TechSpot

Multiple Iexplorers in task manager

By JamesM
May 26, 2012
  1. Hi, I noticed my pc has got markedly slower lately. When I open task manager now there is often 10 different iexplorer listed there even when I only have 1 or 2 open.

    I stumbled on to this thread http://www.techspot.com/community/t...lware-preliminary-removal-instructions.58138/ and have ben following the instructions.

    Step 1: First I downloaded comodo antivirus because my norton had ran out. I didnt run a scan as instructed.

    Step 2: ran malwarebytes heres my log:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.05.26.03
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    JAMSYM :: JAMSYM-PC [administrator]
    Protection: Enabled
    26/05/2012 13:19:07
    mbam-log-2012-05-26 (13-19-07).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 243236
    Time elapsed: 6 minute(s), 50 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 1
    C:\Program Files (x86)\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
    Files Detected: 1
    C:\Users\JAMSYM\Downloads\SetupPoker_af2.exe (PUP.Casino) -> Quarantined and deleted successfully.
    (end)

    Step 3: Gmer, I ran gmer and it produced no log with I thought was a good sign.

    Step 4:DDS. I kept trying to download this program but I keep getting error messages [​IMG]
    [​IMG]

    After reading around a bit more I seen someone had a similar problem and had been told to download roguekiller, itryed that but I got the ssame messages for that. Thats when I decided I dont really know what im doing and should ask for help!

    Thanks
     
  2. JamesM

    JamesM TS Rookie Topic Starter

    Now I've tryed to download dds by subs on other pc and flashdrive it to this one but as soon as I put in the flashdrive dds gets removed instantly! Also tryed downloanding some other things such as RKill by grindler and same thing happens!
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Try this for DDS::
    Please download the corresponding file for your operating system:

    XP

    Vista

    Windows 7

    Extract (unzip) the file onto your desktop, double-click on it and choose Yes to merge the file into the registry when prompted. Afterwards you should then be able to run DDS.scr.
    ==================================================
    Multiple iexplore.exe are normal if you use IE8. But malware can also hide in almost any name so we will check them out.
    =================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  4. JamesM

    JamesM TS Rookie Topic Starter

    Downloaded the windows 7 patch and merged the file with registry.

    However when I try to download dds I still get permission error as before
     
  5. JamesM

    JamesM TS Rookie Topic Starter

    Tryed to put the file on my pc using flashdrive again and it appears for like 2 seconds when the flash drive is inserted but then it just vanishes :(
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please stop downloading those "other things." Follow only my instructions

    Both of the images you left show dds2 And it shows in the temporary interent files- which is not where it should be.

    Are you having permission issue or 'access id denied' with any other files?

    Please search your system amd remove anything related to dds. Delete any entries. Then do the following>>>
    :
    You can choose a location on your computer where downloads should be saved by default. This means that whenever you using Save As in the File> Save As or when you choose to Save a download, it will automatically default to the location you have set.

    You may find that setting the Default Download Location to your Desktop the most convenient. If you want to move the file later, you can. If you want to delete the file, it will be most handy on the Desktop. For the cleaning and scanning programs we use, almost all are directed to be saved to the desktop.

    Set Default Download Location in Browsers:

    Chrome:
    Open Chrome> Customize and control> Options> Under the Hood> Downloads> Change> Select Desktop> OK
    (Don't check 'ask where to save each time....')

    Firefox:
    Open Firefox> Tools> Options> Main/General> Downloads Section> Save Files to> Browse> Navigate to and select Desktop> OK

    IE9
    Open IE> Gear icon> View Downloads> Options> Browse to and select Desktop> OK

    There may be a slight difference in the path dependent on the browser version. There may also be a box to check to "Ask me the location each time". I do not advise checking that box.
    ========================================================
    Even if you've done any of this previously, please remove all previous entries for DDS- then start over.
    • Download DDS by sUBs and save it to your desktop.
      After downloading the tool, disconnect from the internet and disable all antivirus protection.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click b]No[/b] to the Optional_Scan
    • Follow the instructions that pop up for posting the results.
    • When the DDS scan finishes,it will open two (2) logs.
      [o] DDS.txt
      [o] Attach.txt
    • Save both to your desktop.(The logs will disappear when you close them otherwise.)
    • Copy and paste both logs into your reply.
    • Close the program window, and delete the program from your desktop.
    • Enable your Antivirus protection and reconnect to the internet.
    [o] Ignore instruction to zip and attach the Attach.txt.[/list]
    Note1: If you get notice about script running and scan won't run, after the program has been downloaded, disconnect from the internet and disable the AV.
    Note2: See How To Disable AV
     
