IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

[Valeras]

The irql error is caused by a virus. I managed to run anti malware and superanti spyware. HijackTHis Cannot Work ON Safe Mode And I will try to get the logs. The only accesible way of using the computer is by safe mode.

MBRAM - I installed it yesterday before i follwoed the post


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6136

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

3/22/2011 5:44:40 PM
mbam-log-2011-03-22 (17-44-40).txt

Scan type: Quick scan
Objects scanned: 175240
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 135
Registry Values Infected: 11
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 77

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\program files (x86)\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Users\Romaine\AppData\Local\Temp\FC64.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Romaine\downloads\iwonglobalsetup2.3.76.6.sa.hp.zvfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Romaine\downloads\pcspy.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\Google\Update\googleupdatebeta.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.



Today



Database version: 6146

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

3/23/2011 9:14:07 PM
mbam-log-2011-03-23 (21-14-07).txt

Scan type: Quick scan
Objects scanned: 169983
Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Anti-Spyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/23/2011 at 08:50 PM

Application Version : 4.50.1002

Core Rules Database Version : 6665
Trace Rules Database Version: 4477

Scan type       : Complete Scan
Total Scan Time : 01:15:12

Memory items scanned      : 390
Memory threats detected   : 0
Registry items scanned    : 15715
Registry threats detected : 141
File items scanned        : 61489
File threats detected     : 1139

Adware.Tracking Cookie
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@fastclick[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@doubleclick[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@atdmt[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@apmebf[2].txt
   .eaeacom.112.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .harrenmedianetwork.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lfstmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads7.hermoment.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kantarmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediaplex.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pointroll.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   user.lucidmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adtech.de [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .premiumtv.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .apmebf.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads.pointroll.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .dmtracker.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ice.112.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   in.getclicky.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .debenhams.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .movitex.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   tracking.dc-storm.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   s07.flagcounter.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ie-stat.bmmetrix.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ext-us.bestofmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xiti.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trinitymirror.112.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tracking.foxnews.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tracking.foxnews.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .pro-market.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ads-vrx.adbrite.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adxpose.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .nextag.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.technologyquestions.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.technologyquestions.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technologyquestions.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   givemefootball.advertserve.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bwincom.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserver.itsfogo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .stats.betradar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .stats.betradar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .lucidmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adviva.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   audit.median.hu [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   s04.flagcounter.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   *Blocked Russian URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   wstat.wibiya.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counter.hitslink.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .men.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   passport.menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interchangecorporation.122.2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .questionland.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media.adfrontiers.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trvlnet.adbureau.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adbrite.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .realmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.fed.adecn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ad.fed.adecn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   counters.gigya.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .overture.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.revenuemantra.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.revenuemantra.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ibnlive.football.widgets.stats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ibnlive.football.widgets.stats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .game-advertising-online.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   tracking.dc-storm.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adviva.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trekmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xm.xtendmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solvemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solvemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fr.sitestat.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .phazeporn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .phazeporn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .legolas-media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ie-stat.bmmetrix.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.nijobfinder.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtech.de [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .bs.serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .247realmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .solution.weborama.fr [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   emediate.apmmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   emediate.apmmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   emediate.apmmedia.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .*adult URL* [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .richmedia.yahoo.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ru4.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kantarmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.zanox.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .365stats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.onlycountrymusiclyrics.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ehg-twi.hitbox.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fancastmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   media.fancastmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   adserver.flyawaysimulation.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adecn.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .2o7.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   dc.tremormedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tradedoubler.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .s.clickability.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .s.clickability.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .myroitracking.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .clicksor.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .qnsr.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.qsstats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.qsstats.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .specificclick.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .liveperson.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .trafficmp.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .insightexpressai.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ehg-twi.hitbox.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mediafire.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ar.atwola.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .server.cpmstar.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .friendfinder.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.footballmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.footballmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.footballmedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.audience2media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ads.audience2media.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .media6degrees.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .footballstats.telegraph.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .footballstats.telegraph.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .etargetnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .etargetnet.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .statcounter.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   static.freewebs.getclicky.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .serving-sys.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .click-manchester.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .a1.interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .click-manchester.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adverticum.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adverticum.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Romaine\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   menmedia.co.uk [ C:\Users\Romaine\AppData\Local\Google\Chrome\

[michelsmith]

Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. First warning!

