Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Connection problems - here to see if I have a virus  (Read 15563 times)

0 Members and 1 Guest are viewing this topic.

zulubanshee

    Topic Starter


    Beginner

    • Experience: Familiar
    • OS: Windows Vista
    Connection problems - here to see if I have a virus
    « on: December 21, 2012, 03:40:43 PM »
    My problem can be found here:
    http://www.computerhope.com/forum/index.php/topic,134893.msg868106.html#msg868106

    Essentially I have been having intermittent connection problems. Some pages load ok, others do not load, others load but without the styles sheets, usually if I refresh a bunch of times the page will load eventually, but not always. I have tried everything else and somebody on the Networking forum sent me over here. So here I am. And here are my logs.

    # AdwCleaner v2.101 - Logfile created 12/21/2012 at 12:46:31
    # Updated 16/12/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : doug - DOUG-PC
    # Boot Mode : Normal
    # Running from : C:\Users\doug\Desktop\zips\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
    Folder Found : C:\Program Files (x86)\ICQ6Toolbar
    Folder Found : C:\ProgramData\ICQ\ICQToolbar
    Folder Found : C:\Users\doug\AppData\Local\APN
    Folder Found : C:\Users\doug\AppData\Local\Conduit
    Folder Found : C:\Users\doug\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\doug\AppData\LocalLow\Conduit

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\Ask&Record
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKU\S-1-5-21-1499011048-2565338764-885293594-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
    Key Found : HKU\S-1-5-21-1499011048-2565338764-885293594-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default-1355447943910 [Profil par défaut]
    File : C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    -\\ Opera v12.12.1707.0

    File : C:\Users\doug\AppData\Roaming\Opera\Opera\operaprefs.ini

    Found : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

    *************************

    AdwCleaner[R1].txt - [4095 octets] - [21/12/2012 12:46:31]

    ########## EOF - C:\AdwCleaner[R1].txt - [4155 octets] ##########
    ---------------------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.21.15

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    doug :: DOUG-PC [administrator]

