Need help removing "Trojan.agent" virus

mememy · March 2, 2013

I'm so new to all this! I got on here to try to find an answer to how to get rid of the virus "Trojan.agent. I saw that others had the same issue so I downloaded the dds file and got the two logs. I then opened an acct and wanted to post but not sure how this all works so I'm giving it a shot in hopes someone can help me please! I will wait to paste the two logs till I get a reply from someone. If anyone can help please let me know what to do next and how to do it. Sorry I'm so inept at this. Thanks in advance for any help you can give!

gringo_pr · March 2, 2013

Hello mememy

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
[*]Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
[*]Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
[*]Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-DeFogger-

Please download

DeFogger to your desktop.
Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

-Security Check-

Download Security Check by screen317 from

here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-Download DDS-

Please download DDS from one of the links below and save it to your desktop:

Download DDS and save it to your desktop

Link1
Link2
Link3

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
[*]A window will open instructing you save & post the logs
[*]Save the logs to a convenient place such as your desktop
[*]Copy the contents of both logs & post in your next reply

information and logs

In your next post I need the following

both reports from DDS
report from security check
let me know of any problems you may have had

Gringo

mememy · March 3, 2013

got everything downloaded just fine. Here's what I have. Thanks so much!

Results of screen317's Security Check version 0.99.60

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 24

Java version out of Date!

Adobe Flash Player 11.6.602.171

Adobe Reader XI

Mozilla Firefox (19.0)

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by Marie at 13:01:39 on 2013-03-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4026.1964 [GMT -5:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Windows\system32\lxctcoms.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe

C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Upromise\dca-ua.exe

C:\Program Files (x86)\Upromise\UpromiseTray.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\D-Link\SharePort Utility\Connect.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe

C:\Program Files (x86)\Video Web Camera\traybar.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe

C:\Windows\system32\taskhost.exe

\\.\globalroot\systemroot\svchost.exe -netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.freegamepick.com/start-search.html

uSearch Bar = Preserve

mStart Page = hxxp://search.coupons.com/

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273602104525l0314z155a4812v26q

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Coupon Companion Plugin: {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll

BHO: IEPlugin Class: {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files (x86)\ArcSoft\Video Downloader\ArcURLRecord.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: KarmaWellBrowserExtensionBHO: {833ee35c-91e5-4db8-a23b-2311c0396e79} - C:\Program Files (x86)\KarmaWell Browser Extension\1.0.15\Kango.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: ToolbarBHO Class: {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: {e86e69ac-a2ce-415a-967e-70ded47d72e2} - <orphaned>

BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -

TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB: KarmaWell Browser Extension: {714165D9-3155-411E-BC86-93D7E97132FC} - C:\Program Files (x86)\KarmaWell Browser Extension\1.0.15\Kango.dll

TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -

TB: RAW Thumbnail Viewer: {F301665A-12F8-4331-804A-5BCBD379668C} - C:\Program Files (x86)\ArcSoft\RAW Thumbnail Viewer\EXIFToolBar.dll

TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

TB: KarmaWell Browser Extension: {714165d9-3155-411e-bc86-93d7e97132fc} - C:\Program Files (x86)\KarmaWell Browser Extension\1.0.15\Kango.dll

TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [setupWizard] D:\SetupWizard.exe reboot

uRun: [upromise Update] C:\Program Files (x86)\Upromise\dca-ua.exe

uRun: [upromise Tray] C:\Program Files (x86)\Upromise\UpromiseTray.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"

mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"

mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [Lexmark 5400 Series] "C:\Program Files (x86)\Lexmark 5400 Series\fm3032.exe" /s

mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

StartupFolder: C:\Users\Marie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHAREP~1.LNK - C:\Program Files\D-Link\SharePort Utility\Connect.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files (x86)\Upromise\upromisetoolbar.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

Trusted Zone: phoenix.edu

Trusted Zone: sharebuilder.com

DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\46C696E6B6 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\74C435D245F677E6F66666963656 : DHCPNameServer = 64.223.220.2 209.97.223.176

TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\86F6D656023797374756D6028313 : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\C696E6B6379737 : DHCPNameServer = 192.168.1.1 209.18.47.61 209.18.47.62

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273602104525l0314z155a4812v26q