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
****************************************************
What happens when you try to boot in Normal Mode?

[Valeras]

When I Boot normally, windows explorer loads, as well as other programs but 2 mins later, i get the irql error. When I enable boot logging, windows loads slow as on normal boot but it lasts longer before the BSOD occurs, like abut 5-20 mins, but not as effective as safe mode. In boot logging, you have to wait 3-4 mins to click and use one process to prevent the BSOD from occuring. It was caused by a virus.

[Valeras]

Hijack This Scans


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:22:19 PM, on 3/24/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Romaine\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O2 - BHO: HP SimplePass Identity Protection Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\npwinext.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Romaine\Documents\XferToWindows\lINUX\utorrent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Startup: FrostWire On Startup.lnk = C:\Program Files (x86)\FrostWire\FrostWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Battery Optimizer - Unknown owner - C:\Program Files\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15869 bytes

[SuperDave]

This sort of problem usually occurs from a hardware problem or overheating. You can check the temp with Speedfan. It could also be caused by bad RAM. Have you recently installed any new hardware just prior to this problem?

[Valeras]

No I have not install any drivers. I opened a virus file and this happened. No bad RAM or overheating.

[SuperDave]

I opened a virus file and this happened

How do you know it was a virus file? Could you give me the name of the file?

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using an ISO Burner. One can be found here.
  
• Reboot your system using the boot CD you just created.
• Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

[Valeras]

The retaogo cd loads but i got a BSOD saying to chkdsk /r. I am using Windows 7 Home Premium x64

[Valeras]

Any quick solutions to it, A Bad .exe file caused the problem.

[Valeras]

Virusese Such As W32/Adware.AFPY, Adware.Win32.MyWebSearchToolbar!A2,AdTool/Win32.MyWebSearch.gen. Are Infecting My Computer. This Issues Can Lead To Permamnet System Damage. Help FAst.


Windows 7 Home Premium x64
HP Pavilion dv7-4065dx
4GB RAM DDR3
500 GB

[SuperDave]

1. Click Start, click Run, type chkdsk /f /r, and then click OK.
2. At the command prompt, type Y to let the disk scanner run when you restart the computer.
3. Restart the computer.
4. Chkdsk will run.

[Valeras]

It still does not work

[Valeras]

any more solutions?

[Allan]

Okay, you need to stop bumping the thread and sending PM's asking for attention. Dave knows you are there. He is a volunteer here and has a life outside of the forum. And he's very busy here on the forum. Please just wait your turn - he'll get around to you.

[SuperDave]

Run hard drive diagnostics: tacktech.com
Make sure, you select tool, which is appropriate for the brand of your hard drive.
Depending on the program, it'll create bootable floppy, or bootable CD.
If downloaded file is of .iso type, use ImgBurn: imgburn to burn .iso file to a CD (select "Write image file to disc" option), and make the CD bootable.
For Toshiba hard drives, see here:

Note : If you do not know how to set your computer to boot from CD follow the steps here

[Valeras]

The hard drive test run and no errors

[SuperDave]

Please try the chkdsk as described in Reply # 11

[Valeras]

tired that, didnt work

[SuperDave]

Could you please try the OTLPE recovery disk again?

[Valeras]

the OTLPE cannot work because im using windows 7

[SuperDave]

the OTLPE cannot work because im using windows 7

Is that the message that you get when you try to run it?

[Valeras]

no, just a simple bsod

[SuperDave]

That's the BSOD stating to run chkdsk?
Is there any change to your computer? You still cannot boot in Normal Mode?

[Valeras]

Ok, i founded out that the virus .exe file is from keygenguru. I got the copy from a person but did not request a key. This is the site
hxxp://keygenguru.com/serial/adobe_photoshop_cs5_extented_12_0.html
"Download keygen" is what put me here.
I extracted it and this is why im here.
I am willing to uninstall anything.