    Protection: Disabled

    12/21/2012 12:50:10 PM
    mbam-log-2012-12-21 (12-50-10).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224470
    Time elapsed: 8 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    -------------------------------------------------------------------------------------------------------------------------------------
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 1.6.0_37
    Run by doug at 17:09:58 on 2012-12-21
    Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.5953 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\cygwin\bin\cygrunsrv.exe
    C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
    C:\cygwin\usr\sbin\cygserver.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\SysWOW64\vmnat.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Windows\System32\WUDFHost.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\MHotKey.exe
    C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.124\GoogleCrashHandler64.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files (x86)\Pidgin\pidgin.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ChiFuncExt.exe
    C:\Windows\CNYHKey.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\splwow64.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uSearch Page = hxxp://www.bing.com/?pc=AVBR
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
    mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
    uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
    uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
    mURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
    mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
    dURLSearchHooks: {855F3B16-6D32-4fe6-8A56-BBB695989046} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    dURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
    mWinlogon: Userinit = userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    uRun: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe
    uRun: [AdobeBridge] <no file>
    mRun: [LchDrvKey] LchDrvKey.exe
    mRun: [LedKey] CNYHKey.exe
    mRun: [eRecoveryService] <no file>
    mRunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
    DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://www.ivienterprise.com:8080/qcbin/ALM-Platform-Loader.11.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{69DE6067-93A0-4FFF-AD69-C6EE7006F35F} : DHCPNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} -
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\doug\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\doug\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-10-24 12:14; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    FF - ExtSQL: 2012-12-13 20:24; {dc572301-7619-498c-a57d-39143191b318}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
    FF - ExtSQL: 2012-12-13 20:33; {64161300-e22b-11db-8314-0800200c9a66}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
    FF - ExtSQL: 2012-12-13 20:46; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
    FF - ExtSQL: 2012-12-13 20:51; {c45c406e-ab73-11d8-be73-000a95be3b12}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    FF - ExtSQL: 2012-12-13 20:55; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
    FF - ExtSQL: 2012-12-13 21:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    FF - ExtSQL: 2012-12-13 21:16; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
    FF - ExtSQL: 2012-12-13 21:29; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
    FF - ExtSQL: 2012-12-13 21:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    FF - ExtSQL: 2012-12-13 22:49; {af79f858-4b25-4ca4-822b-b5db1be628fc}; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
    FF - ExtSQL: 2012-12-14 14:48; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
    FF - ExtSQL: 2012-12-14 14:55; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
    FF - ExtSQL: 2012-12-14 19:45; [email protected]; C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-10-29 69152]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-8-21 55856]
    R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2012-1-22 224048]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2012-1-22 130864]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-5-4 21992]
    R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-16 24576]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2008-12-11 72216]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 399432]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    R2 vmci;VMware vmci;C:\Windows\System32\drivers\vmci.sys [2008-12-7 64560]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-4 46136]
    R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;C:\Windows\System32\drivers\AVer88xHD64.sys [2008-8-21 432256]
    R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-8-21 403968]
    R3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2011-12-19 146736]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-8-5 392192]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1c9619c54e0d3d;Google Update Service (gupdate1c9619c54e0d3d);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 133104]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 676936]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2012-1-10 68096]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-21 25928]