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: GoodShopToolbar: {e86e69ac-a2ce-415a-967e-70ded47d72e2} -

x64-TB: GoodSearchBar: {10834e9a-d475-4a24-ad01-f3f24f71b28e} -

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [lxctmon.exe] "C:\Program Files (x86)\Lexmark 5400 Series\lxctmon.exe"

x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 5400 Series\ezprint.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3xbjv78h.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3272718&SearchSource=3&q={searchTerms}&CUI=UN33391885101244430

FF - prefs.js: browser.startup.homepage - hxxp://www.freegamepick.com/start-search.html

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3xbjv78h.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll

FF - ExtSQL: 2013-02-21 23:24; extension21804@extension21804.com; C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3xbjv78h.default\extensions\extension21804@extension21804.com

FF - ExtSQL: 2013-03-01 20:05; toolbar@shopathome.com; C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3xbjv78h.default\extensions\toolbar@shopathome.com

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R1 MpKsl3818f893;MpKsl3818f893;C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8A9DFA-7A00-4CEF-AAA1-9CDBDEDB2E08}\MpKsl3818f893.sys [2013-3-2 35664]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-26 1153368]

R2 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2011-7-20 290824]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-28 240160]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-8-28 292864]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-28 138752]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-8-28 317480]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-8-28 5435904]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-8-28 222208]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-6 1255736]

.

=============== Created Last 30 ================

.

2013-03-02 16:37:20 20480 ----a-w- C:\Windows\svchost.exe

2013-03-02 16:36:48 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8A9DFA-7A00-4CEF-AAA1-9CDBDEDB2E08}\offreg.dll

2013-03-02 16:36:30 35664 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8A9DFA-7A00-4CEF-AAA1-9CDBDEDB2E08}\MpKsl3818f893.sys

2013-03-02 15:21:44 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C8A9DFA-7A00-4CEF-AAA1-9CDBDEDB2E08}\mpengine.dll

2013-03-02 07:41:14 -------- d-----w- C:\Users\Marie\AppData\Local\{B209CC3D-4777-491D-ABC3-6F6A099E9CC6}

2013-03-01 21:15:02 189440 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\EC74.tmp

2013-03-01 21:15:02 189440 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\EC34.tmp.dat

2013-03-01 19:40:36 -------- d-----w- C:\Users\Marie\AppData\Local\{CE794D4B-28B5-4039-92EE-E8A753338001}

2013-02-28 22:04:00 9162192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-02-28 08:20:48 -------- d-----w- C:\Users\Marie\AppData\Local\{6B15C7C1-BA8F-4D96-86FB-09ABDE7EE5D0}

2013-02-27 20:20:14 -------- d-----w- C:\Users\Marie\AppData\Local\{FD994626-82C9-4102-B247-1C143EB68415}

2013-02-27 08:02:21 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-02-27 08:02:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-02-27 08:02:21 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll

2013-02-27 08:02:20 221184 ----a-w- C:\Windows\System32\UIAnimation.dll

2013-02-27 08:02:00 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-02-25 20:00:33 -------- d-----w- C:\Users\Marie\AppData\Local\{8E290E67-E44D-4969-AEA6-4329F38AA4B3}

2013-02-23 00:37:25 -------- d-----w- C:\Users\Marie\AppData\Local\{79B8E7FB-A0C7-4197-B454-063E1B7CA4AA}

2013-02-22 04:25:32 -------- d-----w- C:\Program Files (x86)\FreeGamePick.com

2013-02-22 04:25:01 -------- d-----w- C:\Users\Marie\AppData\Local\Coupon Companion Plugin

2013-02-22 04:24:44 -------- d-----w- C:\Users\Marie\AppData\Local\Updater21804

2013-02-22 04:24:29 -------- d-----w- C:\Program Files (x86)\Coupon Companion Plugin

2013-02-21 23:53:23 -------- d-----w- C:\ProgramData\CanonIJ

2013-02-21 23:27:42 -------- d--h--w- C:\ProgramData\CanonIJScan

2013-02-18 19:12:20 -------- d-----w- C:\Users\Marie\AppData\Local\{9CDE807B-3DAD-42A3-AB07-CEFC57AB54D6}

