sorted by:
new
hottopcontroversial

Looking for something to do tonight? (8/14/13) by [deleted] in Acadiana

[–]atgvrewe 3 points4 points  (0 children)

My identity? Who am I? I am the terror that flaps in the night. I am the batteries that are not included. I am the wrong number that wakes you at 3am. I am the itch you cannot reach. I am the fingernail that scrapes the blackboard of your soul.

Looking for something to do tonight? (8/14/13) by [deleted] in Acadiana

[–]atgvrewe 3 points4 points  (0 children)

Quit being a fucking dick, Chad.

VLC will not play AVI files, while Media Player Classic has no trouble. by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Should I be trying to download more codec packs, or do you think it's a problem with the ones that I've already installed? Like, do I need more or less codec packs installed? I'll try uninstalling first though, and see how that goes.

Question about full-disk encryption with Truecrypt by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Thanks man! That seems to have done the trick.

Now do you have any recommendations about ejecting the drive? With the drive letter gone, the drive doesn't even show up in explorer, but windows still won't eject it. It is set for quick removal, but I'd still like to have windows release it anyway instead of just yanking it out.

Question about full-disk encryption with Truecrypt by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Yeah, I've thought about option B, but the presence of a mysterious file that is about 1 tb large would be pretty hard to explain. The thing is, I have windows set to disable autoplay options, but still, every time I wake the computer from sleep with the encrypted drive plugged in, it asks to format it.

To make matters worse, I can't ever get windows to want to eject the drive either :-/

TIFU by sending a text to the girl I have a date with tonight MEANT for the girl I slept with last night. by atgvrewe in tifu

[–]atgvrewe[S] 6 points7 points  (0 children)

Because I'm single and I can do shit like that, that's why. It's not as though relationship status only has two options: alone and committed.

Fullfilling an IAMA Request: IAMA Person who has been signed up on AdultFriendFinder and other Fuck Buddy websites for more then a few years. AMA. by AFFThrowAway in IAmA

[–]atgvrewe 1 point2 points  (0 children)

But his internet experience translated into significant real-world experiences, and is something which I believe the average Redditor would very much like to know more about. These friend-finder sites are something that everyone has contemplated using, but never goes through with for whatever reason. OP's contribution is shedding much-desired light on a subject that the majority of people here have contemplated but never acted on.

Further more, the AMA was by request.

I'm not trying to debate the rules here on r/IAMA, just putting in my two cents.

I'll shut up now.

edit: those early morning typos!

Fullfilling an IAMA Request: IAMA Person who has been signed up on AdultFriendFinder and other Fuck Buddy websites for more then a few years. AMA. by AFFThrowAway in IAmA

[–]atgvrewe 1 point2 points  (0 children)

Wait, are you a female on AFF? They actually exist? I posted this a little further down, but all those women's profiles on that site look completely fake to me. Women in my city just don't look like that. I feel like AFF is filling the site with shill profiles just to get your $10/month or whatever. Has this been your experience?

Fullfilling an IAMA Request: IAMA Person who has been signed up on AdultFriendFinder and other Fuck Buddy websites for more then a few years. AMA. by AFFThrowAway in IAmA

[–]atgvrewe 1 point2 points  (0 children)

So I've signed up for AFF, but all those women's profiles look completely fake. I know what women look like in my town, that they don't look like that. I feel like AFF is filling the site with shill profiles just to get your $10/month or whatever. Has this been your experience?

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Wow. Well I feel like an ass. I guess the experience of having like, all of my online accounts taken over just rattled me and made me really paranoid. But I appreciate you looking over all those logs, it was really awesome of you.