    S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-1-28 19544]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\System32\drivers\point64k.sys [2009-5-8 33160]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2011-12-19 165680]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
    FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M  ====================
    .
    2012-12-16 23:25:25   73656   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 23:25:25   697272   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-13 12:24:00   67413224   ----a-w-   C:\Windows\System32\mrt.exe
    2012-11-14 07:06:18   17811968   ----a-w-   C:\Windows\System32\mshtml.dll
    2012-11-14 06:32:33   10925568   ----a-w-   C:\Windows\System32\ieframe.dll
    2012-11-14 06:11:44   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:44   1346048   ----a-w-   C:\Windows\System32\urlmon.dll
    2012-11-14 06:04:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
    2012-11-14 06:02:04   237056   ----a-w-   C:\Windows\System32\url.dll
    2012-11-14 05:59:52   85504   ----a-w-   C:\Windows\System32\jsproxy.dll
    2012-11-14 05:58:36   816640   ----a-w-   C:\Windows\System32\jscript.dll
    2012-11-14 05:57:46   599040   ----a-w-   C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:55:45   2144768   ----a-w-   C:\Windows\System32\iertutil.dll
    2012-11-14 05:55:26   729088   ----a-w-   C:\Windows\System32\msfeeds.dll
    2012-11-14 05:53:22   96768   ----a-w-   C:\Windows\System32\mshtmled.dll
    2012-11-14 05:52:40   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
    2012-11-14 05:46:25   248320   ----a-w-   C:\Windows\System32\ieui.dll
    2012-11-14 02:48:26   12320256   ----a-w-   C:\Windows\SysWow64\mshtml.dll
    2012-11-14 02:14:59   9738240   ----a-w-   C:\Windows\SysWow64\ieframe.dll
    2012-11-14 02:09:22   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:44   1103872   ----a-w-   C:\Windows\SysWow64\urlmon.dll
    2012-11-14 01:57:37   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:55:46   231936   ----a-w-   C:\Windows\SysWow64\url.dll
    2012-11-14 01:51:44   65024   ----a-w-   C:\Windows\SysWow64\jsproxy.dll
    2012-11-14 01:49:25   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:49:19   717824   ----a-w-   C:\Windows\SysWow64\jscript.dll
    2012-11-14 01:48:27   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:47:20   607744   ----a-w-   C:\Windows\SysWow64\msfeeds.dll
    2012-11-14 01:46:38   1793024   ----a-w-   C:\Windows\SysWow64\iertutil.dll
    2012-11-14 01:45:01   73216   ----a-w-   C:\Windows\SysWow64\mshtmled.dll
    2012-11-14 01:44:42   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    2012-11-14 01:41:30   176640   ----a-w-   C:\Windows\SysWow64\ieui.dll
    2012-11-13 01:55:22   2770432   ----a-w-   C:\Windows\System32\win32k.sys
    2012-11-13 01:45:48   2048   ----a-w-   C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
    2012-11-08 04:24:01   48128   ----a-w-   C:\Windows\System32\atmlib.dll
    2012-11-08 03:46:35   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
    2012-11-08 02:00:56   368128   ----a-w-   C:\Windows\System32\atmfd.dll
    2012-11-08 01:36:08   293376   ----a-w-   C:\Windows\SysWow64\atmfd.dll
    2012-11-02 10:45:52   477696   ----a-w-   C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51   68096   ----a-w-   C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:18:17   376320   ----a-w-   C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56   26112   ----a-w-   C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06   23040   ----a-w-   C:\Windows\SysWow64\dpnsvr.exe
    2012-10-29 19:10:15   60304   ----a-w-   C:\Users\doug\g2mdlhlpx.exe
    2012-10-25 08:12:26   94208   ----a-w-   C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26   69632   ----a-w-   C:\Windows\SysWow64\QuickTime.qts
    2012-09-30 00:54:26   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2012-09-28 16:34:50   1210368   ----a-w-   C:\Windows\System32\kernel32.dll
    2012-09-28 16:13:29   860160   ----a-w-   C:\Windows\SysWow64\kernel32.dll
    2012-09-25 16:31:19   91648   ----a-w-   C:\Windows\System32\synceng.dll
    2012-09-25 16:19:41   75776   ----a-w-   C:\Windows\SysWow64\synceng.dll
    2012-09-24 20:34:14   108008   ----a-w-   C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-09-24 20:34:13   916456   ----a-w-   C:\Windows\System32\deployJava1.dll
    2012-09-24 20:34:13   289768   ----a-w-   C:\Windows\System32\javaws.exe
    2012-09-24 20:34:13   189416   ----a-w-   C:\Windows\System32\javaw.exe
    2012-09-24 20:34:13   188904   ----a-w-   C:\Windows\System32\java.exe
    2012-09-24 20:34:13   1034216   ----a-w-   C:\Windows\System32\npDeployJava1.dll
    2012-09-24 19:32:24   477168   ----a-w-   C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-24 19:32:20   473072   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
    2012-09-24 19:23:41   157680   ----a-w-   C:\Windows\SysWow64\javaws.exe