2013-02-15 22:04:52 208448 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 15:11:22 -------- d-----w- C:\Users\Marie\AppData\Local\{5819FA97-552E-4A29-98FD-CE1A2A96922E}

2013-02-13 08:04:27 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 08:04:27 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-12 20:04:55 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-12 20:04:54 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-12 20:04:53 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-12 20:04:51 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-12 20:04:44 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-12 20:04:43 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-12 20:04:43 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-12 20:04:42 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-12 20:04:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-12 20:04:41 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-12 20:04:38 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-12 20:04:37 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-09 23:31:03 -------- d-----w- C:\Users\Marie\AppData\Roaming\Silverback Games

2013-02-09 23:29:20 -------- d-----w- C:\ProgramData\Meridian93

2013-02-09 23:20:42 -------- d-----w- C:\Users\Marie\AppData\Roaming\Meridian93

2013-02-09 19:43:31 -------- d-----w- C:\Users\Marie\AppData\Local\{B790BAB4-098B-4F0C-AB8C-B3DC7624B206}

2013-02-08 23:44:11 -------- d-----w- C:\Program Files (x86)\Coupons

2013-02-08 23:42:10 -------- d-----w- C:\ProgramData\APN

2013-02-07 18:59:14 -------- d-----w- C:\ProgramData\CanonIJPLM

2013-02-07 18:48:11 -------- d-----w- C:\ProgramData\Canon IJ Network Tool

2013-02-07 18:48:04 316416 ----a-w- C:\Windows\SysWow64\CNC_B1L.dll

2013-02-07 18:48:04 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll

2013-02-07 18:48:04 102912 ----a-w- C:\Windows\SysWow64\CNC_B1U.dll

2013-02-07 18:48:01 -------- d--h--w- C:\ProgramData\CanonIJFAX

2013-02-07 18:47:14 -------- d-----w- C:\ProgramData\CanonIJWSpt

2013-02-07 18:47:04 99840 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPB1.DLL

2013-02-07 18:47:04 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDB1.DLL

2013-02-07 18:47:04 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\1_CNMPDB1.DLL

2013-02-07 18:46:42 385024 ----a-w- C:\Windows\System32\CNMLMB1.DLL

2013-02-07 18:46:32 302592 ----a-w- C:\Windows\System32\CNCALB1.DLL

2013-02-07 18:46:27 256000 ----a-w- C:\Windows\System32\CNMIUB1.DLL

2013-02-07 18:46:03 39424 ----a-w- C:\Windows\System32\CNMN6UI.DLL

2013-02-07 18:46:03 -------- d-----w- C:\Windows\System32\STRING

2013-02-07 18:46:02 356864 ----a-w- C:\Windows\System32\CNMN6PPM.DLL

2013-02-07 17:58:35 -------- d--h--w- C:\ProgramData\CanonIJETV

2013-02-07 17:57:56 -------- d-----w- C:\Program Files (x86)\Canon

2013-02-04 18:44:01 -------- d-----w- C:\Users\Marie\AppData\Local\{912042C6-BB79-4923-A1AD-8ED97A129FBC}

2013-02-04 01:09:38 -------- d-----w- C:\Users\Marie\AppData\Local\{49FA017E-2D5E-42F7-A9A8-CC3CBD5DFA53}

.

==================== Find3M ====================

.

2013-02-27 01:23:20 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-27 01:23:20 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-20 20:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-01-20 20:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll

2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll

2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll

2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll

2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll

2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll

2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll

2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll

2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll

2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll

2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

.

============= FINISH: 13:03:12.50 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/16/2010 5:56:24 AM

System Uptime: 3/2/2013 11:35:59 AM (2 hours ago)

.