[Valeras]

Finally Fixed: This issue lingered for 1 week, 5 days or 12 days. I would like to thank computerhope for their determination for fixing this. It started from this post http://www.computerhope.com/forum/index.php/topic,117400.0.html And The Solution
http://support.kaspersky.com/viruses/solutions?qid=208280684&AID=10273799&PID=3865134&SID=42uxrghxi0
to
this post. The persons who helped me kudos to you: skillz853, a guy on irc, SuperDave, Allan, lostcoast and others who helped me. I will ask more questions here and will be hearing more from me. The computer is running a bit slow but it can be fixed.

THANKS FOR YOUR HELP GUYS. 

SuperDave and Allan were the only persons in malware and they did tremendously.

Again Thanks and Solved.

[SuperDave]

It would be wise to continue with the cleaning because I doubt that your computer is clean. You should start by running MBAM and SAS and posting the logs

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
***************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[Valeras]

thanks for the tip, i just got a bsod when loading too many pages. i will post logs soon

[Valeras]

sorry for not posting, i will do the test today

[Valeras]

sorry for the long delay, on super anti spyware, when scanning windows folder, a bsod appears,

PAGE_FAULT_IN_NONPAGED_AREA

with the error file

autegif.sys

[SuperDave]

We Need to Diagnose Your BlueScreen
1.When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
2.Select "Disable Automatic Restart on System Failure", as shown here:

 
3.When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

[Valeras]

Sorry for the delay, i was extra busy in real life

Ok, the file that causes the problem is

autelgif.sys

And The BSOD Error Is

PAGE_FAULT_IN_NONPAGED_AREA

Technical Information:

*** STOP: 0x00000050 (0xFFFFF8A014410000,0x0000000000000000,0xFFFFF8800165FA38,0x0000000000000000)

***autelgif.sys - Address FFFFF8800165FA38 base at FFFFF8800165C000, DateStamp 48d8138b.


This Happens when i run the superanti spyware and im checking the windows folder for spyware

[SuperDave]

Please uninstall SuperantiSpyware and see if you still get that BSOD

[Valeras]

i uninstalled it but when i was doing checks for spyware, thats when i get the bsod

[SuperDave]

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

[Valeras]

Dump File         : 090911-34913-01.dmp
Crash Time        : 9/9/2011 4:06:14 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a0`1441d000
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`0165fa38
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+7cc40
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\090911-34913-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274,576
==================================================

==================================================
Dump File         : 041611-22292-01.dmp
Crash Time        : 4/16/2011 6:46:03 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a0`10728000
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`01822a38
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\041611-22292-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 274,576
==================================================

==================================================
Dump File         : 041311-38157-01.dmp
Crash Time        : 4/13/2011 9:01:00 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a0`02bce000
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`018aea38
Parameter 4       : 00000000`00000000
Caused By Driver  : AVGIDSFilter.Sys
Caused By Address : AVGIDSFilter.Sys+4050
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\041311-38157-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 274,576
==================================================

==================================================
Dump File         : 040211-52151-01.dmp
Crash Time        : 4/2/2011 12:41:46 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a0`183a7000
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`018d9a38
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\040211-52151-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 274,576
==================================================

==================================================
Dump File         : 040211-39655-01.dmp
Crash Time        : 4/2/2011 1:20:52 AM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a0`0d7b1000
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`00de0a38
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\040211-39655-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 274,576
==================================================

==================================================
Dump File         : 033111-27502-01.dmp
Crash Time        : 3/31/2011 5:45:39 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`0209c2b3
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\033111-27502-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 270,224
==================================================

==================================================
Dump File         : 033111-23540-01.dmp
Crash Time        : 3/31/2011 4:28:58 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`0204cd19
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\033111-23540-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 270,168
==================================================

==================================================
Dump File         : 033111-24398-01.dmp
Crash Time        : 3/31/2011 4:27:31 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000001
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`020982b3
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\033111-24398-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 270,224
==================================================