    2012-09-24 19:23:37   149488   ----a-w-   C:\Windows\SysWow64\javaw.exe
    2012-09-24 19:23:26   149488   ----a-w-   C:\Windows\SysWow64\java.exe
    .
    ============= FINISH: 17:10:43.17 ===============
    ------------------------------------------------------------------------------------------------------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/16/2008 2:22:15 AM
    System Uptime: 12/21/2012 4:16:21 PM (1 hours ago)
    .
    Motherboard: Gateway |  | RS780
    Processor: AMD Phenom(tm) 9500 Quad-Core Processor | AM2 | 2200/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 689 GiB total, 360.351 GiB free.
    D: is FIXED (NTFS) - 112 GiB total, 22.587 GiB free.
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    I: is CDROM ()
    J: is CDROM ()
    K: is CDROM ()
    L: is FIXED (NTFS) - 233 GiB total, 165.374 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
     Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    7-Zip 4.62
    Activation Assistant for the 2007 Microsoft Office suites
    ActivePerl 5.12.2 Build 1202 (64-bit)
    ActiveState Komodo Edit 6.1.1
    Adobe AIR
    Adobe Community Help
    Adobe Dreamweaver CS5
    Adobe Fireworks CS5
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Photoshop Elements 7.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Reader X (10.1.4)
    Amazon Kindle
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Fuel
    AMD VISION Engine Control Center
    Apex PDF Watermarking Software 2.3.8.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Artisteer 2
    AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5
    AVI Movie Player
    BigFix
    Bing Bar
    Bing Maps 3D
    BlueVoda Website Builder 11.71
    Bonjour
    calibre
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Compatibility Pack for the 2007 Office system
    Cool Timer 3.7
    CPUID HWMonitor 1.19
    Craigs List Editor
    Craigslist Crawler
    Crimson Editor (remove only)
    CutePDF Writer 2.8
    CyberLink LabelPrint
    CyberLink Power2Go
    DHTML Editing Component
    DivX Setup
    DivX Version Checker
    Dolby Control Center
    EasyBCD 1.7.2
    Facebook Video Calling 1.2.0.159
    Facebook Video Calling 1.2.0.287
    FeedDemon
    FileZilla Client 3.6.0.2
    FlashPeak SlimBrowser
    Forté Agent
    Free PDF to Word Doc Converter v1.1
    Free SMTP Server
    Freecorder
    FTPRush v1 Unicode
    Gadwin PrintScreen
    Gateway Recovery Management
    GIMP 2.6.11
    Google AdWords Editor
    Google Chrome
    Google Drive
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoogleSpider
    GoToMeeting 5.2.0.952
    GreenBrowser
    GTK+ Runtime 2.14.7 rev a (remove only)
    HeidiSQL 4.0
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
    HP ALM Microsoft Excel Addin
    HP ALM Microsoft Word Addin
    HP Application Lifecycle Management
    HydraVision
    iCloud
    Inkscape 0.48.1
    iPhone Configuration Utility
    IrfanView (remove only)
    iTunes
    Java 7 Update 7 (64-bit)
    Java Auto Updater
    Java SE Development Kit 7 Update 7 (64-bit)
    Java(TM) 6 Update 37
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    KB0817 Keyboard Driver
    Magic ISO Maker v5.5 (build 0272)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.65.1.1000
    Marvell(R) Wireless Card Software Package
    MassMailer
    Matroska Pack - Lazy Man's MKV 0.9.9
    Media Player Classic
    Meracl ImageMap Generator v3.5.3
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 7.0
    Microsoft Money Essentials
    Microsoft Money Shared Libraries
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Microsoft Works
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    MixPad
    MobileMe Control Panel
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mozilla Thunderbird 16.0.2 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL-Front 3.2
    NetBeans IDE 6.9.1
    Netflix Movie Viewer
    Notepad++
    Octoshape add-in for Adobe Flash Player
    oDesk Team
    OpenOffice.org 3.0
    Opera 12.12
    Opera Mobile
    Oracle VM VirtualBox 4.1.8
    PDF Generator 2.03
    PDF Settings CS5
    PeerBlock 1.0.0 (r181)
    PhotoshopdotcomInspirationBrowser
    PhotoStage Slideshow Producer
    Pidgin
    POSInvoicePDFLite 1.0.5
    QuickPar 0.9
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Rosetta Stone Version 3
    SABnzbd 0.6.15
    Safari
    SeaMonkey (2.0.12)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    SequoiaView
    Skype™ 6.0
    SmartFTP Client Setup Files 4.0 (x64) (remove only)
    Snap (remove only)
    Soft Data Fax Modem with SmartCP
    Software Informer 1.1
    Sql Server Customer Experience Improvement Program
    SQL Server System CLR Types
    Sublime Text 2.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    VideoPad Video Editor
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    VLC media player 1.0.0
    VMware Workstation
    WampServer 2.0
    WavePad Sound Editor
    Winamp
    Winamp Detector Plug-in
    WinDirStat 1.1.2
    Windows Media Player Firefox Plugin
    WinRAR archiver
    .
    ==== End Of File ===========================