Motherboard: Gateway | | NV78

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | uPGA-478 | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 301.871 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP693: 2/21/2013 4:29:14 PM - Windows Update

RP694: 2/24/2013 7:46:43 PM - Windows Update

RP695: 2/27/2013 3:00:20 AM - Windows Update

RP696: 3/2/2013 10:20:33 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

ABBYY FineReader 6.0 Sprint

Abyss: The Wraiths of Eden Collector's Edition

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.5

Amazing Adventures Around the World

Amazing Adventures The Caribbean Secret

Amazing Adventures The Lost Tomb

Ancient Jewels v1.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression

ArcSoft MediaImpression for Kodak

ArcSoft Panorama Maker 4

ArcSoft Photo Book Screen Saver

ArcSoft RAW Thumbnail Viewer

ArcSoft Video Downloader

AutoUpdate

Backup Manager Basic

Big Fish Games: Game Manager

Bing Rewards Client Installer

Bonjour

Browntech Image Plugin 2.02

Bubble Match

Canon Easy-PhotoPrint EX

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon MP Navigator EX 5.1

Canon MX430 series MP Drivers

Canon MX430 series User Registration

Cisco Network Magic

Compatibility Pack for the 2007 Office system

Coupon Companion Plugin

Coupon Printer for Windows

Crystal Reports for .NET Framework 2.0 (x86)

CyberLink Power2Go

CyberLink PowerDVD 8

D3DX10

DivX

DivX Player

E.P.I.C.: Wishmaster Adventures

Express Burn Disc Burning Software

Fear For Sale: Mystery of McInroy Manor

Gateway Games

Gateway InfoCentre

Gateway MyBackup

Gateway Power Management

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

GoToAssist Corporate

HDAUDIO Soft Data Fax Modem with SmartCP

Hidden Mysteries®: Vampire Secrets

honestech VHS to DVD 5.0 Deluxe

Identity Card

Indeo® software

Intel® Graphics Media Accelerator Driver

Internet TV for Windows Media Center

iTunes

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

KarmaWell Browser Extension

Launch Manager

Lexmark 5400 Series

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Midnight Mysteries: Haunted Houdini

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network Magic

OpenAL

Perfect Attorney Platinum

PhotoShow 2

Prism Video Converter

Pure Networks Platform

Quicken 2011

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.89

Savings Bond Wizard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SharePort Utility

SmartSound Quicktracks Plugin

Spirits of Mystery: Amber Maiden Collector's Edition

Spybot - Search & Destroy

Synaptics Pointing Device Driver

The Agency of Anomalies: Cinderstone Orphanage Collector's Edition

TWC Customer Controls

Ulead DVD DiskRecorder 2.1.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Upromise TurboSaver (remove only)

USB2.0 VIDBOX NW03

Video Web Camera

Welcome Center

WildTangent Games

WildTangent Games App

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

3/1/2013 4:23:59 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.

.

==== End Of File ===========================

mememy · March 3, 2013

Also wanted to ask you about backing up things. I don't know how to do it and more importantly I"m not sure what things need to be backed up. I know I can copy some of my things like pictures but what about system files and such. Do they need to be done as well?

gringo_pr · March 3, 2013

Hello

I would just back up the things that cannot be replaced - move pic and documents to a pen drive or CD just to be safe

gringo

mememy · March 3, 2013

Ok I just did that. Thanks

gringo_pr · March 3, 2013

Hello mememy

These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.

-AdwCleaner-

Please download

AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller or from here
- Quit all programs that you may have started.
- Please disconnect any USB or external drives from the computer before you run this scan!
- For Vista or Windows 7, right-click and select "Run as Administrator to start"
- For Windows XP, double-click to start.
- Wait until Prescan has finished ...
- Then Click on "Scan" button
- Wait until the Status box shows "Scan Finished"
- click on "delete"
- Wait until the Status box shows "Deleting Finished"
- Click on "Report" and copy/paste the content of the Notepad into your next reply.
- The log should be found in RKreport[1].txt on your Desktop
- Exit/Close RogueKiller+

Gringo

mememy · March 3, 2013

After I used the adwcleaner and it rebooted my computer crashed and said something about a "physical dump". I restarted it and did the adwcleaner again and this time it was ok. here's that log

# AdwCleaner v2.113 - Logfile created 03/02/2013 at 20:35:41

# Updated 23/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Marie - MARIE-PC

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Marie\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Marie\AppData\Local\Temp\Zynga

Folder Deleted : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3xbjv78h.default\jetpack

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\3xbjv78h.default\prefs.js

Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1362274478);

Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);

Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");

Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 32);

Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1362274478");

Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");

Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);

Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "46");

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Sun Mar [...]

