Author Topic: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe (Read 38765 times)

SuperDave · « **Reply #30 on:** April 19, 2011, 04:28:19 PM »

We Need to Diagnose Your BlueScreen
1.When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
2.Select "Disable Automatic Restart on System Failure", as shown here:

3.When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

Valeras · « **Reply #31 on:** September 09, 2011, 07:09:13 PM »

Sorry for the delay, i was extra busy in real life

Ok, the file that causes the problem is

autelgif.sys

And The BSOD Error Is

PAGE_FAULT_IN_NONPAGED_AREA

Technical Information:

*** STOP: 0x00000050 (0xFFFFF8A014410000,0x0000000000000000,0xFFFFF8800165FA38,0x0000000000000000)

***autelgif.sys - Address FFFFF8800165FA38 base at FFFFF8800165C000, DateStamp 48d8138b.

This Happens when i run the superanti spyware and im checking the windows folder for spyware

SuperDave · « **Reply #32 on:** September 09, 2011, 07:38:13 PM »

Please uninstall SuperantiSpyware and see if you still get that BSOD

Valeras · « **Reply #33 on:** September 10, 2011, 05:04:28 PM »

i uninstalled it but when i was doing checks for spyware, thats when i get the bsod

SuperDave · « **Reply #34 on:** September 11, 2011, 11:16:43 AM »

Download BlueScreenView to your desktop.
BlueScreenView
unzip downloaded file and double click on BlueScreenView.exe to run the program.
when scanning is done, go to EDIT - Select All
Go to FILE - SAVE Selected Items, and save the report as BSOD.txt
Open BSOD.txt in Notepad, copy all of the content, and paste it into your next reply

Valeras · « **Reply #35 on:** September 11, 2011, 12:30:56 PM »

Dump File : 090911-34913-01.dmp
Crash Time : 9/9/2011 4:06:14 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a0`1441d000
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`0165fa38
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7cc40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+7cc40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\090911-34913-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7601
Dump File Size : 274,576
==================================================

==================================================
Dump File : 041611-22292-01.dmp
Crash Time : 4/16/2011 6:46:03 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a0`10728000
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`01822a38
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\041611-22292-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,576
==================================================

==================================================
Dump File : 041311-38157-01.dmp
Crash Time : 4/13/2011 9:01:00 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a0`02bce000
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`018aea38
Parameter 4 : 00000000`00000000
Caused By Driver : AVGIDSFilter.Sys
Caused By Address : AVGIDSFilter.Sys+4050
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\041311-38157-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,576
==================================================

==================================================
Dump File : 040211-52151-01.dmp
Crash Time : 4/2/2011 12:41:46 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a0`183a7000
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`018d9a38
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\040211-52151-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,576
==================================================

==================================================
Dump File : 040211-39655-01.dmp
Crash Time : 4/2/2011 1:20:52 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a0`0d7b1000
Parameter 2 : 00000000`00000000
Parameter 3 : fffff880`00de0a38
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\040211-39655-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,576
==================================================

==================================================
Dump File : 033111-27502-01.dmp
Crash Time : 3/31/2011 5:45:39 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`0209c2b3
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033111-27502-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 270,224
==================================================

==================================================
Dump File : 033111-23540-01.dmp
Crash Time : 3/31/2011 4:28:58 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`0204cd19
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033111-23540-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 270,168
==================================================

==================================================
Dump File : 033111-24398-01.dmp
Crash Time : 3/31/2011 4:27:31 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000001
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`020982b3
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033111-24398-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 270,224
==================================================

==================================================
Dump File : 033011-39842-01.dmp
Crash Time : 3/30/2011 9:50:16 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000008
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`020a8d19
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033011-39842-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 270,168
==================================================

==================================================
Dump File : 033011-24445-01.dmp
Crash Time : 3/30/2011 9:39:26 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000040
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`020c8cd8
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033011-24445-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 270,224
==================================================

==================================================
Dump File : 033011-27378-01.dmp
Crash Time : 3/30/2011 9:35:07 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffff800`0209c2b3
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.17640 (win7sp1_gdr.110622-1506)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033011-27378-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 270,168
==================================================

==================================================
Dump File : 033011-23337-01.dmp
Crash Time : 3/30/2011 9:30:36 PM
Bug Check String : NTFS_FILE_SYSTEM
Bug Check Code : 0x00000024
Parameter 1 : 00000000`001904fb
Parameter 2 : fffff880`039d43d8
Parameter 3 : fffff880`039d3c40
Parameter 4 : fffff880`012ee914
Caused By Driver : Ntfs.sys
Caused By Address : Ntfs.sys+b1914
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\033011-23337-01.dmp
Processors Count : 3
Major Version : 15
Minor Version : 7600
Dump File Size : 274,464
==================================================

Done!

