00 beta 4 (32-bit)
YachtingPoker 2.26 build 318
ZTE_1.2059.0.8
ZTE_MF627_USB_MODEM_1.2059.0.4
.
==== Event Viewer Messages From Past Week ========
.
26/05/2012 13:02:46, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
21/05/2012 21:55:46, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================
 
Just noticed its not just internet explorer that seems to be using lots of memory in task manager. I was using firefox an hour or so ago and when I do taskmanager it shows firefox still using 106,676k memory even though its been closed for an hour :/
 
I noticed my pc has got markedly slower lately.
Click to expand...

Some of the reasons why:
1. There are 36 poker programs installed
2. There are 12 Active X Objects for the poker programs running in IE
3. There are 7 processes for PostgreSQL> all executables
4. There are 9 FF - components for RadioWMPCoreGecko 5, 6, 7, 8, 9, 10, 11, 12, 19.dll. As far as I can find, these are part of the Conduit toolbar regime- once forbidden for Firefox, now possibly allowed. Some users found them on FF when they updated. These toolbars frequently are know to track users.
5. Firefox has an excess of components, extensions, plug-ins and Conduit toolbars.
6. There is an excess of toolbars (TB), browser helper objects (BHO), Active X Objects
7. The Babylon Toolbar has taken over Firefox.

It appears that your lack of security has allowed bundled processes to access the system. Pre-checked processes on download screens were not unchecked.

And yes, you do have malware.
=============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------

  • Download Combofix from HERE or HEREand save to the desktop
    • Double click combofix.exe
      cf-icon.jpg
      & follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
      Click to expand...
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • Close any open browsers.
  • Before you run the Combofix scan, please disable any security software you have running.
    (If you need help with this, please see HERE)
  • Click on Yes, to continue scanning for malware
  • If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
===================================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===========================================================
Download Security Check by screen317 and save to the desktop
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt please
  • Post the contents of that document.
Please leave all logs in your next reply.
 
I can remove about 30 of the poker programs I only really use about 5 now. Should just uninstall them using control panel add/remove programs or should I wait until the malware has been removed first?

''4. There are 9 FF - components for RadioWMPCoreGecko 5, 6, 7, 8, 9, 10, 11, 12, 19.dll. As far as I can find, these are part of the Conduit toolbar regime- once forbidden for Firefox, now possibly allowed. Some users found them on FF when they updated. These toolbars frequently are know to track users.
5. Firefox has an excess of components, extensions, plug-ins and Conduit toolbars.
6. There is an excess of toolbars (TB), browser helper objects (BHO), Active X Objects
7. The Babylon Toolbar has taken over Firefox.''