  7. JamesM

    JamesM TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by JAMSYM at 18:41:09 on 2012-05-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.1002 [GMT 1:00]
    .
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Internet Explorer Form-Fill Plug-In: {5425b4b8-87f9-4e9c-8b51-8aaba82eba64} - C:\Program Files (x86)\NETELLER app\plugins\IE\Neteller.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: DealPly: {a6174f27-1fff-e1d6-a93f-ba48ad5dd448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Google Update] "C:\Users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [NETELLER app] "C:\Program Files (x86)\NETELLER app\NETELLER-app.exe" /BOOT
    uRun: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7}\244584F6D656845726D244236373 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{EB4FA4E2-540B-4B62-B359-EB3AFC563BE7}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO-X64: Babylon toolbar helper - No File
    BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO-X64: Internet Explorer Form-Fill Plug-In: {5425B4B8-87F9-4E9C-8B51-8AABA82EBA64} - C:\Program Files (x86)\NETELLER app\plugins\IE\Neteller.dll
    BHO-X64: NetellerBHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
    BHO-X64: AOL Toolbar BHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
    TB-X64: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun-x64: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
    mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
    mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
    mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
    IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE-X64: {90EAE591-7E7E-434a-8E28-ECFD00071806} - C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe
    IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
    IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
    IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
    IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
    IE-X64: {20791AD6-CD8D-47AB-AB10-D27ACC73728F} - C:\Microgaming\Poker\PokerTimeMPP\MPPoker.exe
    IE-X64: {34DCB6F7-1F17-48EC-9652-F1C978E96E88} - C:\Microgaming\Poker\stanjamesgibMPP\MPPoker.exe
    IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\JAMSYM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=c41f998a00000000000000225feb9783
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - component: C:\Program Files (x86)\NETELLER app\plugins\Firefox\neteller\components\Neteller.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko10.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko11.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko12.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko5.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko6.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko7.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko8.dll
    FF - component: C:\Users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko9.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.93\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npjpi160_31.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\JAMSYM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    FF - Ext: ST-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
    FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    FF - Ext: NETELLER: neteller.desktop@klipfolio - C:\Program Files (x86)\NETELLER app\plugins\Firefox\neteller
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - c41f998a00000000000000225feb9783
    FF - user.js: extensions.BabylonToolbar_i.hardId - c41f998a00000000000000225feb9783
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101385
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    user_pref('extensions.dealply.partner', 'vita');
    .
    user_pref('extensions.dealply.channel', 'vitafilewin');
    .
    user_pref('extensions.dealply.installId', 'v23500256101115962458192012031413591739');
    .
    user_pref('extensions.dealply.installIdSource', 'inst');
    .
    user_pref('extensions.dealply.sampleGroup', '9');
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/22 08:06:15];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-3-22 146928]
    R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-10-5 1737464]
    R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-5-16 412304]
    R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-25 654408]
    R2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N "postgresql-8.3" -D "C:/Program Files (x86)/PostgreSQL/8.3/data" -w --> C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 [?]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2666880]
    R3 AVER_H193;AVerMedia H193 Video Capture;C:\Windows\system32\drivers\AVer888RC_64.sys --> C:\Windows\system32\drivers\AVer888RC_64.sys [?]
    R3 CXCIR;AVerMedia Consumer Infrared Receiver;C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys --> C:\Windows\system32\DRIVERS\AVer888RCIR_64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-4 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-9-18 9216]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-4 136176]
    S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2009-9-7 9216]
    S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-26 16:10:40 -------- d-----w- C:\ProgramData\Panda Security
    2012-05-26 16:10:34 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
    2012-05-26 12:37:34 -------- d-----w- C:\ProgramData\CPA_VA
    2012-05-26 12:36:53 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5BDB4677-B72E-404C-95E8-5415956DB861}
    2012-05-26 12:36:34 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{37D06FAD-E36C-4FB2-8722-95F4DA81EF20}
    2012-05-26 12:36:15 -------- d--h--w- C:\VritualRoot
    2012-05-26 12:01:19 -------- d-----w- C:\ProgramData\Comodo
    2012-05-26 12:01:15 -------- d-----w- C:\Program Files\COMODO
    2012-05-26 12:01:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\Comodo
    2012-05-26 12:00:59 -------- d-----w- C:\Program Files (x86)\Comodo
    2012-05-25 17:22:50 -------- d-----w- C:\Program Files (x86)\SkyPoker
    2012-05-25 16:21:41 -------- d-----w- C:\Users\JAMSYM\AppData\Roaming\Malwarebytes
    2012-05-25 16:21:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-05-25 16:21:37 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-05-25 16:21:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-05-25 16:00:42 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4EFA9B4D-C769-41C7-BCC1-35B11BAF10B5}
    2012-05-25 16:00:32 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{6E5CBD6E-E1D5-4355-A743-42E2C220CDE5}
    2012-05-23 15:18:55 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{F0CA11F5-AF3E-4A44-B034-7B61B9D238F5}
    2012-05-23 15:18:33 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{AA512BBD-B3F2-40C5-A05A-4BDB7B8094A3}
    2012-05-23 03:18:19 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{25312D7D-D498-4DC6-A398-FC0D188D84FC}
    2012-05-23 03:17:57 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0F055BCE-51AB-4B29-9D53-02D3A08F8DB0}
    2012-05-22 15:15:54 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{D7C1984F-F41A-49ED-9DEE-43E5D0BCAB0C}
    2012-05-22 15:14:41 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{3A308B94-17B4-4B17-826A-791350BF0C58}
    2012-05-22 12:47:32 -------- d-----w- C:\DOSGAMES
    2012-05-22 12:44:55 -------- d-----w- C:\Program Files (x86)\DOSBox-0.74
    2012-05-22 03:10:45 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C30E7BE3-642F-4A9B-9365-9E19F1A124EE}
    2012-05-22 03:10:35 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{CF361608-2C51-4ED8-89C6-AA16CC92C81A}
    2012-05-21 15:10:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9E6562C8-2D6B-4804-89EA-74778CBB461D}
    2012-05-21 15:09:47 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{8A03C5C1-BF81-4B83-B181-01212AF40B44}
    2012-05-21 12:19:28 -------- d-----w- C:\Users\JAMSYM\VirtualBox VMs
    2012-05-21 12:18:41 -------- d-----w- C:\Users\JAMSYM\.VirtualBox
    2012-05-21 12:18:11 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2012-05-21 12:17:59 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2012-05-21 11:33:07 -------- d-----w- C:\Program Files (x86)\Maxis
    2012-05-21 11:17:04 304128 ----a-w- C:\Windows\IsUninst.exe
    2012-05-21 03:09:19 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9D0AF7AF-AAB9-46C3-9750-333275F6B3AC}
    2012-05-21 03:08:57 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{CE69A348-113F-4130-8014-6434161D3B0A}
    2012-05-20 15:08:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E4BD2B26-9DF9-4DA1-8E07-917E0719D21B}
    2012-05-20 15:08:18 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E845B396-F516-4350-BA16-96EDE6A7C189}
    2012-05-20 03:08:04 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{D087676C-694B-428D-A8F3-288DE51A6B18}
    2012-05-20 03:07:39 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{50F5C98B-CBBF-4789-999C-749F5836EB5F}
    2012-05-19 15:07:25 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{1C2FE063-FD35-4233-B66C-40CFC30A6331}