==================================================
Dump File         : 033011-39842-01.dmp
Crash Time        : 3/30/2011 9:50:16 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000008
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`020a8d19
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\033011-39842-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 270,168
==================================================

==================================================
Dump File         : 033011-24445-01.dmp
Crash Time        : 3/30/2011 9:39:26 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000040
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`020c8cd8
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\033011-24445-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 270,224
==================================================

==================================================
Dump File         : 033011-27378-01.dmp
Crash Time        : 3/30/2011 9:35:07 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`00000000
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000000
Parameter 4       : fffff800`0209c2b3
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\033011-27378-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 270,168
==================================================

==================================================
Dump File         : 033011-23337-01.dmp
Crash Time        : 3/30/2011 9:30:36 PM
Bug Check String  : NTFS_FILE_SYSTEM
Bug Check Code    : 0x00000024
Parameter 1       : 00000000`001904fb
Parameter 2       : fffff880`039d43d8
Parameter 3       : fffff880`039d3c40
Parameter 4       : fffff880`012ee914
Caused By Driver  : Ntfs.sys
Caused By Address : Ntfs.sys+b1914
File Description  :
Product Name      :
Company           :
File Version      :
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\033011-23337-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 274,464
==================================================


Done!

[SuperDave]

You only had one BSOD in the last five months but almost all the BSOD's that you've had have been caused by ntoskrnl.exe

Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)



. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.



9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.



11. Restart your computer.

[Valeras]

I have done the chkdsk

would this make my computer faster?

[SuperDave]

I have done the chkdsk

would this make my computer faster?

I will certainly help but it should fix the BSOD problem. How are things now with the computer?

[Valeras]

I will certainly help but it should fix the BSOD problem. How are things now with the computer?

its a bit smoother, i dont know if virus is gone or not

[SuperDave]

its a bit smoother, i dont know if virus is gone or not

I would like to see the logs from MBAM and DDS as outlined in Reply # 26.

[Valeras]

i dried malbytes anti malware

no bsod

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2011 at 11:29 PM

Application Version : 5.0.1118

Core Rules Database Version : 7693
Trace Rules Database Version: 5505

Scan type       : Custom Scan
Total Scan Time : 00:31:23

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 660
Memory threats detected   : 0
Registry items scanned    : 73759
Registry threats detected : 0
File items scanned        : 34372
File threats detected     : 11

Adware.Tracking Cookie
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@atdmt[1].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@atdmt[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@invitemedia[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@questionmarket[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

Rogue.Agent/Gen-Nullo[DLL]
   C:\WINDOWS\SYSTEM32\RTFELGIF.DLL

Adware.Vundo/Variant-FaceSpy
   C:\WINDOWS\SYSWOW64\CANUDUNI.DLL

Adware.MyWebSearch/FunWebProducts
   C:\WINDOWS\SYSWOW64\F3PSSAVR.SCR

i remove the viruses

[Valeras]