SuperDave · « **Reply #36 on:** September 12, 2011, 04:41:02 PM »

You only had one BSOD in the last five months but almost all the BSOD's that you've had have been caused by ntoskrnl.exe

Open the Start Menu.

2. Click on the Computer button.

3. Right click on your hard drive and click on Properties.

4. Click on the Tools tab.

5. Click on Check Now under the Error checking section. (See circled in red below)

. Click on Continue in the UAC prompt.

7. Make sure both options are checked. (See screenshot below)
NOTE: The Automatically fix file system errors box will be checked by default.

8. Click on the Start button.

9. You will get a pop-up window saying, "Windows can't check this disk while it's use". (See screenshot below)

10. Click on the Schedule disk check button for chkdsk to run the next time you restart your computer.

11. Restart your computer.

Valeras · « **Reply #37 on:** September 12, 2011, 09:59:20 PM »

I have done the chkdsk

would this make my computer faster?

SuperDave · « **Reply #38 on:** September 13, 2011, 06:25:36 PM »

Quote from: Valeras on September 12, 2011, 09:59:20 PM

I have done the chkdsk

would this make my computer faster?

I will certainly help but it should fix the BSOD problem. How are things now with the computer?

Valeras · « **Reply #39 on:** September 13, 2011, 08:09:39 PM »

Quote from: SuperDave on September 13, 2011, 06:25:36 PM

I will certainly help but it should fix the BSOD problem. How are things now with the computer?

its a bit smoother, i dont know if virus is gone or not

SuperDave · « **Reply #40 on:** September 14, 2011, 05:17:54 PM »

Quote

its a bit smoother, i dont know if virus is gone or not

I would like to see the logs from MBAM and DDS as outlined in Reply # 26.

Valeras · « **Reply #41 on:** September 14, 2011, 10:38:22 PM »

i dried malbytes anti malware

no bsod

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2011 at 11:29 PM

Application Version : 5.0.1118

Core Rules Database Version : 7693
Trace Rules Database Version: 5505

Scan type : Custom Scan
Total Scan Time : 00:31:23

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 660
Memory threats detected : 0
Registry items scanned : 73759
Registry threats detected : 0
File items scanned : 34372
File threats detected : 11

Adware.Tracking Cookie
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@atdmt[1].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@atdmt[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@invitemedia[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\romaine@questionmarket[2].txt
   C:\Users\Romaine\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

Rogue.Agent/Gen-Nullo[DLL]
   C:\WINDOWS\SYSTEM32\RTFELGIF.DLL

Adware.Vundo/Variant-FaceSpy
   C:\WINDOWS\SYSWOW64\CANUDUNI.DLL

Adware.MyWebSearch/FunWebProducts
   C:\WINDOWS\SYSWOW64\F3PSSAVR.SCR

i remove the viruses

Valeras · « **Reply #42 on:** September 14, 2011, 10:47:08 PM »