    2012-05-19 15:07:03 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{D5252A37-60BA-4ACE-B7C3-E5C407987399}
    2012-05-19 03:06:50 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{6EF8903A-B210-4EEE-9BE8-7F3B1B3F7D92}
    2012-05-19 03:06:28 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9DF9E1BC-BC3A-40F1-8303-94060ADB2CD8}
    2012-05-18 15:06:13 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{FC24E416-A07A-4B80-8A03-04D210B43B96}
    2012-05-18 15:05:51 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5055FCEC-594F-4570-A68B-E67540648527}
    2012-05-18 03:05:37 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9B889142-0914-46AB-B9DF-9C8A42AB8600}
    2012-05-18 03:05:16 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{F8D39158-E403-4D12-902C-35C0F73A517D}
    2012-05-17 15:05:03 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9997EEDB-3832-43D5-B6E9-C67F0F35BAAD}
    2012-05-17 15:04:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{375C3557-F8C7-4F9C-8C57-9D921623B76A}
    2012-05-17 03:04:29 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0D5D598A-A99B-4D04-AF60-B9F95590E9C5}
    2012-05-17 03:04:07 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{CB9D1694-1802-4E11-A4BF-FFDBAB9AEB82}
    2012-05-16 15:03:55 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{578E0376-997A-4B54-B937-03A0B79C1D86}
    2012-05-16 15:03:33 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A954B465-EDE8-45C4-B053-C2F1D41D360D}
    2012-05-16 03:03:13 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C0061663-7194-4207-9A50-06D41CAEDB8A}
    2012-05-16 03:03:02 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E6CD64AB-AD6D-4EB3-97BC-3035369C4C1A}
    2012-05-15 14:40:44 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5B2B6AB4-0685-40AB-A080-F64AAB6CF977}
    2012-05-15 14:40:22 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{18F4324D-BA26-4DD8-903B-DD0E0C467467}
    2012-05-15 02:40:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A89624F3-4D6D-4A30-9857-1F1AFA63E263}
    2012-05-15 02:39:47 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{648D926A-91F7-4BF7-8C98-B339A0A438C5}
    2012-05-14 19:36:37 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-05-14 14:39:35 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A1CC4312-374E-4A43-A8A1-BC4A7E5C9851}
    2012-05-14 14:39:13 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{A537E9BF-C72C-4FAA-96A5-8F5203ED274F}
    2012-05-14 02:39:00 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{519FB6C5-C696-4F3D-8AB4-DD4606AF79DB}
    2012-05-14 02:38:38 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E1777018-E870-47E6-A84E-4394A2EB3456}
    2012-05-13 14:38:22 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{809299F5-9C9D-444F-BA34-62DCF99C8249}
    2012-05-13 14:37:58 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{621655B8-8F38-41DC-A9CD-884C892C5DBE}
    2012-05-13 01:56:41 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{2C93621A-B31F-4754-B1A8-2E43A661037B}
    2012-05-13 01:56:20 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0DF7D9F6-4C1D-407F-93E5-057E56B794F6}
    2012-05-12 13:56:07 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{3FEA885D-4C86-4E11-B502-9A28B3E2281E}
    2012-05-12 13:55:45 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0CF9C18B-5D7A-4A74-94F6-67A3547D213B}
    2012-05-12 01:55:32 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{FBF8F876-4899-4411-9C79-55080CDF8982}
    2012-05-12 01:55:10 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{683945E4-9466-4156-B49A-27A9BD1CEE3F}
    2012-05-11 13:54:55 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{BA4DB30E-040B-41B6-AAAC-D10C60769AF4}
    2012-05-11 13:54:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{B913CA4B-969A-488B-AC94-B3E37DBF48E9}
    2012-05-10 23:41:47 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{BE6C5962-386A-4E76-A39B-0C8CCCBF04CD}
    2012-05-10 23:41:25 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{0AB65314-7830-4066-9995-AB9B17D10AFA}
    2012-05-10 11:41:14 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{DF6F234D-6845-4F5A-80A5-06F7DBA21AD8}
    2012-05-10 11:40:52 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{274BA458-697C-49AE-BD3E-7008DC3D00DE}
    2012-05-09 23:40:39 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{20DA6661-5141-43E7-9D81-B6828D38314D}
    2012-05-09 23:40:18 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{65795992-31B0-4B1B-BB91-807848950C46}
    2012-05-09 11:40:05 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9648BCA8-7119-4760-844E-FCD4A6BFFDCA}
    2012-05-09 11:39:43 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4BF09ABD-0834-41FA-81CC-E2752401C204}
    2012-05-08 23:39:30 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{1D6ABCFE-4195-46AE-8A7E-0D168908F6D0}
    2012-05-08 23:39:08 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{64564C9C-7B3A-4B72-A9F0-C9BD186A6FA7}
    2012-05-08 11:38:54 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{6C380728-A2C3-42FE-B475-7D79D6D3A582}
    2012-05-08 11:38:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{3795531A-08A4-4C7F-BB40-5F428232F143}
    2012-05-07 16:59:51 -------- d-----w- C:\Windows\en
    2012-05-07 16:53:17 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DSETUP.dll
    2012-05-07 16:53:17 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DXSETUP.exe
    2012-05-07 16:53:17 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\dsetup32.dll
    2012-05-07 16:52:42 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4BD0310B-A0A8-40B0-9A27-C4B61EB03ECF}
    2012-05-07 16:52:21 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{B14BC67A-23DC-4CE5-9AB1-C839BA445C68}
    2012-05-05 10:14:53 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{2D9126CA-D70E-4DA7-A2E3-DB93F12263E7}
    2012-05-05 10:14:28 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{9BEA89CF-6D4B-4327-AF25-30FC4EF041CE}
    2012-05-05 09:10:40 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{4E36DA14-6BCA-4760-BD47-88F2975DD3FD}
    2012-05-05 09:10:20 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{126989DE-7116-4A29-97B4-22A39BB1F5F5}
    2012-05-04 10:00:17 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{5BC2ABB3-6474-4364-8D76-757E030B7D7E}
    2012-05-04 09:59:57 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{11F76A88-7D49-4D41-A664-D2F12CBF2C67}
    2012-05-03 14:38:28 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-05-03 14:38:28 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-05-03 14:33:48 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{51CA3E04-5B66-4CEE-A68F-739BB7E84468}
    2012-05-03 14:33:23 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E6F4457F-B9E7-4B71-B34E-672493DC13D0}
    2012-05-03 14:09:23 -------- d-----w- C:\Windows\System32\SPReview
    2012-05-03 14:08:30 -------- d-----w- C:\Windows\System32\EventProviders
    2012-05-03 14:02:21 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C7B52A58-7EAA-4A47-8BC5-EA2745897C91}
    2012-05-03 09:38:30 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E78D037B-13E1-4C74-8A3A-42E9A756DDC0}
    2012-05-03 09:38:07 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{C284A61E-A16D-461A-BF1D-7C5ADA27EF84}
    2012-05-02 21:38:08 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{E0A55F3B-70F3-41EB-BFEB-F240B3452C0B}
    2012-05-02 20:40:00 -------- d-----w- C:\Users\JAMSYM\AppData\Roaming\YachtingPoker
    2012-05-02 20:39:26 -------- d-----w- C:\Program Files (x86)\YachtingPoker
    2012-04-28 01:33:31 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{B76F04EF-8155-4553-A90B-CE652953C907}
    2012-04-28 01:33:09 -------- d-----w- C:\Users\JAMSYM\AppData\Local\{918A5A97-8193-4579-99AC-0B71B4464DB2}
    .
    ==================== Find3M ====================
    .
    2012-05-05 17:34:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 17:34:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 17:34:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 14:19:31 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-05-03 14:19:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-04-12 17:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2012-04-06 23:20:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-03-11 20:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2012-03-11 20:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-03-11 20:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-03-11 20:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-03-11 20:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-03-11 20:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
    2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
    2012-03-03 06:35:38 1544704 ----a-w- C:\Windows\System32\DWrite.dll
    2012-03-03 05:31:19 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
    2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
    2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
    2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
    .
    ============= FINISH: 18:42:49.39 ===============
     