Im happy to delete all of this if you tell me how ^

logs:
combofix

ComboFix 12-05-27.02 - JAMSYM 28/05/2012 1:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2486 [GMT 1:00]
Running from: c:\users\JAMSYM\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres.JAMSYM-PC\AppData\Local\temp
2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 21:14 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79F3420E-79D7-48B1-A561-E7358A17E7D8}\mpengine.dll
2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\programdata\Panda Security
2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-05-26 12:37 . 2012-05-26 15:33 -------- d-----w- c:\programdata\CPA_VA
2012-05-26 12:36 . 2012-05-26 12:36 -------- d-----w- C:\VritualRoot
2012-05-26 12:01 . 2012-05-26 17:12 -------- d-----w- c:\programdata\Comodo
2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\program files\COMODO
2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\users\JAMSYM\AppData\Local\Comodo
2012-05-26 12:00 . 2012-05-26 12:01 -------- d-----w- c:\program files (x86)\Comodo
2012-05-25 17:22 . 2012-05-25 17:22 -------- d-----w- c:\program files (x86)\SkyPoker
2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\Malwarebytes
2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\programdata\Malwarebytes
2012-05-25 16:21 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 12:47 . 2012-05-22 13:05 -------- d-----w- C:\DOSGAMES
2012-05-22 12:44 . 2012-05-22 12:45 -------- d-----w- c:\program files (x86)\DOSBox-0.74
2012-05-21 12:19 . 2012-05-22 12:17 -------- d-----w- c:\users\JAMSYM\VirtualBox VMs
2012-05-21 12:18 . 2012-05-22 12:22 -------- d-----w- c:\users\JAMSYM\.VirtualBox
2012-05-21 12:18 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-21 12:17 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-21 11:33 . 2012-05-21 11:33 -------- d-----w- c:\program files (x86)\Maxis
2012-05-21 11:17 . 1998-01-23 11:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-05-14 19:36 . 2012-05-15 12:36 -------- d-----w- c:\programdata\boost_interprocess
2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-07 16:59 . 2012-05-07 16:59 -------- d-----w- c:\windows\en
2012-05-07 16:53 . 2012-05-07 16:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DSETUP.dll
2012-05-07 16:53 . 2012-05-07 16:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DXSETUP.exe
2012-05-07 16:53 . 2012-05-07 16:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\dsetup32.dll
2012-05-03 14:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-03 14:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-03 14:09 . 2012-05-03 14:09 -------- d-----w- c:\windows\system32\SPReview
2012-05-03 14:08 . 2012-05-03 14:08 -------- d-----w- c:\windows\system32\EventProviders
2012-05-02 20:40 . 2012-05-02 20:40 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\YachtingPoker
2012-05-02 20:39 . 2012-05-02 20:39 -------- d-----w- c:\program files (x86)\YachtingPoker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:34 . 2012-04-12 13:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:34 . 2011-11-16 10:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:34 . 2012-04-12 13:34 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 14:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-03 14:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-06 23:20 . 2012-04-06 23:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 02:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 02:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 02:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 02:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 02:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 02:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 02:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]
"NETELLER app"="c:\program files (x86)\NETELLER app\NETELLER-app.exe" [2012-03-06 1957656]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-04 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 11776]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/22 08:06];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 14:50 146928]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-05-16 412304]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 -D C:/Program Files (x86)/PostgreSQL/8.3/data -w [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:34]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001Core.job
- c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001UA.job
- c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
.
2012-05-25 c:\windows\Tasks\HPCeeScheduleForJAMSYM.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=c41f998a00000000000000225feb9783
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: ST-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: NETELLER: neteller.desktop@klipfolio - c:\program files (x86)\NETELLER app\plugins\Firefox\neteller
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: extensions.BabylonToolbar_i.id - c41f998a00000000000000225feb9783
FF - user.js: extensions.BabylonToolbar_i.hardId - c41f998a00000000000000225feb9783
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101385
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitafilewin');
user_pref('extensions.dealply.installId', 'v23500256101115962458192012031413591739');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2012-05-28 01:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 00:34
.
Pre-Run: 374,431,928,320 bytes free
Post-Run: 374,355,709,952 bytes free
.
- - End Of File - - 3E0384876DA377BDE1E34E54C400DFFB
 
Eset

C:\Microgaming\Poker\PokerTimeMPP\install.exe a variant of Win32/PrimeCasino application
C:\Microgaming\Poker\stanjamesgibMPP\install.exe a variant of Win32/PrimeCasino application
C:\Poker\William Hill Poker\_SetupPoker.exe Win32/PTCasino application
C:\Poker\William Hill Poker\_SetupPoker[1].exe Win32/PTCasino application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
C:\Program Files (x86)\Registry Patrol\RegistryPatrol.exe a variant of Win32/Adware.RegistryPatrol application

Screen317

Results of screen317's Security Check version 0.99.39
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
COMODO Antivirus
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java(TM) 6 Update 31
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.28) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
[/u]````````````````````End of Log``````````````````````[/u]
 
James, you are basically going to have to start over> uninstall ALL programs you're not using:

1. If they have their own uninstaller, use that. If they don't uninstall in Add/Remove Programs.
2. For each programs that you have uninstalled, use Windows Explorer (right click on Start> Explore) to access Computer> Local Drive(C)> Programs> Look for program folder fo each uninstalled program and do a right click> Delete on each.

Make a list of the 5 poker programs you're keeping. I will write script later to remove any left over entries from those you uninstalled/

3. It appears that little or no maintenance has been done on the system. I'm going to have you use cleaning program for the set entries that will also remove temp files: Please do the following:

Please download OTMovit by Old Timerand save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Processes    
BabylonToolbarsrv.exe
RegistryPatrol.exe
:Files
C:\Microgaming\Poker\PokerTimeMPP\install.exe 
C:\Microgaming\Poker\stanjamesgibMPP\install.exe
C:\Poker\William Hill Poker\_SetupPoker.exe 
C:\Poker\William Hill Poker\_SetupPoker[1].exe 
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll 
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll 
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe 
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll 
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll 
C:\Program Files (x86)\Registry Patrol\RegistryPatrol.exe 
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========================================================
The following are done through Windows Explorer:Right click on Start> Explore:

1. Right click on Local Drive(C)> Properties>Disc Cleanup> Follow the prompts

2. Right click on Local Drive(C)> Properties> Tools tab> Error Check> Check both boxes on the screen that comes up> OK> Close the nag message and reboot. The Error Check will start- it will take a while. Let it complete. It will reboot the system when through.