    SuperDave

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Thanked: 991
    • Certifications: List
    • Experience: Expert
    • OS: Windows 8
    Re: Connection problems - here to see if I have a virus
    « Reply #1 on: December 22, 2012, 12:24:40 PM »
    Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
    2. The fixes are specific to your problem and should only be used for this issue on this machine.
    3. If you don't know or understand something, please don't hesitate to ask.
    4. Please DO NOT run any other tools or scans while I am helping you.
    5. It is important that you reply to this thread. Do not start a new topic.
    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    7. Absence of symptoms does not mean that everything is clear.

    If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
    *************************************************************************
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    *****************************************************
    Please download ComboFix from BleepingComputer.com

    Alternate link: GeeksToGo.com

    Alternate link: Forospyware.com
    If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    Rename ComboFix.exe to commy.exe before you save it to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
    • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    • Click on Yes, to continue scanning for malware.
    • When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.
    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

    zulubanshee

      Topic Starter


      Beginner

      • Experience: Familiar
      • OS: Windows Vista
      Re: Connection problems - here to see if I have a virus
      « Reply #2 on: December 24, 2012, 01:09:19 PM »
      # AdwCleaner v2.102 - Logfile created 12/24/2012 at 15:08:49
      # Updated 23/12/2012 by Xplode
      # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
      # User : doug - DOUG-PC
      # Boot Mode : Normal
      # Running from : C:\Users\doug\Desktop\zips\adwcleaner.exe
      # Option [Delete]


      ***** [Services] *****


      ***** [Files / Folders] *****

      Deleted on reboot : C:\Program Files (x86)\Conduit
      Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
      Deleted on reboot : C:\Program Files (x86)\ICQ6Toolbar
      Deleted on reboot : C:\ProgramData\ICQ\ICQToolbar
      Deleted on reboot : C:\Users\doug\AppData\Local\APN
      Deleted on reboot : C:\Users\doug\AppData\Local\Conduit
      Deleted on reboot : C:\Users\doug\AppData\LocalLow\AVG Secure Search
      Deleted on reboot : C:\Users\doug\AppData\LocalLow\Conduit

      ***** [Registry] *****

      Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
      Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
      Key Deleted : HKCU\Software\Ask&Record
      Key Deleted : HKCU\Software\Conduit
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
      Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
      Key Deleted : HKCU\Software\Softonic
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
      Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
      Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
      Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
      Key Deleted : HKLM\Software\Conduit
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
      Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
      Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
      Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
      Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
      Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

      ***** [Internet Browsers] *****

      -\\ Internet Explorer v9.0.8112.16457

      Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

      -\\ Mozilla Firefox v17.0.1 (en-US)

      File : C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\prefs.js

      [OK] File is clean.

      -\\ Google Chrome v23.0.1271.97

      File : C:\Users\doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

      [OK] File is clean.

      -\\ Opera v12.12.1707.0

      File : C:\Users\doug\AppData\Roaming\Opera\Opera\operaprefs.ini

      Deleted : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera

      *************************

      AdwCleaner[R1].txt - [4212 octets] - [21/12/2012 12:46:31]
      AdwCleaner[S1].txt - [3726 octets] - [24/12/2012 15:08:49]

      ########## EOF - C:\AdwCleaner[S1].txt - [3786 octets] ##########

      zulubanshee

        Topic Starter


        Beginner

        • Experience: Familiar
        • OS: Windows Vista
        Re: Connection problems - here to see if I have a virus
        « Reply #3 on: December 24, 2012, 01:22:29 PM »
        I don't think the Microsoft Recovery Console was installed. I disabled the antivirus and antispyware, then copy and pasted the line of text into the Run box. I clicked a confirmation message but it was not the ones that are displayed above (I didn't catch what it said). Those popup confirmation messages in your post above were not displayed at all. Furthermore, ComboFix appears to have simply ended without running a scan. I renamed the file to commy.exe as instructed, FTR.