  8. JamesM

    JamesM TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17/12/2009 15:00:31
    System Uptime: 26/05/2012 17:33:03 (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | VIOLET6
    Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 352.826 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 2.429 GiB free.
    E: is CDROM (CDFS)
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP200: 13/05/2012 19:51:47 - Windows Update
    RP201: 21/05/2012 03:07:16 - Scheduled Checkpoint
    RP202: 21/05/2012 13:17:29 - Installed Oracle VM VirtualBox 4.1.14
    RP203: 26/05/2012 13:02:53 - Device Driver Package Install: COMODO Network Service
    RP204: 26/05/2012 13:43:08 - Removed Oracle VM VirtualBox 4.1.14
    RP205: 26/05/2012 16:29:39 - Windows Update
    RP206: 26/05/2012 17:30:42 - Windows Modules Installer
    RP207: 26/05/2012 18:35:06 - Windows Modules Installer
    .
    ==== Installed Programs ======================
    .
    24hPoker
    3Connect
    888poker
    ActionPoker.com
    Activate Norton Online Backup
    Adobe AIR
    Adobe Reader 9.2
    AOL Toolbar 5.0
    Apple Application Support
    Apple Software Update
    Babylon toolbar on IE
    Bestpoker Avatar
    Betfair Poker
    Betfred Poker
    Black Belt Poker
    BodogPoker
    Boylepoker
    Cake Poker
    Cake Poker 2.0
    Camtasia Studio 6
    CarbonPoker
    Chilipoker
    Comodo Dragon
    COMODO GeekBuddy
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    D3DX10
    DealPly
    DirectX for Managed Code Update (Summer 2004)
    Download Updater (AOL LLC)
    DownloadX Free 1.1.1
    DTD Poker
    Eurobet Poker
    Expekt Poker
    Free RAR Extract Frog
    Full Tilt Poker
    Genting Poker
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.2.0
    Holdem Manager
    HollywoodPoker.com 1.0.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MAINSTREAM KEYBOARD
    HP MediaSmart DVD
    HP MediaSmart Movie Themes
    HP Odometer
    HP Remote Solution
    HP Setup
    HP Support Assistant
    HP Support Information
    HP Update
    InterActual Player
    Java Auto Updater
    Java(TM) 6 Update 31
    LabelPrint
    Ladbrokes Poker
    LightScribe System Software
    Magic Desktop
    Malwarebytes Anti-Malware version 1.61.0.1400
    Messenger Companion
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mouse Recorder Pro 2
    Mozilla Firefox (3.6.28)
    MS Access 97 SP2
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NETELLER app (remove only)
    NoiQPoker
    Paddy Power Poker
    Panda USB Vaccine 1.0.1.4
    PartyPoker
    PivEnet
    PKR
    Poker at bet365
    PokerStars
    PokerStars.fr
    PokerStove version 1.24
    PokerTime
    PostgreSQL 8.3
    Power2Go
    PowerDirector
    PowerRecover
    Purple Lounge
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    redbet
    Redbet Poker
    Registry Patrol
    RPM Poker
    RuneScape
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    SimCity 3000 UK Edition
    Sky Poker
    Skype Click to Call
    Skype™ 5.8
    Stan James
    Starters Orders 4
    SwiftKit
    TeamViewer 7
    Titan Poker
    True Poker
    UB
    Uncover
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Ventrilo Client
    Victor Chandler
    Victor Chandler Poker
    Vodafone Mobile Connect Lite
    William Hill Poker
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.00 beta 4 (32-bit)
    YachtingPoker 2.26 build 318
    ZTE_1.2059.0.8
    ZTE_MF627_USB_MODEM_1.2059.0.4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/05/2012 13:02:46, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    21/05/2012 21:55:46, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    .
    ==== End Of File ===========================
     