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");

Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 4);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 34);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 5);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]

Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 43);

Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");

Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");

Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 46);

Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");

Deleted : user_pref("extensions.crossriderapp21804.bic", "13d00265f70e7ba2e83a3f4e6f109776");

Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);

Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);

Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1362274478);

Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22704575);

Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22704575);

Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");

Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);

Deleted : user_pref("extensions.sahtb.searchEngineNameSAH", "Web Search");

Deleted : user_pref("extensions.sahtb.url.merchants.data", "<?xml version=\"1.0\" ?><MerchantSettings><v n=\"3[...]

Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n <XMLVersion Number=\"{bdd09e8b-8dee[...]

-\\ Google Chrome v [unable to get version]

File : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [41726 octets] - [02/03/2013 20:21:53]

AdwCleaner[s2].txt - [10821 octets] - [02/03/2013 20:35:41]

########## EOF - C:\AdwCleaner[s2].txt - [10882 octets] ##########

working on roguekiller

mememy · March 3, 2013

That went ok. here's the report from roguekiller

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Marie [Admin rights]

Mode : Remove -- Date : 03/02/2013 20:47:48

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤

[TASK][sUSP PATH] Updater21804.exe : C:\Users\Marie\AppData\Local\Updater21804\Updater21804.exe /extensionid=21804 /extensionname="Coupon Companion Plugin" /chromeid=jneaojaoiajhnemidnjhoempalnidbhj [-] -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX ATA Device +++++

--- User ---

[MBR] be2e630248731b778a97b8c689349444

[bSP] d234618778308d02095e6e17be3e00e8 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 464545 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 4c4223b7457bb66ce20cc90da24671c0

[bSP] d234618778308d02095e6e17be3e00e8 : Windows 7/8 MBR Code

Partition table:

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25173855 | Size: 101 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25382700 | Size: 464545 Mo

Finished : << RKreport[2]_D_03022013_02d2047.txt >>

RKreport[1]_S_03022013_02d2046.txt ; RKreport[2]_D_03022013_02d2047.txt

gringo_pr · March 3, 2013

Hello mememy

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

mememy · March 3, 2013

Sorry this has taken so long but not having much luck with the combofix. It keeps crashing in the middle of the scan or twice now it's gone through and restarted but won't generate a report and I don't know where to look for it. Computer still seems to be running kinda "jerky"

mememy · March 3, 2013

I'm going to turn my anti-virus back on and head to bed. Will try again tomorrow. Thanks for the help tonight.

gringo_pr · March 3, 2013

Hello mememy

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Put a checkmark beside loaded modules.
A reboot will be needed to apply the changes. Do it.
TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
Then click on Change parameters in TDSSKiller.
Check all boxes then click OK.
Click the Start Scan button.
The scan should take no longer than 2 minutes.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
If the forum still complains about it being to long send me everything that is at the end of the report after where it says
==================
Scan finished
==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

•Internet access
•Windows Update
•Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo

mememy · March 3, 2013

Good morning. I'm trying to run the combofix again but it seems to get to the point where it says it's preparing the log report and then stops. It's been 15 minutes at the same point now. Is that normal?

mememy · March 3, 2013

I'm on a different computer writing this

mememy · March 3, 2013

Well it finally went beyond that point and is now on just a blank black screen with no curser or anything. Been here for about 8 minutes now.

gringo_pr · March 3, 2013

Hello

I did not ask for combofix to be run again - I gave new instructions - can you please follow what I am doing to make this easier for you and me

Gringo

mememy · March 3, 2013

Sorry, I thought that since it hadn't finished last night I needed to do it. I'll run the TDSSkiller thing now.

mememy · March 3, 2013

Do you have a different link to the TDSSkiller? the one above takes me to a page that's selling "The New Kaspersky software"

gringo_pr · March 3, 2013

try it from here - http://support.kaspersky.com/downloads/utils/tdsskiller.exe

mememy · March 3, 2013

Here are the two logs you asked for. I rescanned and it said no threats were found! You're a lifesaver! Thank you.

I have scanned my other computer with malwarebytes and it found 171 "PUP" files. I got rid of all but 4 of them. Can you help me with that as well or do I need to start a new post?