3. Right click on Local Drive(C)> Properties> Tools tab> Defrag> Start the defrag when the screen comes up. Again, this will take a while, but it must be done.

Reboot the computer.
============================================
To remove Babylon in Firefox:
  • Type about:config in the URL bar and press enter twice
  • Disregard the warning message.
  • Type Babylon in the filter area and press enter. This will bring up entries associated with this search engine.
  • For FF entries that contain values to Babylon and it's URL, change to Google. (these entries will not have babylon in the name.)
  • For entries that have babylon in the name (any location), right click on the entry and select reset.
  • Close FF and reopen.
============================================
Removing addons and plugins:
Internet Explorer: Open IE> Tools> Manage addons> Look in both 'addons currently on system' and 'addons previously on system'> Click to highlight any addons for the poker programs you have removed:
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
IE-X64: {20791AD6-CD8D-47AB-AB10-D27ACC73728F} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe
IE-X64: {34DCB6F7-1F17-48EC-9652-F1C978E96E88} - C:\Microgaming\Poker\stanjamesgibMPP\MPPoker.exe
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
Click to expand...
-------------------------------------------------------
Firefox: Open Firefox> Tools> Addons> Check Components, Extensions, Plugins, Themes> Remove ALL entries related to the following:

DealPly
RadioWMPCoreGeckoX
Softonic-Eng7 Toolbar
Conduit
Click to expand...

==================================================
I don't know what you are doing with PostgreSQL but I don't think you need 7 executable files to do it:
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
Please check this PostgreSQLsite for description, then act accordingly.
==================================================================

When you have completed ALL of the above, update and rescan with Combofix. Let me know which 5 of the poker programs you kept.

I don't expect to see you back today.
 
thanks for all this help!
ok 1) I deleted all these programs then checked windows explorer and deleted the files left over:
24hr poker
888 poker
betfair poker
bestpoker avatar
bodog poker
carbon poker
cake poker
dtd poker
eurobet poker
full tilt poker
ladbrokes poker
hollywoodpoker.com
NoIQ poker
neteller app
party poker
PKR
Purple Lounge
Quantum poker
william hill poker
yachting poker
victor chandler poker
stan james poker
redbet
redbet poker
starters orders 4
UB
rpm poker
action poker
3connect
boyle poker
betfred poker
blackbelt poker
cakepoker 2.0
chili poker
expekt poker
genting poker
paddy power poker
pivenet
poker at bet365
pokerstove
pokertime
runescape
sim city 3000 uk edition
sky poker
swiftkit
titan poker
true poker
vodaphone mobile connect lite
mouse recorder pro 2
google crome
downloadxfree 1.1
aol toolbar 5.0
realplayer
download updater (aol llc)
inter actual player
hp games
activate norton online backup
cyverlink dvd suite deluxe
power2go
power director
label print
lightscribe system software
magic desktop
2) The only poker programs I wish to keep are Pokerstars, Pokerstars.fr and Uncover Poker
Im also happy to delete any other things you can see which would improve my pc speed. I really only want this pc to be used to for poker and some websurfing.
With regards to postgres I use that for a program called holdem manager which keeps track of all the poker hands I play in a database, its possible that is quite a big database but im happy to remove them all and start fresh if this would help.
3) log
All processes killed
========== PROCESSES ==========
No active process named BabylonToolbarsrv.exe was found!
No active process named RegistryPatrol.exe was found!
========== FILES ==========
File/Folder C:\Microgaming\Poker\PokerTimeMPP\install.exe not found.
File/Folder C:\Microgaming\Poker\stanjamesgibMPP\install.exe not found.
File/Folder C:\Poker\William Hill Poker\_SetupPoker.exe not found.
File/Folder C:\Poker\William Hill Poker\_SetupPoker[1].exe not found.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
C:\Program Files (x86)\Registry Patrol\RegistryPatrol.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: JAMSYM
->Temp folder emptied: 10057394 bytes
->Temporary Internet Files folder emptied: 89263746 bytes
->Java cache emptied: 89746850 bytes
->FireFox cache emptied: 55495963 bytes
->Google Chrome cache emptied: 9341631 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 256143 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.JAMSYM-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15950 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36080341 bytes
RecycleBin emptied: 31901009 bytes

Total Files Cleaned = 307.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: JAMSYM
->Flash cache emptied: 0 bytes

User: postgres

User: postgres.JAMSYM-PC

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 05282012_185019
Files moved on Reboot...
C:\Users\JAMSYM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
------
Next I did the disk cleanup
Now I have got stuck on the error check though, I get a message:

errorjq.png


When I press 'schedule disk check' nothing happens. I re-started to see if would run disk check on the reboot but nothing happened either.