DDS Scan

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Romaine at 23:37:03 on 2011-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1139 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Hewlett-Packard\HPToneControl\HPToneCtl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Romaine\Downloads\mbam-setup.exe
C:\Users\Romaine\AppData\Local\Temp\is-4B0D0.tmp\mbam-setup.tmp
C:\Users\Romaine\Downloads\mbam-setup.exe
C:\Users\Romaine\AppData\Local\Temp\is-HGU0Q.tmp\mbam-setup.tmp
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=C:\Windows\SysWOW64\userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: HP SimplePass Identity Protection Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [<NO NAME>]
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRunOnce: [<NO NAME>]
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476} : DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\1627279637534376 : DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\355707562775966496F54454B414C40275962756C656373702A416D616963616 : DhcpNameServer = 10.0.192.1 65.183.0.78 65.183.0.84
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\4554259303 : DhcpNameServer = 65.183.0.76 65.183.0.86
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\4556279303 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\C696E6B6379737F5F475F51353134383 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F4F0B25F-68E4-47A2-B9AA-9A068776E476}\C696E6B6379737F5F475F583030363 : DhcpNameServer = 192.168.1.2
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: HP SimplePass Identity Protection Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\dpotspluginie8.dll
BHO-X64: HP SimplePass Identity Protection Extension - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [(Default)]
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=10148&l=dis
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcc4c9b&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\components\dpffcli.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\[email protected]\components\RadioWMPCore.dll
FF - component: C:\Users\Romaine\AppData\Roaming\Mozilla\Firefox\Profiles\pyswht5d.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.11.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 autelgif;autelgif;C:\Windows\system32\DRIVERS\autelgif.sys --> C:\Windows\system32\DRIVERS\autelgif.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DVMIO;DeviceVM IO Service;C:\Windows\system32\DRIVERS\dvmio.sys --> C:\Windows\system32\DRIVERS\dvmio.sys [?]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/12/20 22:58:08];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-12-21 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-24 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 Battery Optimizer;Battery Optimizer;C:\Program Files\ReviverSoft\Battery Optimizer\BatteryOptimizerService.exe [2010-12-28 116608]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-2-26 127984]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-3-6 338168]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-1-27 102968]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2010-11-5 327000]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-1 2027840]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-1-6 1791280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 ntkvpnMP;ntkvpnMP;C:\Windows\system32\DRIVERS\ntkvpn.sys --> C:\Windows\system32\DRIVERS\ntkvpn.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-7 11856]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-1-29 947528]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-3-4 2413704]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-23 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 ntkvpn;Loki VPN Service;C:\Windows\system32\DRIVERS\ntkvpn.sys --> C:\Windows\system32\DRIVERS\ntkvpn.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-15 04:31:37   41272   -c--a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-09-15 04:30:42   25416   -c--a-w-   C:\Windows\System32\drivers\mbam.sys