DDS Scan


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_26
Run by Romaine at 23:37:03 on 2011-09-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3835.1139 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Romaine\Downloads\mbam-setup.exe
C:\Users\Romaine\AppData\Local\Temp\is-4B0D0.tmp\mbam-setup.tmp
C:\Users\Romaine\Downloads\mbam-setup.exe
C:\Users\Romaine\AppData\Local\Temp\is-HGU0Q.tmp\mbam-setup.tmp
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [<NO NAME>]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [<NO NAME>]
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476} : DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\1627279637534376 : DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\355707562775966496F54454B414C40275962756C656373702A416D616963616 : DhcpNameServer = 10.0.192.1 65.183.0.78 65.183.0.84
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\4554259303 : DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\4556279303 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\C696E6B6379737F5F475F51353134383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\C696E6B6379737F5F475F583030363 : DhcpNameServer = 192.168.1.2
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64:     HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO-X64:     HP SimplePass Identity Protection Extension - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64:     Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64:     HP Smart BHO Class - No File
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [(Default)]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=10148&l=dis
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcc4c9b&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 autelgif;autelgif;C:\Windows\system32\DRIVERS\autelgif.sys --> C:\Windows\system32\DRIVERS\autelgif.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/12/20 22:58:08];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-12-21 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-24 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 Battery Optimizer;Battery Optimizer;C:\Program Files\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe [2010-12-28 116608]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-6 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-5 327000]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-1 2027840]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 ntkvpnMP;ntkvpnMP;C:\Windows\system32\DRIVERS\ntkvpn.sys --> C:\Windows\system32\DRIVERS\ntkvpn.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-1-29 947528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-3-4 2413704]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 ntkvpn;Loki VPN Service;C:\Windows\system32\DRIVERS\ntkvpn.sys --> C:\Windows\system32\DRIVERS\ntkvpn.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-15 04:31:37   41272   -c--a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-15 04:30:42   25416   -c--a-w-   C:\Windows\System32\drivers\mbam.sys
2011-09-14 22:05:34   --------   dc----w-   C:\Users\Romaine\AppData\Local\{01D85F21-59D8-45CD-A780-C6A31DF51CA7}
2011-09-14 22:04:58   --------   dc----w-   C:\Users\Romaine\AppData\Local\{177E8383-9A14-4521-8ABD-9082D64D64A5}
2011-09-13 20:28:10   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D10A2AD4-AB22-483D-819A-8D3B359C7FC2}
2011-09-13 20:27:57   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C99B3D17-940E-402D-B2F8-9C5BD6DCABE1}
2011-09-12 23:49:30   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E972DF40-3971-42D2-AEEF-5AD00092038E}
2011-09-12 23:49:14   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D758DF7A-2412-4A86-A222-2ABB54A7BE16}
2011-09-12 20:49:18   --------   dc----w-   C:\Users\Romaine\AppData\Local\{40AA3079-9230-4716-BA6E-969BAF4F79AD}
2011-09-12 20:48:57   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C51F1358-9B8C-426E-9FE2-3C5315E53D23}
2011-09-11 21:38:25   --------   dc----w-   C:\Users\Romaine\AppData\Local\{25E32551-ACC1-4360-BD96-D7E71E083AAA}
2011-09-11 21:38:15   --------   dc----w-   C:\Users\Romaine\AppData\Local\{7E11A3FA-5376-48E6-9697-1BF2F2F1C686}
2011-09-11 18:23:49   --------   dc----w-   C:\Users\Romaine\AppData\Local\{ABC8837F-81A6-4125-8462-B2437E77EF5F}
2011-09-11 18:23:34   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C3C5E233-4DD3-4D16-8C7F-68CCB70DB51B}
2011-09-10 13:49:35   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C8D4FBC0-42CD-456F-A082-B526F9EFCC37}
2011-09-10 13:49:10   --------   dc----w-   C:\Users\Romaine\AppData\Local\{FDDBF5ED-269C-40E9-BEBA-2BF6A7FEDDBF}