Should I continue with the other steps or wait till this is resolved?
 
Regarding the Error Check: Read my directions:

2. Right click on Local Drive(C)> Properties> Tools tab> Error Check> Check both boxes on the screen that comes up> OK> Close the nag message and reboot. The Error Check will start- it will take a while. Let it complete. It will reboot the system when through.
Click to expand...
 
New combofix log:

ComboFix 12-05-27.02 - JAMSYM 28/05/2012 1:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2486 [GMT 1:00]
Running from: c:\users\JAMSYM\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres.JAMSYM-PC\AppData\Local\temp
2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-26 21:14 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79F3420E-79D7-48B1-A561-E7358A17E7D8}\mpengine.dll
2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\programdata\Panda Security
2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-05-26 12:37 . 2012-05-26 15:33 -------- d-----w- c:\programdata\CPA_VA
2012-05-26 12:36 . 2012-05-26 12:36 -------- d-----w- C:\VritualRoot
2012-05-26 12:01 . 2012-05-26 17:12 -------- d-----w- c:\programdata\Comodo
2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\program files\COMODO
2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\users\JAMSYM\AppData\Local\Comodo
2012-05-26 12:00 . 2012-05-26 12:01 -------- d-----w- c:\program files (x86)\Comodo
2012-05-25 17:22 . 2012-05-25 17:22 -------- d-----w- c:\program files (x86)\SkyPoker
2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\Malwarebytes
2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\programdata\Malwarebytes
2012-05-25 16:21 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-22 12:47 . 2012-05-22 13:05 -------- d-----w- C:\DOSGAMES
2012-05-22 12:44 . 2012-05-22 12:45 -------- d-----w- c:\program files (x86)\DOSBox-0.74
2012-05-21 12:19 . 2012-05-22 12:17 -------- d-----w- c:\users\JAMSYM\VirtualBox VMs
2012-05-21 12:18 . 2012-05-22 12:22 -------- d-----w- c:\users\JAMSYM\.VirtualBox
2012-05-21 12:18 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-21 12:17 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-21 11:33 . 2012-05-21 11:33 -------- d-----w- c:\program files (x86)\Maxis
2012-05-21 11:17 . 1998-01-23 11:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-05-14 19:36 . 2012-05-15 12:36 -------- d-----w- c:\programdata\boost_interprocess
2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-07 16:59 . 2012-05-07 16:59 -------- d-----w- c:\windows\en
2012-05-07 16:53 . 2012-05-07 16:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DSETUP.dll
2012-05-07 16:53 . 2012-05-07 16:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DXSETUP.exe
2012-05-07 16:53 . 2012-05-07 16:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\dsetup32.dll
2012-05-03 14:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-03 14:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-03 14:09 . 2012-05-03 14:09 -------- d-----w- c:\windows\system32\SPReview
2012-05-03 14:08 . 2012-05-03 14:08 -------- d-----w- c:\windows\system32\EventProviders
2012-05-02 20:40 . 2012-05-02 20:40 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\YachtingPoker
2012-05-02 20:39 . 2012-05-02 20:39 -------- d-----w- c:\program files (x86)\YachtingPoker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:34 . 2012-04-12 13:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:34 . 2011-11-16 10:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:34 . 2012-04-12 13:34 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-03 14:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-05-03 14:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-04-06 23:20 . 2012-04-06 23:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 02:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 02:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 02:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 02:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 02:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 02:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 02:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]
"NETELLER app"="c:\program files (x86)\NETELLER app\NETELLER-app.exe" [2012-03-06 1957656]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-04 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-04 273528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 11776]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/22 08:06];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 14:50 146928]
S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-05-16 412304]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 -D C:/Program Files (x86)/PostgreSQL/8.3/data -w [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:34]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001Core.job
- c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001UA.job
- c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
.
2012-05-25 c:\windows\Tasks\HPCeeScheduleForJAMSYM.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
.
2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=c41f998a00000000000000225feb9783
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: ST-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
FF - Ext: NETELLER: neteller.desktop@klipfolio - c:\program files (x86)\NETELLER app\plugins\Firefox\neteller
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: extensions.BabylonToolbar_i.id - c41f998a00000000000000225feb9783
FF - user.js: extensions.BabylonToolbar_i.hardId - c41f998a00000000000000225feb9783
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101385
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.dealply.partner', 'vita');
user_pref('extensions.dealply.channel', 'vitafilewin');
user_pref('extensions.dealply.installId', 'v23500256101115962458192012031413591739');
user_pref('extensions.dealply.installIdSource', 'inst');
user_pref('extensions.dealply.sampleGroup', '9');
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
**************************************************************************
.
Completion time: 2012-05-28 01:34:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 00:34
.
Pre-Run: 374,431,928,320 bytes free
Post-Run: 374,355,709,952 bytes free
.
- - End Of File - - 3E0384876DA377BDE1E34E54C400DFFB
 