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_24

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.194000 GHz

Memory total: 4221546496, free: 2878857216

------------ Kernel report ------------

03/03/2013 10:29:36

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\MpFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETw5s64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\k57nd60a.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\SysWOW64\Drivers\DKbFltr.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\drivers\mouclass.sys

\SystemRoot\SysWOW64\drivers\Afc.sys

\??\C:\Windows\system32\drivers\UBHelper.sys

\??\C:\Windows\system32\drivers\NTIDrvr.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\sxuptp.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\CAXHWAZL.sys

\SystemRoot\system32\DRIVERS\CAX_DPV.sys

\SystemRoot\system32\DRIVERS\CAX_CNXT.sys

\SystemRoot\system32\drivers\modem.sys

\SystemRoot\system32\drivers\IntcHdmi.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\HIDCLASS.SYS

\SystemRoot\system32\drivers\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\pnarp.sys

\SystemRoot\system32\DRIVERS\purendis.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\mdmxsdk.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\XAudio64.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\wininet.dll

\Windows\System32\imagehlp.dll

\Windows\System32\imm32.dll

\Windows\System32\ole32.dll

\Windows\System32\gdi32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\lpk.dll

\Windows\System32\psapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\oleaut32.dll

\Windows\System32\normaliz.dll

\Windows\System32\msctf.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\shlwapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\iertutil.dll

\Windows\System32\difxapi.dll

\Windows\System32\sechost.dll

\Windows\System32\usp10.dll

\Windows\System32\Wldap32.dll

\Windows\System32\nsi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\shell32.dll

\Windows\System32\user32.dll

\Windows\System32\setupapi.dll

\Windows\System32\ws2_32.dll

\Windows\System32\advapi32.dll

\Windows\System32\kernel32.dll

\Windows\System32\comctl32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004c29060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa8004755680

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

Downloaded database version: v2013.03.03.06

Initializing...

Done!

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004c29060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004c29ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004c29060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80047181e0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8004755680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0xfffff8a002611a60, 0xfffffa8004c29060, 0xfffffa8003e8d790

Lower DeviceData: 0xfffff8a003310f20, 0xfffffa8004755680, 0xfffffa800743a5e0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 91D34DCF

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 25173792

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 25173855 Numsec = 208845

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 25382700 Numsec = 951388420

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...

Done!

Performing system, memory and registry scan...

Done!

Scan finished

=======================================

09:45:49.0773 6608 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

09:45:50.0369 6608 ============================================================

09:45:50.0369 6608 Current date / time: 2013/03/03 09:45:50.0369

09:45:50.0369 6608 SystemInfo:

09:45:50.0369 6608

09:45:50.0369 6608 OS Version: 6.1.7601 ServicePack: 1.0

09:45:50.0369 6608 Product type: Workstation

09:45:50.0369 6608 ComputerName: MARIE-PC

09:45:50.0379 6608 UserName: Marie

09:45:50.0379 6608 Windows directory: C:\Windows

09:45:50.0379 6608 System windows directory: C:\Windows

09:45:50.0379 6608 Running under WOW64

09:45:50.0379 6608 Processor architecture: Intel x64

09:45:50.0379 6608 Number of processors: 2

09:45:50.0379 6608 Page size: 0x1000

09:45:50.0379 6608 Boot type: Normal boot

09:45:50.0379 6608 ============================================================

09:45:52.0382 6608 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:45:52.0392 6608 ============================================================

09:45:52.0392 6608 \Device\Harddisk0\DR0:

09:45:52.0392 6608 MBR partitions:

09:45:52.0392 6608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD

09:45:52.0392 6608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904

09:45:52.0392 6608 ============================================================

09:45:52.0452 6608 C: <-> \Device\Harddisk0\DR0\Partition2

09:45:52.0452 6608 ============================================================

09:45:52.0452 6608 Initialize success

09:45:52.0452 6608 ============================================================

09:46:21.0495 1620 Deinitialize success

mememy · March 3, 2013

Is it ok to re-enable what it was that Defogger disabled?

gringo_pr · March 3, 2013

Hello mememy

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo

mememy · March 3, 2013

How long should it take to do the combofix in safe mode? It's been at the same point for almost an hour now. Says it's preparing log report and not to run any programs till it's finished. I"m pretty sure it's stuck since the light on the hard drive isn't doing anything

gringo_pr · March 3, 2013

give it a few more minutes

gringo

Need help removing "Trojan.agent" virus

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information