2011-09-10 01:02:26   --------   dc----w-   C:\Users\Romaine\AppData\Local\{0F48F31E-F33D-4BE1-BB7C-9DEFEFC255B4}
2011-09-10 01:01:19   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B6F60769-1531-48FC-AB96-2485A73F86A5}
2011-09-10 00:49:20   --------   d-sh--w-   C:\found.009
2011-09-09 21:09:30   --------   dc----w-   C:\Users\Romaine\AppData\Local\{78263FD7-2392-44AD-BD2A-C14EFF3E6478}
2011-09-09 21:09:14   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B4F0DF6D-1B27-4CF5-8211-9BCF410A33C1}
2011-09-08 21:56:16   --------   dc----w-   C:\Users\Romaine\AppData\Local\{82051858-BDA4-489C-9311-F6264411A44E}
2011-09-07 20:33:12   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E5893776-8AE9-435B-8325-352A1738FDC2}
2011-09-07 00:52:50   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A4606B3C-6325-468E-BFBB-178CC699DA8A}
2011-09-07 00:51:52   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D80E4B7C-8B0B-4E6F-8079-E095DF660539}
2011-09-05 21:43:21   --------   dc----w-   C:\Users\Romaine\AppData\Local\{8F9361F6-5B4F-474C-BB47-B11453C86942}
2011-09-05 21:15:24   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C85B6C24-089E-417D-91D7-703DAB5E4AE5}
2011-09-05 21:13:50   --------   dc----w-   C:\Users\Romaine\AppData\Local\{05DAB953-5787-41E3-9B85-B0DB7481D562}
2011-09-05 02:51:55   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C1265EED-64E8-4330-91C1-CC4F6B506A49}
2011-09-05 02:50:37   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D7B12D03-FB71-4130-A356-3ED51F1B80A8}
2011-09-04 19:24:05   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A7F8EFED-C694-439F-9A1C-A8AD797B70C2}
2011-09-04 19:23:44   --------   dc----w-   C:\Users\Romaine\AppData\Local\{0F809A99-5729-4D3B-951C-444CA12998F7}
2011-09-04 01:28:22   --------   dc----w-   C:\Users\Romaine\AppData\Local\{734C26E7-C0C8-470F-910D-37086B7858A5}
2011-09-04 01:28:02   --------   dc----w-   C:\Users\Romaine\AppData\Local\{CD76BF09-4200-4D75-A743-D60BD874216E}
2011-09-03 13:44:38   --------   dc----w-   C:\Users\Romaine\AppData\Local\{629573C4-C7B2-411C-90F1-FC4690DB46D0}
2011-09-03 13:44:18   --------   dc----w-   C:\Users\Romaine\AppData\Local\{5774EB90-AA31-4593-B6FF-2F2A8131E6AF}
2011-09-02 14:58:46   --------   dc----w-   C:\Users\Romaine\AppData\Local\{071DFBDE-F436-47E0-B443-DEE8D2DEA682}
2011-09-02 14:58:21   --------   dc----w-   C:\Users\Romaine\AppData\Local\{2FB8C88A-31FB-46F9-93DB-FC200DE4E6B4}
2011-09-02 02:35:12   --------   dc----w-   C:\Users\Romaine\AppData\Local\{50EF83F8-F1D0-48AE-91A5-F04C448EFCEE}
2011-09-02 02:34:46   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A59EBB19-C410-4877-9FD6-326E7DB1B2D6}
2011-09-01 01:30:08   89048   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-09-01 01:30:08   785368   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-09-01 01:30:08   478168   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-01 01:30:08   2106216   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-01 01:30:08   1998168   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-01 01:30:08   1846232   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-09-01 01:30:08   15832   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-01 01:30:08   134104   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-31 14:06:47   --------   dc----w-   C:\Users\Romaine\AppData\Local\{68251E47-8234-4C3B-AA03-18D5994610B7}
2011-08-31 14:06:21   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B13EF862-AA2A-4AC5-9475-F41F30E01C32}
2011-08-30 15:03:23   --------   dc----w-   C:\Users\Romaine\AppData\Local\{2E197DF6-1885-4878-80C5-04AD55A5F733}
2011-08-30 15:02:57   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B4AFEF91-6CC5-4496-9F4A-7E861734E041}
2011-08-29 17:59:54   --------   dc----w-   C:\Users\Romaine\AppData\Local\{1AFF3835-8B22-42BC-83F7-00C50344E723}
2011-08-29 17:59:19   --------   dc----w-   C:\Users\Romaine\AppData\Local\{9E4877D5-41AE-4EAB-AC4F-E9EAC512A6B6}
2011-08-29 14:32:43   --------   dc----w-   C:\Users\Romaine\AppData\Local\{CF7CC89A-B520-4131-A183-B837C09BA4B5}
2011-08-29 14:32:26   --------   dc----w-   C:\Users\Romaine\AppData\Local\{126519B3-E7BB-40F8-8A2A-78D7ADBD5DBB}
2011-08-28 18:51:52   --------   dc----w-   C:\Users\Romaine\AppData\Local\{DBD39310-3410-4038-ABCA-5C3571205F39}
2011-08-28 18:51:29   --------   dc----w-   C:\Users\Romaine\AppData\Local\{433BC36F-4D1B-4D85-9E8B-F13B9E34EBD2}
2011-08-27 14:13:42   --------   dc----w-   C:\Users\Romaine\AppData\Local\{4FC0BEE4-5664-4AD7-A811-76CB7C4C44AE}
