IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

[Valeras]

The irql error is caused by a virus. I managed to run anti malware and superanti spyware. HijackTHis Cannot Work ON Safe Mode And I will try to get the logs. The only accesible way of using the computer is by safe mode.

MBRAM - I installed it yesterday before i follwoed the post


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6136

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

3/22/2011 5:44:40 PM
mbam-log-2011-03-22 (17-44-40).txt

Scan type: Quick scan
Objects scanned: 175240
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 135
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 77

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Users\Romaine\AppData\Local\Temp\FC64.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Romaine\downloads\iwonglobalsetup2.3.76.6.sa.hp.zvfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Romaine\downloads\pcspy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\Google\Update\googleupdatebeta.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.



Today



Database version: 6146

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

3/23/2011 9:14:07 PM
mbam-log-2011-03-23 (21-14-07).txt

Scan type: Quick scan
Objects scanned: 169983
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Anti-Spyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2011 at 08:50 PM

Application Version : 4.50.1002

Core Rules Database Version : 6665
Trace Rules Database Version: 4477

Scan type       : Complete Scan
Total Scan Time : 01:15:12

Memory items scanned      : 390
Memory threats detected   : 0
Registry items scanned    : 15715
Registry threats detected : 141
File items scanned        : 61489
File threats detected     : 1139

Adware.Tracking Cookie
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@fastclick[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@doubleclick[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@atdmt[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@apmebf[2].txt
   .eaeacom.112.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .harrenmedianetwork.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads7.hermoment.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kantarmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   user.lucidmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .premiumtv.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .dmtracker.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ice.112.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   in.getclicky.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .debenhams.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .movitex.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   tracking.dc-storm.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   s07.flagcounter.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ie-stat.bmmetrix.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ext-us.bestofmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xiti.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trinitymirror.112.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tracking.foxnews.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tracking.foxnews.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads-vrx.adbrite.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.technologyquestions.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.technologyquestions.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technologyquestions.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   givemefootball.advertserve.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bwincom.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserver.itsfogo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .stats.betradar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .stats.betradar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adviva.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   audit.median.hu [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   s04.flagcounter.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   wstat.wibiya.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counter.hitslink.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .men.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   passport.menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interchangecorporation.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media.adfrontiers.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trvlnet.adbureau.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.fed.adecn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.fed.adecn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counters.gigya.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.revenuemantra.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.revenuemantra.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ibnlive.football.widgets.stats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ibnlive.football.widgets.stats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .game-advertising-online.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   tracking.dc-storm.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adviva.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trekmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xm.xtendmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solvemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solvemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .phazeporn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .phazeporn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ie-stat.bmmetrix.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.nijobfinder.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtech.de [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solution.weborama.fr [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   emediate.apmmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   emediate.apmmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   emediate.apmmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .richmedia.yahoo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kantarmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.zanox.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .365stats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ehg-twi.hitbox.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fancastmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   media.fancastmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserver.flyawaysimulation.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adecn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   dc.tremormedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .s.clickability.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .s.clickability.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .myroitracking.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .qnsr.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.qsstats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.qsstats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ehg-twi.hitbox.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ar.atwola.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.footballmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.footballmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.footballmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.audience2media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.audience2media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .footballstats.telegraph.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .footballstats.telegraph.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .etargetnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .etargetnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   static.freewebs.getclicky.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .click-manchester.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .click-manchester.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adverticum.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adverticum.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\

[michelsmith]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. First warning!

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************
What happens when you try to boot in Normal Mode?

[Valeras]

When I Boot normally, windows explorer loads, as well as other programs but 2 mins later, i get the irql error. When I enable boot logging, windows loads slow as on normal boot but it lasts longer before the BSOD occurs, like abut 5-20 mins, but not as effective as safe mode. In boot logging, you have to wait 3-4 mins to click and use one process to prevent the BSOD from occuring. It was caused by a virus.

[Valeras]

Hijack This Scans


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:22:19 PM, on 3/24/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Romaine\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Romaine\Documents\XferToWindows\lINUX\utorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files (x86)\FrostWire\FrostWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Battery Optimizer - Unknown owner - C:\Program Files\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15869 bytes

[SuperDave]

This sort of problem usually occurs from a hardware problem or overheating. You can check the temp with Speedfan. It could also be caused by bad RAM. Have you recently installed any new hardware just prior to this problem?

[Valeras]

No I have not install any drivers. I opened a virus file and this happened. No bad RAM or overheating.

[SuperDave]

I opened a virus file and this happened

How do you know it was a virus file? Could you give me the name of the file?

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

[Valeras]

The retaogo cd loads but i got a BSOD saying to chkdsk /r. I am using Windows 7 Home Premium x64

[Valeras]

Any quick solutions to it, A Bad .exe file caused the problem.

[Valeras]

Virusese Such As W32/Adware.AFPY, Adware.Win32.MyWebSearchToolbar!A2,AdTool/Win32.MyWebSearch.gen. Are Infecting My Computer. This Issues Can Lead To Permamnet System Damage. Help FAst.


Windows 7 Home Premium x64
HP Pavilion dv7-4065dx
4GB RAM DDR3
500 GB

[SuperDave]

1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.

[Valeras]

It still does not work

[Valeras]

any more solutions?

[Allan]

Okay, you need to stop bumping the thread and sending PM's asking for attention. Dave knows you are there. He is a volunteer here and has a life outside of the forum. And he's very busy here on the forum. Please just wait your turn - he'll get around to you.