  9. JamesM

    JamesM TS Rookie Topic Starter

    Just noticed its not just internet explorer that seems to be using lots of memory in task manager. I was using firefox an hour or so ago and when I do taskmanager it shows firefox still using 106,676k memory even though its been closed for an hour :/
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Some of the reasons why:
    1. There are 36 poker programs installed
    2. There are 12 Active X Objects for the poker programs running in IE
    3. There are 7 processes for PostgreSQL> all executables
    4. There are 9 FF - components for RadioWMPCoreGecko 5, 6, 7, 8, 9, 10, 11, 12, 19.dll. As far as I can find, these are part of the Conduit toolbar regime- once forbidden for Firefox, now possibly allowed. Some users found them on FF when they updated. These toolbars frequently are know to track users.
    5. Firefox has an excess of components, extensions, plug-ins and Conduit toolbars.
    6. There is an excess of toolbars (TB), browser helper objects (BHO), Active X Objects
    7. The Babylon Toolbar has taken over Firefox.

    It appears that your lack of security has allowed bundled processes to access the system. Pre-checked processes on download screens were not unchecked.

    And yes, you do have malware.
    =============================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HEREand save to the desktop
      • Double click combofix.exe [​IMG]& follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================================
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    Please leave all logs in your next reply.
     
  11. JamesM

    JamesM TS Rookie Topic Starter

    I can remove about 30 of the poker programs I only really use about 5 now. Should just uninstall them using control panel add/remove programs or should I wait until the malware has been removed first?

    ''4. There are 9 FF - components for RadioWMPCoreGecko 5, 6, 7, 8, 9, 10, 11, 12, 19.dll. As far as I can find, these are part of the Conduit toolbar regime- once forbidden for Firefox, now possibly allowed. Some users found them on FF when they updated. These toolbars frequently are know to track users.
    5. Firefox has an excess of components, extensions, plug-ins and Conduit toolbars.
    6. There is an excess of toolbars (TB), browser helper objects (BHO), Active X Objects
    7. The Babylon Toolbar has taken over Firefox.''

    Im happy to delete all of this if you tell me how ^

    logs:
    combofix

    ComboFix 12-05-27.02 - JAMSYM 28/05/2012 1:17.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2486 [GMT 1:00]
    Running from: c:\users\JAMSYM\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres\AppData\Local\temp
    2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres.JAMSYM-PC\AppData\Local\temp
    2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-26 21:14 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79F3420E-79D7-48B1-A561-E7358A17E7D8}\mpengine.dll
    2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\programdata\Panda Security
    2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
    2012-05-26 12:37 . 2012-05-26 15:33 -------- d-----w- c:\programdata\CPA_VA
    2012-05-26 12:36 . 2012-05-26 12:36 -------- d-----w- C:\VritualRoot
    2012-05-26 12:01 . 2012-05-26 17:12 -------- d-----w- c:\programdata\Comodo
    2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\program files\COMODO
    2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\users\JAMSYM\AppData\Local\Comodo
    2012-05-26 12:00 . 2012-05-26 12:01 -------- d-----w- c:\program files (x86)\Comodo
    2012-05-25 17:22 . 2012-05-25 17:22 -------- d-----w- c:\program files (x86)\SkyPoker
    2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\Malwarebytes
    2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-25 16:21 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-22 12:47 . 2012-05-22 13:05 -------- d-----w- C:\DOSGAMES
    2012-05-22 12:44 . 2012-05-22 12:45 -------- d-----w- c:\program files (x86)\DOSBox-0.74
    2012-05-21 12:19 . 2012-05-22 12:17 -------- d-----w- c:\users\JAMSYM\VirtualBox VMs
    2012-05-21 12:18 . 2012-05-22 12:22 -------- d-----w- c:\users\JAMSYM\.VirtualBox
    2012-05-21 12:18 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-05-21 12:17 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-05-21 11:33 . 2012-05-21 11:33 -------- d-----w- c:\program files (x86)\Maxis
    2012-05-21 11:17 . 1998-01-23 11:22 304128 ----a-w- c:\windows\IsUninst.exe
    2012-05-14 19:36 . 2012-05-15 12:36 -------- d-----w- c:\programdata\boost_interprocess
    2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-05-07 16:59 . 2012-05-07 16:59 -------- d-----w- c:\windows\en
    2012-05-07 16:53 . 2012-05-07 16:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DSETUP.dll
    2012-05-07 16:53 . 2012-05-07 16:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DXSETUP.exe
    2012-05-07 16:53 . 2012-05-07 16:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\dsetup32.dll
    2012-05-03 14:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-05-03 14:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-05-03 14:09 . 2012-05-03 14:09 -------- d-----w- c:\windows\system32\SPReview
    2012-05-03 14:08 . 2012-05-03 14:08 -------- d-----w- c:\windows\system32\EventProviders
    2012-05-02 20:40 . 2012-05-02 20:40 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\YachtingPoker
    2012-05-02 20:39 . 2012-05-02 20:39 -------- d-----w- c:\program files (x86)\YachtingPoker
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 17:34 . 2012-04-12 13:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 17:34 . 2011-11-16 10:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 17:34 . 2012-04-12 13:34 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 14:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-05-03 14:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2012-04-06 23:20 . 2012-04-06 23:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
    2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll
    2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-01 06:46 . 2012-04-12 02:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-12 02:00 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-12 02:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-12 02:00 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-12 02:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-12 02:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-12 02:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]
    "NETELLER app"="c:\program files (x86)\NETELLER app\NETELLER-app.exe" [2012-03-06 1957656]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-04 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
    "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-04 273528]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 11776]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/22 08:06];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 14:50 146928]
    S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-05-16 412304]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 -D C:/Program Files (x86)/PostgreSQL/8.3/data -w [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
    S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]
    S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:34]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001Core.job
    - c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001UA.job
    - c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
    .
    2012-05-25 c:\windows\Tasks\HPCeeScheduleForJAMSYM.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
    .
    2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
    IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=c41f998a00000000000000225feb9783
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    FF - Ext: ST-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
    FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    FF - Ext: NETELLER: neteller.desktop@klipfolio - c:\program files (x86)\NETELLER app\plugins\Firefox\neteller
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - user.js: extensions.BabylonToolbar_i.id - c41f998a00000000000000225feb9783
    FF - user.js: extensions.BabylonToolbar_i.hardId - c41f998a00000000000000225feb9783
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101385
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    user_pref('extensions.dealply.partner', 'vita');
    user_pref('extensions.dealply.channel', 'vitafilewin');
    user_pref('extensions.dealply.installId', 'v23500256101115962458192012031413591739');
    user_pref('extensions.dealply.installIdSource', 'inst');
    user_pref('extensions.dealply.sampleGroup', '9');
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-28 01:34:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-28 00:34
    .
    Pre-Run: 374,431,928,320 bytes free
    Post-Run: 374,355,709,952 bytes free
    .
    - - End Of File - - 3E0384876DA377BDE1E34E54C400DFFB
     