2011-08-27 14:13:29   --------   dc----w-   C:\Users\Romaine\AppData\Local\{9DBD391B-EF5C-459A-8D55-F25FC61A81E3}
2011-08-26 21:10:03   --------   dc----w-   C:\Users\Romaine\AppData\Roaming\GameRanger
2011-08-26 13:05:31   --------   dc----w-   C:\Users\Romaine\AppData\Local\{58165237-F7C8-4826-85F4-8F54F27074F6}
2011-08-26 13:05:04   --------   dc----w-   C:\Users\Romaine\AppData\Local\{4C917ADF-327C-4FD9-8E93-59166D3824A4}
2011-08-25 20:02:52   --------   dc----w-   C:\Program Files (x86)\Samsung
2011-08-25 13:05:37   --------   dc----w-   C:\Users\Romaine\AppData\Local\{537B36DD-EC8E-44D4-A8BA-7D77942146B0}
2011-08-25 01:16:19   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-08-25 01:16:19   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-08-25 01:03:14   --------   dc----w-   C:\Users\Romaine\AppData\Local\{9CC3CEA2-6B4F-4BB7-BDE3-7F6B70726A12}
2011-08-22 23:13:31   --------   dc----w-   C:\Program Files (x86)\Rosetta Stone
2011-08-22 23:12:58   --------   dc----w-   C:\ProgramData\RosettaStoneLtdBackup
2011-08-22 22:37:52   --------   dc----w-   C:\ProgramData\Rosetta Stone
2011-08-22 22:35:28   --------   dc----w-   C:\Program Files (x86)\Common Files\Macrovision Shared
2011-08-22 16:01:10   --------   dc----w-   C:\Users\Romaine\AppData\Local\{595C5C2E-54EC-46F7-ACAF-06555C1BB3CE}
2011-08-22 15:09:24   4283672   -c--a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-22 15:08:36   42776   -c--a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-22 13:56:35   --------   dc----w-   C:\Users\Romaine\AppData\Local\{5792F6AC-F845-42EE-9EFF-1D10794DB077}
2011-08-21 16:28:13   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E6D5ABB8-A972-4499-AE90-D29AC2DE656E}
2011-08-21 16:27:33   --------   dc----w-   C:\Users\Romaine\AppData\Local\{3AADDCAB-EFC7-4D5C-BDED-607746C4224B}
2011-08-21 05:28:39   --------   dc----w-   C:\Users\Romaine\AppData\Local\{932EAC0C-BBB5-4B56-B868-95B59BA9C592}
2011-08-21 05:26:17   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A50913C1-0A09-4819-8F4C-D174F49739C2}
2011-08-21 01:31:09   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E068225A-F682-440B-A4F7-4436F8FC6CA2}
.
==================== Find3M  ====================
.
2011-09-03 13:51:16   404640   -c--a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 11:29:50   34624   -c--a-w-   C:\Windows\System32\TURegOpt.exe
2011-09-01 11:19:22   25920   -c--a-w-   C:\Windows\System32\authuitu.dll
2011-09-01 11:19:18   21312   -c--a-w-   C:\Windows\SysWow64\authuitu.dll
2011-09-01 11:19:10   36160   -c--a-w-   C:\Windows\System32\uxtuneup.dll
2011-09-01 11:18:56   29504   -c--a-w-   C:\Windows\SysWow64\uxtuneup.dll
2011-08-13 13:58:49   86016   ----a-w-   C:\Windows\SysWow64\odbccu32.dll
2011-08-13 13:58:49   81920   ----a-w-   C:\Windows\SysWow64\odbccr32.dll
2011-08-13 13:58:49   319488   ----a-w-   C:\Windows\SysWow64\odbcjt32.dll
2011-08-13 13:58:49   212992   ----a-w-   C:\Windows\System32\odbctrac.dll
2011-08-13 13:58:49   163840   ----a-w-   C:\Windows\SysWow64\odbctrac.dll
2011-08-13 13:58:49   163840   ----a-w-   C:\Windows\System32\odbccp32.dll
2011-08-13 13:58:49   122880   ----a-w-   C:\Windows\SysWow64\odbccp32.dll
2011-08-13 13:58:49   106496   ----a-w-   C:\Windows\System32\odbccu32.dll
2011-08-13 13:58:49   106496   ----a-w-   C:\Windows\System32\odbccr32.dll
2011-08-13 13:32:13   5561216   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-08-13 13:32:13   3967872   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-13 13:32:13   3912576   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-08-11 01:41:41   288768   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-11 01:35:27   1923968   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-08-11 01:28:03   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-08-11 01:28:03   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-08-11 01:28:03   2303488   ----a-w-   C:\Windows\System32\jscript9.dll
2011-08-11 01:28:03   1797632   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-08-11 01:28:03   1389056   ----a-w-   C:\Windows\System32\wininet.dll
2011-08-11 01:28:03   1126912   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-07-13 08:01:52   3137536   ----a-w-   C:\Windows\System32\win32k.sys
2011-07-12 01:58:59   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2011-07-12 01:57:59   72192   ----a-w-   C:\Windows\System32\napdsnap.dll
2011-07-12 01:56:59   85504   ----a-w-   C:\Windows\SysWow64\secproc_ssp.dll
2011-07-12 01:55:59   665600   ----a-w-   C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
.
============= FINISH: 23:40:11.07 ===============