2011-09-14 22:05:34   --------   dc----w-   C:\Users\Romaine\AppData\Local\{01D85F21-59D8-45CD-A780-C6A31DF51CA7}
2011-09-14 22:04:58   --------   dc----w-   C:\Users\Romaine\AppData\Local\{177E8383-9A14-4521-8ABD-9082D64D64A5}
2011-09-13 20:28:10   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D10A2AD4-AB22-483D-819A-8D3B359C7FC2}
2011-09-13 20:27:57   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C99B3D17-940E-402D-B2F8-9C5BD6DCABE1}
2011-09-12 23:49:30   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E972DF40-3971-42D2-AEEF-5AD00092038E}
2011-09-12 23:49:14   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D758DF7A-2412-4A86-A222-2ABB54A7BE16}
2011-09-12 20:49:18   --------   dc----w-   C:\Users\Romaine\AppData\Local\{40AA3079-9230-4716-BA6E-969BAF4F79AD}
2011-09-12 20:48:57   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C51F1358-9B8C-426E-9FE2-3C5315E53D23}
2011-09-11 21:38:25   --------   dc----w-   C:\Users\Romaine\AppData\Local\{25E32551-ACC1-4360-BD96-D7E71E083AAA}
2011-09-11 21:38:15   --------   dc----w-   C:\Users\Romaine\AppData\Local\{7E11A3FA-5376-48E6-9697-1BF2F2F1C686}
2011-09-11 18:23:49   --------   dc----w-   C:\Users\Romaine\AppData\Local\{ABC8837F-81A6-4125-8462-B2437E77EF5F}
2011-09-11 18:23:34   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C3C5E233-4DD3-4D16-8C7F-68CCB70DB51B}
2011-09-10 13:49:35   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C8D4FBC0-42CD-456F-A082-B526F9EFCC37}
2011-09-10 13:49:10   --------   dc----w-   C:\Users\Romaine\AppData\Local\{FDDBF5ED-269C-40E9-BEBA-2BF6A7FEDDBF}
2011-09-10 01:02:26   --------   dc----w-   C:\Users\Romaine\AppData\Local\{0F48F31E-F33D-4BE1-BB7C-9DEFEFC255B4}
2011-09-10 01:01:19   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B6F60769-1531-48FC-AB96-2485A73F86A5}
2011-09-10 00:49:20   --------   d-sh--w-   C:\found.009
2011-09-09 21:09:30   --------   dc----w-   C:\Users\Romaine\AppData\Local\{78263FD7-2392-44AD-BD2A-C14EFF3E6478}
2011-09-09 21:09:14   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B4F0DF6D-1B27-4CF5-8211-9BCF410A33C1}
2011-09-08 21:56:16   --------   dc----w-   C:\Users\Romaine\AppData\Local\{82051858-BDA4-489C-9311-F6264411A44E}
2011-09-07 20:33:12   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E5893776-8AE9-435B-8325-352A1738FDC2}
2011-09-07 00:52:50   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A4606B3C-6325-468E-BFBB-178CC699DA8A}
2011-09-07 00:51:52   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D80E4B7C-8B0B-4E6F-8079-E095DF660539}
2011-09-05 21:43:21   --------   dc----w-   C:\Users\Romaine\AppData\Local\{8F9361F6-5B4F-474C-BB47-B11453C86942}
2011-09-05 21:15:24   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C85B6C24-089E-417D-91D7-703DAB5E4AE5}
2011-09-05 21:13:50   --------   dc----w-   C:\Users\Romaine\AppData\Local\{05DAB953-5787-41E3-9B85-B0DB7481D562}
2011-09-05 02:51:55   --------   dc----w-   C:\Users\Romaine\AppData\Local\{C1265EED-64E8-4330-91C1-CC4F6B506A49}
2011-09-05 02:50:37   --------   dc----w-   C:\Users\Romaine\AppData\Local\{D7B12D03-FB71-4130-A356-3ED51F1B80A8}
2011-09-04 19:24:05   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A7F8EFED-C694-439F-9A1C-A8AD797B70C2}
2011-09-04 19:23:44   --------   dc----w-   C:\Users\Romaine\AppData\Local\{0F809A99-5729-4D3B-951C-444CA12998F7}
2011-09-04 01:28:22   --------   dc----w-   C:\Users\Romaine\AppData\Local\{734C26E7-C0C8-470F-910D-37086B7858A5}
2011-09-04 01:28:02   --------   dc----w-   C:\Users\Romaine\AppData\Local\{CD76BF09-4200-4D75-A743-D60BD874216E}
2011-09-03 13:44:38   --------   dc----w-   C:\Users\Romaine\AppData\Local\{629573C4-C7B2-411C-90F1-FC4690DB46D0}
2011-09-03 13:44:18   --------   dc----w-   C:\Users\Romaine\AppData\Local\{5774EB90-AA31-4593-B6FF-2F2A8131E6AF}
2011-09-02 14:58:46   --------   dc----w-   C:\Users\Romaine\AppData\Local\{071DFBDE-F436-47E0-B443-DEE8D2DEA682}
2011-09-02 14:58:21   --------   dc----w-   C:\Users\Romaine\AppData\Local\{2FB8C88A-31FB-46F9-93DB-FC200DE4E6B4}
2011-09-02 02:35:12   --------   dc----w-   C:\Users\Romaine\AppData\Local\{50EF83F8-F1D0-48AE-91A5-F04C448EFCEE}