  12. JamesM

    JamesM TS Rookie Topic Starter

    Eset

    C:\Microgaming\Poker\PokerTimeMPP\install.exe a variant of Win32/PrimeCasino application
    C:\Microgaming\Poker\stanjamesgibMPP\install.exe a variant of Win32/PrimeCasino application
    C:\Poker\William Hill Poker\_SetupPoker.exe Win32/PTCasino application
    C:\Poker\William Hill Poker\_SetupPoker[1].exe Win32/PTCasino application
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
    C:\Program Files (x86)\Registry Patrol\RegistryPatrol.exe a variant of Win32/Adware.RegistryPatrol application

    Screen317

    Results of screen317's Security Check version 0.99.39
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Disabled!
    COMODO Antivirus
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.61.0.1400
    Java(TM) 6 Update 31
    Java version out of date!
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox (3.6.28) Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    ESET ESET Online Scanner OnlineCmdLineScanner.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    [/u]````````````````````End of Log``````````````````````[/u]
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    James, you are basically going to have to start over> uninstall ALL programs you're not using:

    1. If they have their own uninstaller, use that. If they don't uninstall in Add/Remove Programs.
    2. For each programs that you have uninstalled, use Windows Explorer (right click on Start> Explore) to access Computer> Local Drive(C)> Programs> Look for program folder fo each uninstalled program and do a right click> Delete on each.

    Make a list of the 5 poker programs you're keeping. I will write script later to remove any left over entries from those you uninstalled/

    3. It appears that little or no maintenance has been done on the system. I'm going to have you use cleaning program for the set entries that will also remove temp files: Please do the following:

    Please download OTMovit by Old Timerand save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Processes    
      BabylonToolbarsrv.exe
      RegistryPatrol.exe
      :Files
      C:\Microgaming\Poker\PokerTimeMPP\install.exe 
      C:\Microgaming\Poker\stanjamesgibMPP\install.exe
      C:\Poker\William Hill Poker\_SetupPoker.exe 
      C:\Poker\William Hill Poker\_SetupPoker[1].exe 
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll 
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll 
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe 
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll 
      C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll 
      C:\Program Files (x86)\Registry Patrol\RegistryPatrol.exe 
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    ===========================================================
    The following are done through Windows Explorer:Right click on Start> Explore:

    1. Right click on Local Drive(C)> Properties>Disc Cleanup> Follow the prompts

    2. Right click on Local Drive(C)> Properties> Tools tab> Error Check> Check both boxes on the screen that comes up> OK> Close the nag message and reboot. The Error Check will start- it will take a while. Let it complete. It will reboot the system when through.

    3. Right click on Local Drive(C)> Properties> Tools tab> Defrag> Start the defrag when the screen comes up. Again, this will take a while, but it must be done.

    Reboot the computer.
    ============================================
    To remove Babylon in Firefox:
    • Type about:config in the URL bar and press enter twice
    • Disregard the warning message.
    • Type Babylon in the filter area and press enter. This will bring up entries associated with this search engine.
    • For FF entries that contain values to Babylon and it's URL, change to Google. (these entries will not have babylon in the name.)
    • For entries that have babylon in the name (any location), right click on the entry and select reset.
    • Close FF and reopen.
    ============================================
    Removing addons and plugins:
    Internet Explorer: Open IE> Tools> Manage addons> Look in both 'addons currently on system' and 'addons previously on system'> Click to highlight any addons for the poker programs you have removed:
    -------------------------------------------------------
    Firefox: Open Firefox> Tools> Addons> Check Components, Extensions, Plugins, Themes> Remove ALL entries related to the following:

    ==================================================
    I don't know what you are doing with PostgreSQL but I don't think you need 7 executable files to do it:
    C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
    Please check this PostgreSQLsite for description, then act accordingly.
    ==================================================================

    When you have completed ALL of the above, update and rescan with Combofix. Let me know which 5 of the poker programs you kept.

    I don't expect to see you back today.
     