how do i attach the zip file?

[Valeras]

The Malware post is coming tommorow, i dont have much time today

[SuperDave]

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

mRun: [<NO NAME>]
dRunOnce: [<NO NAME>]
BHO-X64:     HP Print Enhancer - No File
BHO-X64:     AcroIEHelperStub - No File
BHO-X64:     HP SimplePass Identity Protection Extension - No File
BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64:     Ask Toolbar BHO - No File
BHO-X64:     HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

:Files

C:\found.009

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*************************************************************

how do i attach the zip file?

Copy and paste.

******************************************************
Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Valeras]

Logs From OTL


========== OTL ==========
========== FILES ==========
File\Folder C:\found.009 not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.28.0 log created on 09152011_172403


Combofix was detected as a malware.

[Valeras]

1) I got a bosd while running scans using malware anti malbytes

==================================================
Dump File         : 091511-45645-01.dmp
Crash Time        : 9/15/2011 6:44:21 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a0`067b0000
Parameter 2       : 00000000`00000000
Parameter 3       : fffff880`0165fa38
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor         : x64
Crash Address     : ntoskrnl.exe+7cc40
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\Windows\Minidump\091511-45645-01.dmp
Processors Count  : 3
Major Version     : 15
Minor Version     : 7601
Dump File Size    : 274,576
==================================================


2) The Attachment of the DDS test is here




[regaining space - attachment deleted by admin]

[SuperDave]

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See Here for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

•AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*****************************************************
I see you are running Poker Stars. Poker Stars has a history of distributing spyware in their products. However, security experts still question this program as good or bad. I recommend to remove it to prevent spyware, but it is up to you to decide if you want to keep it.

If you would like to uninstall it, do so as follows:

Press Start, and navigate to the Control Panel. When in the control panel enter Add or Remove programs. Search for and locate PokerStars, and either click Change/Remove or Remove.
******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*****************************************************
P2P - I see you have P2P software installed on your machine. (µTorrent, Ares 2.1.5, FrostWire 4.21.6 and FrostWire 5.0. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***************************************************

Combofix was detected as a malware.

You need to turn off your protection. Please try it again.

I got a bosd while running scans using malware anti malbytes

Re-boot in Safe Mode and try running MBAM.

[Valeras]

sorry for the delay again, im running the tests atm