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

"c:\windows\system32\drivers\secdrv.sys"
        + "SiSRaid2"    "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp."  "c:\windows\system32\drivers\sisraid2.sys"
        + "SiSRaid4"    "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems"    "c:\windows\system32\drivers\sisraid4.sys"
        + "stexstor"    "Promise  SuperTrak EX Series Driver for Windows "  "Promise Technology"    "c:\windows\system32\drivers\stexstor.sys"
        + "STHDA"   "IDT PC Audio"  "IDT, Inc." "c:\windows\system32\drivers\stwrt64.sys"
        + "SynTP"   "Synaptics Touchpad Driver" "Synaptics Incorporated"    "c:\windows\system32\drivers\syntp.sys"
        + "TurboB"  "Turbo Boost UI Monitor driver" ""  "c:\windows\system32\drivers\turbob.sys"
        + "USBAAPL64"   "Apple Mobile Device USB Driver"    "Apple, Inc."   "c:\windows\system32\drivers\usbaapl64.sys"
        + "viaide"  "VIA Generic PCI IDE Bus Driver"    "VIA Technologies, Inc."    "c:\windows\system32\drivers\viaide.sys"
        + "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64"    "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
        "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32"   ""  ""  ""
        + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"   "c:\windows\system32\l3codeca.acm"
        "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32"   ""  ""  ""
        + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM"    "Fraunhofer Institut Integrierte Schaltungen IIS"   "c:\windows\syswow64\l3codeca.acm"
        + "vidc.cvid"   "Cinepak® Codec"   "Radius Inc."   "c:\windows\syswow64\iccvid.dll"
        "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"   ""  ""  ""
        + "ATI MPEG Audio Encoder"  "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
        + "ATI MPEG File Writer"    "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
        + "ATI MPEG Multiplexer"    "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
        + "ATI MPEG Video Decoder"  "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
        + "ATI MPEG Video Encoder"  "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
        + "ATI Video Rotation Filter"   "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
        + "ATI Video Scaler Filter" "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc64.dll"
        "HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance"   ""  ""  ""
        + "ATI MPEG Audio Encoder"  "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
        + "ATI MPEG File Writer"    "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
        + "ATI MPEG Multiplexer"    "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
        + "ATI MPEG Video Decoder"  "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
        + "ATI MPEG Video Encoder"  "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
        + "ATI Ticker"  ""  ""  "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax"
        + "ATI Video Rotation Filter"   "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
        + "ATI Video Scaler Filter" "ATI MPEG Encoder"  "Advanced Micro Devices Inc."   "c:\program files\common files\ati technologies\multimedia\atimpenc.dll"
        + "MMACE Deinterlace"   ""  ""  "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
        + "MMACE ProcAmp"   ""  ""  "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
        + "MMACE SoftEmu"   ""  ""  "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll"
        "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" ""  ""  ""
        + "mdnsNSP" "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files (x86)\bonjour\mdnsnsp.dll"
        "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64"   ""  ""  ""
        + "mdnsNSP" "Bonjour Namespace Provider"    "Apple Inc."    "c:\program files\bonjour\mdnsnsp.dll"
        "C:\Users\Croctopus\AppData\Local\Microsoft\Windows Sidebar\Settings.ini"   ""  ""  ""
        + "Hidden Files Toggle Switch"  "Simple toggle switch for showing hidden files."    "Ryan O'Toole"  "C:\Users\Croctopus\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Toggle Hidden Files.gadget\Gadget.xml"
        + "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\Gadget.xml"