  14. JamesM

    JamesM TS Rookie Topic Starter

    thanks for all this help!
    ok 1) I deleted all these programs then checked windows explorer and deleted the files left over:
    24hr poker
    888 poker
    betfair poker
    bestpoker avatar
    bodog poker
    carbon poker
    cake poker
    dtd poker
    eurobet poker
    full tilt poker
    ladbrokes poker
    hollywoodpoker.com
    NoIQ poker
    neteller app
    party poker
    PKR
    Purple Lounge
    Quantum poker
    william hill poker
    yachting poker
    victor chandler poker
    stan james poker
    redbet
    redbet poker
    starters orders 4
    UB
    rpm poker
    action poker
    3connect
    boyle poker
    betfred poker
    blackbelt poker
    cakepoker 2.0
    chili poker
    expekt poker
    genting poker
    paddy power poker
    pivenet
    poker at bet365
    pokerstove
    pokertime
    runescape
    sim city 3000 uk edition
    sky poker
    swiftkit
    titan poker
    true poker
    vodaphone mobile connect lite
    mouse recorder pro 2
    google crome
    downloadxfree 1.1
    aol toolbar 5.0
    realplayer
    download updater (aol llc)
    inter actual player
    hp games
    activate norton online backup
    cyverlink dvd suite deluxe
    power2go
    power director
    label print
    lightscribe system software
    magic desktop
    2) The only poker programs I wish to keep are Pokerstars, Pokerstars.fr and Uncover Poker
    Im also happy to delete any other things you can see which would improve my pc speed. I really only want this pc to be used to for poker and some websurfing.
    With regards to postgres I use that for a program called holdem manager which keeps track of all the poker hands I play in a database, its possible that is quite a big database but im happy to remove them all and start fresh if this would help.
    3) log
    All processes killed
    ========== PROCESSES ==========
    No active process named BabylonToolbarsrv.exe was found!
    No active process named RegistryPatrol.exe was found!
    ========== FILES ==========
    File/Folder C:\Microgaming\Poker\PokerTimeMPP\install.exe not found.
    File/Folder C:\Microgaming\Poker\stanjamesgibMPP\install.exe not found.
    File/Folder C:\Poker\William Hill Poker\_SetupPoker.exe not found.
    File/Folder C:\Poker\William Hill Poker\_SetupPoker[1].exe not found.
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll moved successfully.
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll moved successfully.
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe moved successfully.
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
    C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
    C:\Program Files (x86)\Registry Patrol\RegistryPatrol.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: JAMSYM
    ->Temp folder emptied: 10057394 bytes
    ->Temporary Internet Files folder emptied: 89263746 bytes
    ->Java cache emptied: 89746850 bytes
    ->FireFox cache emptied: 55495963 bytes
    ->Google Chrome cache emptied: 9341631 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 256143 bytes

    User: postgres
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: postgres.JAMSYM-PC
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15950 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36080341 bytes
    RecycleBin emptied: 31901009 bytes

    Total Files Cleaned = 307.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: JAMSYM
    ->Flash cache emptied: 0 bytes

    User: postgres

    User: postgres.JAMSYM-PC

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 05282012_185019
    Files moved on Reboot...
    C:\Users\JAMSYM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    Registry entries deleted on Reboot...
    ------
    Next I did the disk cleanup
    Now I have got stuck on the error check though, I get a message:

    [​IMG]

    When I press 'schedule disk check' nothing happens. I re-started to see if would run disk check on the reboot but nothing happened either.

    Should I continue with the other steps or wait till this is resolved?
     
  15. JamesM

    JamesM TS Rookie Topic Starter

    Nevermind the last post I got it to work after restarting again!
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding the Error Check: Read my directions:

     
  17. JamesM

    JamesM TS Rookie Topic Starter

    New combofix log:

    ComboFix 12-05-27.02 - JAMSYM 28/05/2012 1:17.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2486 [GMT 1:00]
    Running from: c:\users\JAMSYM\Desktop\ComboFix.exe
    AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres\AppData\Local\temp
    2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\postgres.JAMSYM-PC\AppData\Local\temp
    2012-05-28 00:26 . 2012-05-28 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-26 21:14 . 2012-05-15 00:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79F3420E-79D7-48B1-A561-E7358A17E7D8}\mpengine.dll
    2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\programdata\Panda Security
    2012-05-26 16:10 . 2012-05-26 16:10 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
    2012-05-26 12:37 . 2012-05-26 15:33 -------- d-----w- c:\programdata\CPA_VA
    2012-05-26 12:36 . 2012-05-26 12:36 -------- d-----w- C:\VritualRoot
    2012-05-26 12:01 . 2012-05-26 17:12 -------- d-----w- c:\programdata\Comodo
    2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\program files\COMODO
    2012-05-26 12:01 . 2012-05-26 12:01 -------- d-----w- c:\users\JAMSYM\AppData\Local\Comodo
    2012-05-26 12:00 . 2012-05-26 12:01 -------- d-----w- c:\program files (x86)\Comodo
    2012-05-25 17:22 . 2012-05-25 17:22 -------- d-----w- c:\program files (x86)\SkyPoker
    2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\Malwarebytes
    2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-25 16:21 . 2012-05-25 16:21 -------- d-----w- c:\programdata\Malwarebytes
    2012-05-25 16:21 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-22 12:47 . 2012-05-22 13:05 -------- d-----w- C:\DOSGAMES
    2012-05-22 12:44 . 2012-05-22 12:45 -------- d-----w- c:\program files (x86)\DOSBox-0.74
    2012-05-21 12:19 . 2012-05-22 12:17 -------- d-----w- c:\users\JAMSYM\VirtualBox VMs
    2012-05-21 12:18 . 2012-05-22 12:22 -------- d-----w- c:\users\JAMSYM\.VirtualBox
    2012-05-21 12:18 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-05-21 12:17 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-05-21 11:33 . 2012-05-21 11:33 -------- d-----w- c:\program files (x86)\Maxis
    2012-05-21 11:17 . 1998-01-23 11:22 304128 ----a-w- c:\windows\IsUninst.exe
    2012-05-14 19:36 . 2012-05-15 12:36 -------- d-----w- c:\programdata\boost_interprocess
    2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-05-13 18:53 . 2012-05-13 18:53 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2012-05-07 16:59 . 2012-05-07 16:59 -------- d-----w- c:\windows\en
    2012-05-07 16:53 . 2012-05-07 16:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DSETUP.dll
    2012-05-07 16:53 . 2012-05-07 16:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\DXSETUP.exe
    2012-05-07 16:53 . 2012-05-07 16:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e664e1701cd2c7101\dsetup32.dll
    2012-05-03 14:38 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-05-03 14:38 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-05-03 14:09 . 2012-05-03 14:09 -------- d-----w- c:\windows\system32\SPReview
    2012-05-03 14:08 . 2012-05-03 14:08 -------- d-----w- c:\windows\system32\EventProviders
    2012-05-02 20:40 . 2012-05-02 20:40 -------- d-----w- c:\users\JAMSYM\AppData\Roaming\YachtingPoker
    2012-05-02 20:39 . 2012-05-02 20:39 -------- d-----w- c:\program files (x86)\YachtingPoker
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-05 17:34 . 2012-04-12 13:09 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 17:34 . 2011-11-16 10:10 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 17:34 . 2012-04-12 13:34 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-03 14:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-05-03 14:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2012-04-06 23:20 . 2012-04-06 23:20 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
    2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll
    2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-01 06:46 . 2012-04-12 02:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:38 . 2012-04-12 02:00 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-03-01 06:33 . 2012-04-12 02:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-03-01 06:28 . 2012-04-12 02:00 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-03-01 05:37 . 2012-04-12 02:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:33 . 2012-04-12 02:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:29 . 2012-04-12 02:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]
    "NETELLER app"="c:\program files (x86)\NETELLER app\NETELLER-app.exe" [2012-03-06 1957656]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-04 39408]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
    "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
    "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "MobileConnect"="c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-04 273528]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
    "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 136176]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-01-19 11776]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/22 08:06];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 14:50 146928]
    S2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]
    S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-05-16 412304]
    S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 postgresql-8.3;PostgreSQL Server 8.3;C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N postgresql-8.3 -D C:/Program Files (x86)/PostgreSQL/8.3/data -w [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
    S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
    S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]
    S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:34]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-04 20:18]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001Core.job
    - c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517856273-4090774691-2137519104-1001UA.job
    - c:\users\JAMSYM\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 17:03]
    .
    2012-05-25 c:\windows\Tasks\HPCeeScheduleForJAMSYM.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
    .
    2012-04-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &AOL Toolbar Search - c:\programdata\AOL\ieToolbar\resources\en-GB\local\search.html
    IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files (x86)\PokerStars.FR\PokerStarsUpdate.exe
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\JAMSYM\AppData\Roaming\Mozilla\Firefox\Profiles\ga8dgjuk.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101385&mntrId=c41f998a00000000000000225feb9783
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    FF - Ext: ST-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
    FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    FF - Ext: NETELLER: neteller.desktop@klipfolio - c:\program files (x86)\NETELLER app\plugins\Firefox\neteller
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - user.js: extensions.BabylonToolbar_i.id - c41f998a00000000000000225feb9783
    FF - user.js: extensions.BabylonToolbar_i.hardId - c41f998a00000000000000225feb9783
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15413
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:59
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101385
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    user_pref('extensions.dealply.partner', 'vita');
    user_pref('extensions.dealply.channel', 'vitafilewin');
    user_pref('extensions.dealply.installId', 'v23500256101115962458192012031413591739');
    user_pref('extensions.dealply.installIdSource', 'inst');
    user_pref('extensions.dealply.sampleGroup', '9');
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.3]
    "ImagePath"="C:/Program Files (x86)/PostgreSQL/8.3/bin/pg_ctl.exe runservice -N \"postgresql-8.3\" -D \"C:/Program Files (x86)/PostgreSQL/8.3/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    "Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
    bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
    c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
    c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
    c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2012-05-28 01:34:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-05-28 00:34
    .
    Pre-Run: 374,431,928,320 bytes free
    Post-Run: 374,355,709,952 bytes free
    .
    - - End Of File - - 3E0384876DA377BDE1E34E54C400DFFB
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Firefox is still full of Babylon. Have you tried to remove it?