Firefox is still full of Babylon. Have you tried to remove it?

Sign on to the Administrative account:

To remove Babylon in Firefox:
  • Type about:config in the URL bar and press enter twice
  • Disregard the warning message.
  • Type Babylon in the filter area and press enter. This will bring up entries associated with this search engine.
  • For FF entries that contain values to Babylon and it's URL, change to Google. (these entries will not have babylon in the name.)
  • For entries that have babylon in the name (any location), right click on the entry and select reset.
  • Close FF and reopen.
Click to expand...

Please follow the same instruction to remove DealPly in Firefox.

There will be a follow up to this but I want you to do the manual removal for both first.
 
I've tryed it a few times but when I close firefox it doesnt properly close. So its not saving all the changes im making to it. Then when I try open a new firefox it gives me the message that firefox is already running so I cant open another. If I ctrl alt delete and remove firefox from task manager all all the changes ive made dont save.

Anyway is it easier if remove forefox altogther? I dont mind switching to internet explorer only if its easier
 
when I close firefox it doesnt properly close.
Click to expand...

When you click on the X to close in top right corner of Firefox, it may give you the option to "save your tabs for the next time it starts." Be sure you have exited the Tools> Addons section before you try to close FF. You can then select the 'save and quit' or just 'quit.' But you should be out of the Options section to close.
 
I've tries a few times now.

I change all the babylon entries then leave the config page onto google or something. Then when I press X to close firefox it closes fine but it is still running in processes. If I try to open it again it says you can only run 1 firefox at a time. Then I have to End process firefox in task manager which means when I open it the next time all the babylon stuff is back as it was.
 
Babylon is known to be difficult to remove. Check out the following:

http://support.mozilla.org/en-US/questions/747615

http://www.ghacks.net/2011/08/17/how-to-uninstall-the-babylon-toolbar-completely/

http://superuser.com/questions/270560/installed-babylon-in-firefox-now-I-cant-get-rid-of-it

------------------------------------------------

If none of these suggestions work for you, the only choice you have then is to uninstall Firefox, then install a new version. I have not seen Babylon so intensive in taking over a browser!
 
Ok I have just uninstalled firefox. I dont mind just having IE.

Is there anything else I should do?
 
You can install a clean Firefox if you want. IE will stay on the system, but you have a choice of which browser you want to be the default.

About this:
I noticed my pc has got markedly slower lately. When I open task manager now there is often 10 different iexplorer listed there even when I only have 1 or 2 open.
Click to expand...

You should only have one launch of IE going. If you want or need multiple sites, use the tabs- don't launch IE again. You may still see more than one iexplore.exe[/b] in the Task Manager with IE8- that's normal.

And about this:
firefox still using 106,676k memory even though its been closed for an hour :/
Click to expand...

When Firefox is closed, the word "Firefox" should even appear in the Task Manager. But "closed" means you clicked on the X at the top right and actually closed the browser. If it's minimized on the Taskbar, it's still runnng, even if you aren't looking at it.
==============================

I'd like you to update and run Malwarebytes again. But this time, click on Perform Full Scan instead of 'quick.
================================================
Then run one more scan:
First, set up a Directory for HijackThis as follows:
Right click Start> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
----------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
  • Extract it to the directory on your hard drive you created C:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
===============================

How does ithe Task Manager look now that you removed Firefox?

Please leave logs for Mbam and HijackThis in your next reply.
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni
W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni

Latest posts

Back