2011-09-02 02:34:46   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A59EBB19-C410-4877-9FD6-326E7DB1B2D6}
2011-09-01 01:30:08   89048   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-09-01 01:30:08   785368   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-09-01 01:30:08   478168   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-09-01 01:30:08   2106216   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-09-01 01:30:08   1998168   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-09-01 01:30:08   1846232   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-09-01 01:30:08   15832   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-09-01 01:30:08   134104   -c--a-w-   C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-08-31 14:06:47   --------   dc----w-   C:\Users\Romaine\AppData\Local\{68251E47-8234-4C3B-AA03-18D5994610B7}
2011-08-31 14:06:21   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B13EF862-AA2A-4AC5-9475-F41F30E01C32}
2011-08-30 15:03:23   --------   dc----w-   C:\Users\Romaine\AppData\Local\{2E197DF6-1885-4878-80C5-04AD55A5F733}
2011-08-30 15:02:57   --------   dc----w-   C:\Users\Romaine\AppData\Local\{B4AFEF91-6CC5-4496-9F4A-7E861734E041}
2011-08-29 17:59:54   --------   dc----w-   C:\Users\Romaine\AppData\Local\{1AFF3835-8B22-42BC-83F7-00C50344E723}
2011-08-29 17:59:19   --------   dc----w-   C:\Users\Romaine\AppData\Local\{9E4877D5-41AE-4EAB-AC4F-E9EAC512A6B6}
2011-08-29 14:32:43   --------   dc----w-   C:\Users\Romaine\AppData\Local\{CF7CC89A-B520-4131-A183-B837C09BA4B5}
2011-08-29 14:32:26   --------   dc----w-   C:\Users\Romaine\AppData\Local\{126519B3-E7BB-40F8-8A2A-78D7ADBD5DBB}
2011-08-28 18:51:52   --------   dc----w-   C:\Users\Romaine\AppData\Local\{DBD39310-3410-4038-ABCA-5C3571205F39}
2011-08-28 18:51:29   --------   dc----w-   C:\Users\Romaine\AppData\Local\{433BC36F-4D1B-4D85-9E8B-F13B9E34EBD2}
2011-08-27 14:13:42   --------   dc----w-   C:\Users\Romaine\AppData\Local\{4FC0BEE4-5664-4AD7-A811-76CB7C4C44AE}
2011-08-27 14:13:29   --------   dc----w-   C:\Users\Romaine\AppData\Local\{9DBD391B-EF5C-459A-8D55-F25FC61A81E3}
2011-08-26 21:10:03   --------   dc----w-   C:\Users\Romaine\AppData\Roaming\GameRanger
2011-08-26 13:05:31   --------   dc----w-   C:\Users\Romaine\AppData\Local\{58165237-F7C8-4826-85F4-8F54F27074F6}
2011-08-26 13:05:04   --------   dc----w-   C:\Users\Romaine\AppData\Local\{4C917ADF-327C-4FD9-8E93-59166D3824A4}
2011-08-25 20:02:52   --------   dc----w-   C:\Program Files (x86)\Samsung
2011-08-25 13:05:37   --------   dc----w-   C:\Users\Romaine\AppData\Local\{537B36DD-EC8E-44D4-A8BA-7D77942146B0}
2011-08-25 01:16:19   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-08-25 01:16:19   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-08-25 01:03:14   --------   dc----w-   C:\Users\Romaine\AppData\Local\{9CC3CEA2-6B4F-4BB7-BDE3-7F6B70726A12}
2011-08-22 23:13:31   --------   dc----w-   C:\Program Files (x86)\Rosetta Stone
2011-08-22 23:12:58   --------   dc----w-   C:\ProgramData\RosettaStoneLtdBackup
2011-08-22 22:37:52   --------   dc----w-   C:\ProgramData\Rosetta Stone
2011-08-22 22:35:28   --------   dc----w-   C:\Program Files (x86)\Common Files\Macrovision Shared
2011-08-22 16:01:10   --------   dc----w-   C:\Users\Romaine\AppData\Local\{595C5C2E-54EC-46F7-ACAF-06555C1BB3CE}
2011-08-22 15:09:24   4283672   -c--a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-22 15:08:36   42776   -c--a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-22 13:56:35   --------   dc----w-   C:\Users\Romaine\AppData\Local\{5792F6AC-F845-42EE-9EFF-1D10794DB077}
2011-08-21 16:28:13   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E6D5ABB8-A972-4499-AE90-D29AC2DE656E}
2011-08-21 16:27:33   --------   dc----w-   C:\Users\Romaine\AppData\Local\{3AADDCAB-EFC7-4D5C-BDED-607746C4224B}
2011-08-21 05:28:39   --------   dc----w-   C:\Users\Romaine\AppData\Local\{932EAC0C-BBB5-4B56-B868-95B59BA9C592}
2011-08-21 05:26:17   --------   dc----w-   C:\Users\Romaine\AppData\Local\{A50913C1-0A09-4819-8F4C-D174F49739C2}