        zulubanshee

          Topic Starter


          Beginner

          • Experience: Familiar
          • OS: Windows Vista
          Re: Connection problems - here to see if I have a virus
          « Reply #4 on: December 24, 2012, 01:25:13 PM »
          I don't think the Microsoft Recovery Console was installed. I disabled the antivirus and antispyware, then copy and pasted the line of text into the Run box. I clicked a confirmation message but it was not the ones that are displayed above (I didn't catch what it said). Those popup confirmation messages in your post above were not displayed at all. Furthermore, ComboFix appears to have simply ended without running a scan. I renamed the file to commy.exe as instructed, FTR.

          Never mind. I ran it again and it seems to be working.

          zulubanshee

            Topic Starter


            Beginner

            • Experience: Familiar
            • OS: Windows Vista
            Re: Connection problems - here to see if I have a virus
            « Reply #5 on: December 24, 2012, 02:35:13 PM »
            ComboFix 12-12-23.01 - doug 12/24/2012  15:46:45.1.4 - x64
            Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.7934.5651 [GMT -5:00]
            Running from: c:\users\doug\Desktop\commy.exe
            Command switches used :: /stepdel
            AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
            SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
            SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
            .
            .
            (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            c:\users\doug\AppData\Local\assembly\tmp
            c:\users\doug\AppData\Roaming\013d5c525f3c127a61d11aadff2409b6-i686.cache-2
            c:\users\doug\AppData\Roaming\698e8de9c79e614b8d6a96b5ce9682e6-i686.cache-2
            c:\users\doug\AppData\Roaming\mIRC\logs\status.log
            c:\users\doug\g2mdlhlpx.exe
            c:\users\Public\sdelevURL.tmp
            c:\windows\iun6002.exe
            c:\windows\SysWow64\ccrpTmr6.dll
            c:\windows\wininit.ini
            .
            .
            (((((((((((((((((((((((((   Files Created from 2012-11-24 to 2012-12-24  )))))))))))))))))))))))))))))))
            .
            .
            2012-12-24 21:22 . 2012-12-24 21:25   --------   d-----w-   c:\users\doug\AppData\Local\temp
            2012-12-24 21:22 . 2012-12-24 21:22   --------   d-----w-   c:\users\Default\AppData\Local\temp
            2012-12-24 20:34 . 2012-12-24 20:34   --------   d-----w-   C:\commy
            2012-12-24 20:10 . 2012-12-24 20:10   76232   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D8076F9-8863-4C9F-94E9-09FED020D356}\offreg.dll
            2012-12-24 10:36 . 2012-11-19 06:01   9125352   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7D8076F9-8863-4C9F-94E9-09FED020D356}\mpengine.dll
            2012-12-23 08:30 . 2012-11-19 06:01   9125352   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
            2012-12-22 08:00 . 2012-12-16 13:31   48128   ----a-w-   c:\windows\system32\atmlib.dll
            2012-12-22 08:00 . 2012-12-16 13:12   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
            2012-12-22 08:00 . 2012-12-16 11:08   368128   ----a-w-   c:\windows\system32\atmfd.dll
            2012-12-22 08:00 . 2012-12-16 10:50   293376   ----a-w-   c:\windows\SysWow64\atmfd.dll
            2012-12-21 17:49 . 2012-09-30 00:54   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
            2012-12-21 17:49 . 2012-12-21 17:49   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
            2012-12-19 17:32 . 2012-12-19 17:33   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
            2012-12-18 01:07 . 2012-12-18 01:07   --------   d-----w-   c:\users\doug\{863fee93-2b95-491c-bc50-eed8f2212d4f}
            2012-12-17 23:01 . 2012-10-23 11:04   972264   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71793424-D1EA-44B8-8DC5-0FA70A3EBFBC}\gapaengine.dll
            2012-12-17 22:44 . 2012-12-17 22:44   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
            2012-12-17 22:44 . 2012-12-17 22:45   --------   d-----w-   c:\program files\Microsoft Security Client
            2012-12-17 22:43 . 2010-04-06 08:34   345984   ----a-w-   c:\windows\system32\drivers\netio.sys
            2012-12-16 21:32 . 2012-12-16 21:32   --------   d-----w-   c:\users\doug\AppData\Roaming\Malwarebytes
            2012-12-16 21:32 . 2012-12-16 21:32   --------   d-----w-   c:\programdata\Malwarebytes
            2012-12-13 12:21 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
            2012-12-13 12:21 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
            2012-12-13 12:21 . 2009-07-14 12:19   20480   ----a-w-   c:\windows\system32\winusb.dll
            2012-12-13 12:21 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
            2012-12-13 12:21 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
            2012-12-13 12:21 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
            2012-12-13 12:21 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
            2012-12-13 12:21 . 2009-07-14 12:12   16896   ----a-w-   c:\windows\SysWow64\winusb.dll
            2012-12-13 12:21 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
            2012-12-13 12:21 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
            2012-12-13 12:21 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
            2012-12-13 12:21 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
            2012-12-13 12:21 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
            2012-12-12 14:20 . 2012-09-28 16:34   1210368   ----a-w-   c:\windows\system32\kernel32.dll
            2012-12-12 14:20 . 2012-08-21 11:50   267648   ----a-w-   c:\windows\system32\drivers\volsnap.sys
            2012-12-12 14:20 . 2012-11-13 01:55   2770432   ----a-w-   c:\windows\system32\win32k.sys
            2012-12-12 14:20 . 2012-11-13 01:45   2048   ----a-w-   c:\windows\system32\tzres.dll
            2012-12-12 14:20 . 2012-11-13 01:29   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
            2012-12-12 14:20 . 2012-11-02 10:45   477696   ----a-w-   c:\windows\system32\dpnet.dll
            2012-12-12 14:20 . 2012-11-02 10:45   68096   ----a-w-   c:\windows\system32\dpnathlp.dll
            2012-12-12 14:20 . 2012-11-02 10:18   376320   ----a-w-   c:\windows\SysWow64\dpnet.dll
            2012-12-12 14:20 . 2012-11-02 08:59   26112   ----a-w-   c:\windows\system32\dpnsvr.exe
            2012-12-12 14:20 . 2012-11-02 08:26   23040   ----a-w-   c:\windows\SysWow64\dpnsvr.exe
            2012-12-05 18:07 . 2012-12-10 15:18   --------   d-----w-   c:\users\doug\AppData\Local\Mozilla Firefox
            .
            .
            .
            ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            2012-12-16 23:25 . 2012-04-13 14:55   697272   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
            2012-12-16 23:25 . 2011-05-22 15:00   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
            2012-12-13 12:24 . 2006-11-02 12:35   67413224   ----a-w-   c:\windows\system32\mrt.exe
            2012-10-28 20:19 . 2012-10-28 20:19   4948   ----a-w-   c:\users\doug\AppData\Local\VWL2C36.tmp
            2012-10-25 08:12 . 2012-10-25 08:12   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
            2012-10-25 08:12 . 2012-10-25 08:12   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
            .
            .
            (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown
            REGEDIT4
            .
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
            "Pidgin"="c:\program files (x86)\Pidgin\pidgin.exe" [2010-10-20 48618]
            "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
            "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-22 68856]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
            "LchDrvKey"="LchDrvKey.exe" [2007-03-29 36864]
            "LedKey"="CNYHKey.exe" [2008-04-24 339968]
            "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
            "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
            "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