    Sign on to the Administrative account:

    Please follow the same instruction to remove DealPly in Firefox.

    There will be a follow up to this but I want you to do the manual removal for both first.
     
  19. JamesM

    JamesM TS Rookie Topic Starter

    I've tryed it a few times but when I close firefox it doesnt properly close. So its not saving all the changes im making to it. Then when I try open a new firefox it gives me the message that firefox is already running so I cant open another. If I ctrl alt delete and remove firefox from task manager all all the changes ive made dont save.

    Anyway is it easier if remove forefox altogther? I dont mind switching to internet explorer only if its easier
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When you click on the X to close in top right corner of Firefox, it may give you the option to "save your tabs for the next time it starts." Be sure you have exited the Tools> Addons section before you try to close FF. You can then select the 'save and quit' or just 'quit.' But you should be out of the Options section to close.
     
  21. JamesM

    JamesM TS Rookie Topic Starter

    I've tries a few times now.

    I change all the babylon entries then leave the config page onto google or something. Then when I press X to close firefox it closes fine but it is still running in processes. If I try to open it again it says you can only run 1 firefox at a time. Then I have to End process firefox in task manager which means when I open it the next time all the babylon stuff is back as it was.
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Babylon is known to be difficult to remove. Check out the following:

    http://support.mozilla.org/en-US/questions/747615

    http://www.ghacks.net/2011/08/17/how-to-uninstall-the-babylon-toolbar-completely/

    http://superuser.com/questions/270560/installed-babylon-in-firefox-now-I-cant-get-rid-of-it

    ------------------------------------------------

    If none of these suggestions work for you, the only choice you have then is to uninstall Firefox, then install a new version. I have not seen Babylon so intensive in taking over a browser!
     
  23. JamesM

    JamesM TS Rookie Topic Starter

    Ok I have just uninstalled firefox. I dont mind just having IE.

    Is there anything else I should do?
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You can install a clean Firefox if you want. IE will stay on the system, but you have a choice of which browser you want to be the default.

    About this:
    You should only have one launch of IE going. If you want or need multiple sites, use the tabs- don't launch IE again. You may still see more than one iexplore.exe[/b] in the Task Manager with IE8- that's normal.

    And about this:
    When Firefox is closed, the word "Firefox" should even appear in the Task Manager. But "closed" means you clicked on the X at the top right and actually closed the browser. If it's minimized on the Taskbar, it's still runnng, even if you aren't looking at it.
    ==============================

    I'd like you to update and run Malwarebytes again. But this time, click on Perform Full Scan instead of 'quick.
    ================================================
    Then run one more scan:
    First, set up a Directory for HijackThis as follows:
    Right click Start> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    ----------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ===============================

    How does ithe Task Manager look now that you removed Firefox?

    Please leave logs for Mbam and HijackThis in your next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...