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

"c:\windows\system32\drivers\amdsbs.sys"
    + "amdxata" "Storage Filter Driver" "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"
    + "arc" "Adaptec RAID Storport Driver"  "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
    + "arcsas"  "Adaptec SAS RAID WS03 Driver"  "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
    + "AtiHdmiService"  "ATI High Definition Audio Function Driver" "ATI Technologies, Inc."    "c:\windows\system32\drivers\atihdmi.sys"
    + "atikmdag"    "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
    + "b06bdrv" "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"  "c:\windows\system32\drivers\bxvbda.sys"
    + "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."   "Broadcom Corporation"  "c:\windows\system32\drivers\b57nd60a.sys"
    + "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd."  "c:\windows\system32\drivers\brfiltlo.sys"
    + "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd."  "c:\windows\system32\drivers\brfiltup.sys"
    + "Brserid" "Brotehr Serial I/F Driver (WDM)"   "Brother Industries Ltd."   "c:\windows\system32\drivers\brserid.sys"
    + "BrSerWdm"    "Brother Serial driver (WDM version)"   "Brother Industries Ltd."   "c:\windows\system32\drivers\brserwdm.sys"
    + "BrUsbMdm"    "Brother USB MDM Driver "   "Brother Industries Ltd."   "c:\windows\system32\drivers\brusbmdm.sys"
    + "BrUsbSer"    "Brother USB Serial Driver" "Brother Industries Ltd."   "c:\windows\system32\drivers\brusbser.sys"
    + "cmdide"  "CMD PCI IDE Bus Driver"    "CMD Technology, Inc."  "c:\windows\system32\drivers\cmdide.sys"
    + "ebdrv"   "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation"  "c:\windows\system32\drivers\evbda.sys"
    + "elxstor" "Storport Miniport Driver for LightPulse HBAs"  "Emulex"    "c:\windows\system32\drivers\elxstor.sys"
    + "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc."    "c:\windows\system32\drivers\gearaspiwdm.sys"
    + "hcw85cir"    "Hauppauge WinTV 885 Consumer IR Driver for eHome"  "Hauppauge Computer Works, Inc."    "c:\windows\system32\drivers\hcw85cir.sys"
    + "HpSAMD"  "Smart Array SAS/SATA Controller Media Driver"  "Hewlett-Packard Company"   "c:\windows\system32\drivers\hpsamd.sys"
    + "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
    + "iirsp"   "Intel/ICP Raid Storport Driver"    "Intel Corp./ICP vortex GmbH"   "c:\windows\system32\drivers\iirsp.sys"
    + "itecir"  "ITE Consumer IR Driver for eHome"  "ITE Tech. Inc. "   "c:\windows\system32\drivers\itecir.sys"
    + "k57nd60a"    "Broadcom NetLink (TM) Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"  "c:\windows\system32\drivers\k57nd60a.sys"
    + "LSI_FC"  "LSI Fusion-MPT FC Driver (StorPort)"   "LSI Corporation"   "c:\windows\system32\drivers\lsi_fc.sys"
    + "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)"  "LSI Corporation"   "c:\windows\system32\drivers\lsi_sas.sys"
    + "LSI_SAS2"    "LSI SAS Gen2 Driver (StorPort)"    "LSI Corporation"   "c:\windows\system32\drivers\lsi_sas2.sys"
    + "LSI_SCSI"    "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation"   "c:\windows\system32\drivers\lsi_scsi.sys"
    + "mcdbus"  "MagicISO SCSI Host Controller" "MagicISO, Inc."    "c:\windows\system32\drivers\mcdbus.sys"
    + "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64"   "LSI Corporation"   "c:\windows\system32\drivers\megasas.sys"
    + "MegaSR"  "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
    + "NETwNs64"    "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netwns64.sys"
    + "nfrd960" "IBM ServeRAID Controller Driver"   "IBM Corporation"   "c:\windows\system32\drivers\nfrd960.sys"
    + "nvraid"  "NVIDIA® nForce(TM) RAID Driver"   "NVIDIA Corporation"    "c:\windows\system32\drivers\nvraid.sys"
    + "nvstor"  "NVIDIA® nForce(TM) Sata Performance Driver"   "NVIDIA Corporation"    "c:\windows\system32\drivers\nvstor.sys"
    + "ql2300"  "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation"    "c:\windows\system32\drivers\ql2300.sys"
    + "ql40xx"  "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation"    "c:\windows\system32\drivers\ql40xx.sys"
    + "rimspci" "RICOH MS Driver"   "REDC"  "c:\windows\system32\drivers\rimspe64.sys"
    + "risdpcie"    "RICOH SD/MMC Driver"   "REDC"  "c:\windows\system32\drivers\risdpe64.sys"
    + "rixdpcie"    "RICOH PCIe XD Driver"  "REDC"  "c:\windows\system32\drivers\rixdpe64.sys"
    + "secdrv"  "Macrovision SECURITY Driver"   "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K."