            "Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2008-07-17 8192]
            "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
            "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
            "New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe" [2008-07-17 200704]
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "EnableUIADesktopToggle"= 0 (0x0)
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
            @="Service"
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
            @="Service"
            .
            S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
            .
            .
            HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
            Themes
            .
            Contents of the 'Scheduled Tasks' folder
            .
            2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
            - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:25]
            .
            2012-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000Core.job
            - c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
            .
            2012-12-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000UA.job
            - c:\users\doug\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-25 04:19]
            .
            2012-12-24 c:\windows\Tasks\Google Software Updater.job
            - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-22 20:29]
            .
            2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 15:58]
            .
            2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
            - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2008-12-19 15:58]
            .
            2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000Core.job
            - c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 22:13]
            .
            2012-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1499011048-2565338764-885293594-1000UA.job
            - c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-02 22:13]
            .
            2012-02-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1499011048-2565338764-885293594-1000.job
            - c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
            .
            2012-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1499011048-2565338764-885293594-1000.job
            - c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
            .
            .
            --------- X64 Entries -----------
            .
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
            2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
            2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
            2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
            2012-11-08 21:58   755224   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
            "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
            .
            ------- Supplementary Scan -------
            .
            uStart Page = hxxp://www.google.com/
            uLocal Page = c:\windows\system32\blank.htm
            mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1008&m=lx6200-01
            mLocal Page = c:\windows\SysWOW64\blank.htm
            uInternet Settings,ProxyOverride = *.local
            IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
            LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
            Trusted Zone: google.com\mail
            TCP: DhcpNameServer = 192.168.2.1
            DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://www.ivienterprise.com:8080/qcbin/ALM-Platform-Loader.11.cab
            FF - ProfilePath - c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\
            FF - prefs.js: network.proxy.type - 0
            FF - ExtSQL: 2012-12-13 20:24; {dc572301-7619-498c-a57d-39143191b318}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
            FF - ExtSQL: 2012-12-13 20:33; {64161300-e22b-11db-8314-0800200c9a66}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
            FF - ExtSQL: 2012-12-13 20:46; {6AC85730-7D0F-4de0-B3FA-21142DD85326}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
            FF - ExtSQL: 2012-12-13 20:51; {c45c406e-ab73-11d8-be73-000a95be3b12}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
            FF - ExtSQL: 2012-12-13 20:55; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
            FF - ExtSQL: 2012-12-13 21:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
            FF - ExtSQL: 2012-12-13 21:16; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
            FF - ExtSQL: 2012-12-13 21:29; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
            FF - ExtSQL: 2012-12-13 21:57; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
            FF - ExtSQL: 2012-12-13 22:49; {af79f858-4b25-4ca4-822b-b5db1be628fc}; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\{af79f858-4b25-4ca4-822b-b5db1be628fc}.xpi
            FF - ExtSQL: 2012-12-14 14:48; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
            FF - ExtSQL: 2012-12-14 14:55; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
            FF - ExtSQL: 2012-12-14 19:45; [email protected]; c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\drsnt83h.default-1355447943910\extensions\[email protected]
            .
            .
            ------- File Associations -------
            .
            .txt=
            .
            - - - - ORPHANS REMOVED - - - -
            .
            URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
            Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
            Wow6432Node-HKCU-Run-AdobeBridge - (no file)
            Wow6432Node-HKCU-Run-fsm - (no file)
            Wow6432Node-HKLM-Run-eRecoveryService - (no file)
            Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
            Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
            SafeBoot-WudfPf
            SafeBoot-WudfRd
            WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
            WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
            AddRemove-BlueVoda_Website_Builder_1.0 - c:\windows\iun6002.exe
            AddRemove-DivX Setup.divx.com - c:\programdata\DivX\Setup\DivXSetup.exe
            AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
            .
            .
            .
            --------------------- LOCKED REGISTRY KEYS ---------------------
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
            @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker5"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Shockwave Flash Object"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
            @="0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
            @="ShockwaveFlash.ShockwaveFlash.11"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="ShockwaveFlash.ShockwaveFlash"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Macromedia Flash Factory Object"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
            @="FlashFactory.FlashFactory.1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="FlashFactory.FlashFactory"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker5"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
            @="Shockwave Flash"
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
            @Denied: (A 2) (Everyone)
            @=""
            .
            [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
            @="FlashBroker"
            .
            [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
            "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
               00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
            .
            [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
            @Denied: (A) (Users)
            @Denied: (A) (Everyone)
            @Allowed: (B 1 2 3 4 5) (S-1-5-20)
            "BlindDial"=dword:00000000
            .
            Completion time: 2012-12-24  16:48:37
            ComboFix-quarantined-files.txt  2012-12-24 21:48
            .
            Pre-Run: 384,761,016,320 bytes free
            Post-Run: 382,622,347,264 bytes free
            .
            - - End Of File - - 3C8E4D75C0E069131ACA0C2D5F5DB29E