2011-08-21 01:31:09   --------   dc----w-   C:\Users\Romaine\AppData\Local\{E068225A-F682-440B-A4F7-4436F8FC6CA2}
.
==================== Find3M ====================
.
2011-09-03 13:51:16   404640   -c--a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-01 11:29:50   34624   -c--a-w-   C:\Windows\System32\TURegOpt.exe
2011-09-01 11:19:22   25920   -c--a-w-   C:\Windows\System32\authuitu.dll
2011-09-01 11:19:18   21312   -c--a-w-   C:\Windows\SysWow64\authuitu.dll
2011-09-01 11:19:10   36160   -c--a-w-   C:\Windows\System32\uxtuneup.dll
2011-09-01 11:18:56   29504   -c--a-w-   C:\Windows\SysWow64\uxtuneup.dll
2011-08-13 13:58:49   86016   ----a-w-   C:\Windows\SysWow64\odbccu32.dll
2011-08-13 13:58:49   81920   ----a-w-   C:\Windows\SysWow64\odbccr32.dll
2011-08-13 13:58:49   319488   ----a-w-   C:\Windows\SysWow64\odbcjt32.dll
2011-08-13 13:58:49   212992   ----a-w-   C:\Windows\System32\odbctrac.dll
2011-08-13 13:58:49   163840   ----a-w-   C:\Windows\SysWow64\odbctrac.dll
2011-08-13 13:58:49   163840   ----a-w-   C:\Windows\System32\odbccp32.dll
2011-08-13 13:58:49   122880   ----a-w-   C:\Windows\SysWow64\odbccp32.dll
2011-08-13 13:58:49   106496   ----a-w-   C:\Windows\System32\odbccu32.dll
2011-08-13 13:58:49   106496   ----a-w-   C:\Windows\System32\odbccr32.dll
2011-08-13 13:32:13   5561216   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-08-13 13:32:13   3967872   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-08-13 13:32:13   3912576   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-08-11 01:41:41   288768   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2011-08-11 01:35:27   1923968   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-08-11 01:28:03   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2011-08-11 01:28:03   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2011-08-11 01:28:03   2303488   ----a-w-   C:\Windows\System32\jscript9.dll
2011-08-11 01:28:03   1797632   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2011-08-11 01:28:03   1389056   ----a-w-   C:\Windows\System32\wininet.dll
2011-08-11 01:28:03   1126912   ----a-w-   C:\Windows\SysWow64\wininet.dll
2011-07-13 08:01:52   3137536   ----a-w-   C:\Windows\System32\win32k.sys
2011-07-12 01:58:59   98304   ----a-w-   C:\Windows\System32\wudriver.dll
2011-07-12 01:57:59   72192   ----a-w-   C:\Windows\System32\napdsnap.dll
2011-07-12 01:56:59   85504   ----a-w-   C:\Windows\SysWow64\secproc_ssp.dll
2011-07-12 01:55:59   665600   ----a-w-   C:\Windows\SysWow64\AuxiliaryDisplayCpl.dll
.
============= FINISH: 23:40:11.07 ===============

how do i attach the zip file?

Valeras · « **Reply #43 on:** September 14, 2011, 10:48:27 PM »

The Malware post is coming tommorow, i dont have much time today

SuperDave · « **Reply #44 on:** September 15, 2011, 01:40:42 PM »

Download OTL to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL

mRun: [<NO NAME>] 
dRunOnce: [<NO NAME>] 
BHO-X64:     HP Print Enhancer - No File
BHO-X64:     AcroIEHelperStub - No File
BHO-X64:     HP SimplePass Identity Protection Extension - No File
BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64:     Ask Toolbar BHO - No File
BHO-X64:     HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

:Files

C:\found.009

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*************************************************************

Quote

how do i attach the zip file?

Copy and paste.

******************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Computer Hope Forum

News:

Author Topic: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe (Read 38765 times)

SuperDave

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

SuperDave

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

SuperDave

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

SuperDave

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

SuperDave

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

SuperDave

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

Valeras

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe

SuperDave

Re: IRQL_NOT_LESS_OR_EQUAL caused by a virus .exe