            SuperDave

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Thanked: 991
            • Certifications: List
            • Experience: Expert
            • OS: Windows 8
            Re: Connection problems - here to see if I have a virus
            « Reply #6 on: December 24, 2012, 03:38:54 PM »
            Please download Rooter and Save it to your desktop.
            • Double click it to start the tool.Vista and Windows7 run as administrator.
            • Click Scan.
            • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
            ******************************************
            Download Security Check by screen317 from one of the following links and save it to your desktop.

            Link 1
            Link 2

            * Double-click Security Check.bat
            * Follow the on-screen instructions inside of the black box.
            * A Notepad document should open automatically called checkup.txt
            * Post the contents of that document in your next reply.

            Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
            Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

            zulubanshee

              Topic Starter


              Beginner

              • Experience: Familiar
              • OS: Windows Vista
              Re: Connection problems - here to see if I have a virus
              « Reply #7 on: December 24, 2012, 04:40:20 PM »
              There you are sir. Thanks for your assistance by the way
               Results of screen317's Security Check version 0.99.56 
               Windows Vista Service Pack 2 x64 (UAC is enabled) 
               Internet Explorer 9 
              ``````````````Antivirus/Firewall Check:``````````````[/u]
               Windows Firewall Enabled! 
              Microsoft Security Essentials   
               Antivirus up to date! 
              `````````Anti-malware/Other Utilities Check:`````````[/u]
               Malwarebytes Anti-Malware version 1.65.1.1000 
               Java(TM) 6 Update 37 
               Java(TM) 6 Update 5 
               Java(TM) 6 Update 7 
               Java version out of Date!
               Adobe Flash Player    11.5.502.135 
               Adobe Reader 10.1.4 Adobe Reader out of Date! 
               Mozilla Firefox (17.0.1)
               Mozilla Thunderbird 16.0.2 Thunderbird out of Date! 
               Google Chrome 23.0.1271.97 
              ````````Process Check: objlist.exe by Laurent````````[/u] 
               Microsoft Security Essentials MSMpEng.exe
               Microsoft Security Essentials msseces.exe
               doug Desktop virus SecurityCheck.exe
               Malwarebytes' Anti-Malware mbamscheduler.exe   
              `````````````````System Health check`````````````````[/u]
               Total Fragmentation on Drive C: 16 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
              ````````````````````End of Log``````````````````````[/u]

              SuperDave

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Thanked: 991
              • Certifications: List
              • Experience: Expert
              • OS: Windows 8
              Re: Connection problems - here to see if I have a virus
              « Reply #8 on: December 24, 2012, 05:59:45 PM »
              Update Your Java (JRE)

              Old versions of Java have vulnerabilities that malware can use to infect your system.


              First Verify your Java Version

              If there are any other version(s) installed then update now.

              Get the new version (if needed)

              If your version is out of date install the newest version of the Sun Java Runtime Environment.

              Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

              Be sure to close ALL open web browsers before starting the installation.

              Remove any old versions

              1. Download JavaRa and unzip the file to your Desktop.
              2. Open JavaRA.exe and choose Remove Older Versions
              3. Once complete exit JavaRA.

              Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
              ***********************************************
              Update your Adobe Reader. get.adobe.com/reader.

              Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

              ***********************************************
              Quote
              Total Fragmentation on Drive C: 16 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
              Please run a defrag on your C drive soon. SSD means Solid State Drive.
              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

              zulubanshee

                Topic Starter


                Beginner

                • Experience: Familiar
                • OS: Windows Vista
                Re: Connection problems - here to see if I have a virus
                « Reply #9 on: December 24, 2012, 06:31:33 PM »
                OK I did all that. I am a little confused about the Adobe update because I have the latest version. I will run a defrag tonight and over the holiday.

                Is there anything else I need to do, or just test the connection?

                zulubanshee

                  Topic Starter


                  Beginner

                  • Experience: Familiar
                  • OS: Windows Vista
                  Re: Connection problems - here to see if I have a virus
                  « Reply #10 on: December 24, 2012, 07:36:10 PM »
                  Everything seems to be working so far. I'll give it another day or two. In the meantime, is there somewhere to donate to the site?

                  zulubanshee

                    Topic Starter


                    Beginner

                    • Experience: Familiar
                    • OS: Windows Vista
                    Re: Connection problems - here to see if I have a virus
                    « Reply #11 on: December 25, 2012, 07:37:10 AM »
                    I spoke too soon. Still having some problems. Will continue monitoring.

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Thanked: 991
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 8
                    Re: Connection problems - here to see if I have a virus
                    « Reply #12 on: December 25, 2012, 12:59:58 PM »
                    Ok. In the meantime, please run this scanner.

                    I'd like to scan your machine with ESET OnlineScan

                    •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
                    ESET OnlineScan
                    •Click the button.
                    •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
                    • Click on to download the ESET Smart Installer. Save it to your desktop.
                    • Double click on the icon on your desktop.
                    •Check
                    •Click the button.
                    •Accept any security warnings from your browser.
                    •Check
                    •Push the Start button.
                    •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
                    •When the scan completes, push
                    •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
                    •Push the button.
                    •Push
                    A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                    zulubanshee

                      Topic Starter


                      Beginner

                      • Experience: Familiar
                      • OS: Windows Vista
                      Re: Connection problems - here to see if I have a virus
                      « Reply #13 on: December 27, 2012, 07:47:26 AM »
                      C:\Users\doug\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4a40e101-6c035a11   multiple threats   deleted - quarantined
                      C:\Users\doug\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6b684e5c-7fecd778   a variant of Java/Exploit.Agent.NEA trojan   deleted - quarantined
                      C:\Users\doug\Desktop\WP stuff\free wordpress themes\Stripey.zip   PHP/Kryptik.AB trojan   deleted - quarantined
                      C:\Users\doug\Desktop\WP stuff\free wordpress themes\WPFinalFantasy.zip   PHP/Kryptik.AB trojan   deleted - quarantined

                      zulubanshee

                        Topic Starter


                        Beginner

                        • Experience: Familiar
                        • OS: Windows Vista
                        Re: Connection problems - here to see if I have a virus
                        « Reply #14 on: December 27, 2012, 09:30:41 AM »
                        Regret to say still having the problem, but it is much reduced, at least 50%