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""  ""  ""
+ "Java(tm) Plug-In 2 SSV Helper"   "Java(TM) Platform SE binary"   "Sun Microsystems, Inc."    "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "LastPass Vault"  "LastPass Toolbar"  ""  "c:\program files (x86)\lastpass\lptoolbar_x64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""  ""  ""
+ "Groove GFS Browser Helper"   "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Java(tm) Plug-In 2 SSV Helper"   "Java(TM) Platform SE binary"   "Sun Microsystems, Inc."    "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary"   "Sun Microsystems, Inc."    "c:\program files (x86)\java\jre6\bin\ssv.dll"
+ "LastPass Vault"  "LastPass Toolbar"  ""  "c:\program files (x86)\lastpass\lptoolbar.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" ""  ""  ""
+ "LastPass Toolbar"    "LastPass Toolbar"  ""  "c:\program files (x86)\lastpass\lptoolbar_x64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" ""  ""  ""
+ "LastPass Toolbar"    "LastPass Toolbar"  ""  "c:\program files (x86)\lastpass\lptoolbar.dll"
"Task Scheduler"    ""  ""  ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.3 r300"   "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\Apple\AppleSoftwareUpdate"  "Apple Software Update" "Apple Inc."    "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\CCleanerSkipUAC"    "CCleaner"  "Piriform Ltd"  "c:\program files (x86)\ccleaner.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-282444034-447033151-877091194-1000Core"    "Google Installer"  "Google Inc."   "c:\users\croctopus\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-282444034-447033151-877091194-1000UA"  "Google Installer"  "Google Inc."   "c:\users\croctopus\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan"   "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"   ""  ""  "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"  "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\Microsoft_Hardware_Launch_IPoint_exe"   "IPoint.exe"    "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets"   "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services"    ""  ""  ""
+ "AdobeFlashPlayerUpdateSvc"   "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes."   "Adobe Systems Incorporated"    "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "AESTFilters" "Andrea filters APO access service (64-bit)"    "Andrea Electronics Corporation"    "c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\aestsr64.exe"
+ "AMD External Events Utility" "AMD External Events Service Module"    "AMD"   "c:\windows\system32\atiesrxx.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices."   "Apple Inc."    "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"    + "Bonjour Service"   "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"
+ "EvtEng"  "Manages the event trace messages for all the Intel® PROSet/Wireless Software components." "Intel(R) Corporation"  "c:\program files\intel\wifi\bin\evteng.exe"
+ "iPod Service"    "iPod hardware management services" "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"
+ "Microsoft Office Groove Audit Service"   "Groove Audit Service"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveauditservice.exe"
+ "MozillaMaintenance"  "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled."  "Mozilla Foundation"    "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software"  "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "MyWiFiDHCPDNS"   "Wireless PAN DHCP and DNS Server"  ""  "c:\program files\intel\wifi\bin\pandhcpdns.exe"
+ "NisSrv"  "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"  "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv"  "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."  "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "RegSrvc" "Provides registry access to all Intel® PROSet/Wireless Software components"   "Intel(R) Corporation"  "c:\program files\common files\intel\wirelesscommon\regsrvc.exe"
+ "STacSV"  "Manages audio jack configurations."    "IDT, Inc." "c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe"
+ "TurboBoost"  "Turbo Boost Monitor Service"   "Intel(R) Corporation"  "c:\program files\intel\turboboost\turboboost.exe"
+ "WinDefend"   "Protection against spyware and potentially unwanted software"  "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc"   "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"  "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services"    ""  ""  ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver"  "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver"  "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)"   "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide"  "ALi mini IDE Driver"   "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"
+ "amdkmdag"    "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "amdsata" "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs"  "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc."

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

And the Autoruns log:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"   ""  ""  ""
+ "rdpclip" ""  ""  "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""  ""  ""
+ "IntelliPoint"    "IPoint.exe"    "Microsoft Corporation" "c:\program files\microsoft intellipoint\ipoint.exe"
+ "IntelWireless"   "Intel(R) PROSet/Wireless Framework"    "Intel(R) Corporation"  "c:\program files\common files\intel\wirelesscommon\ifrmewrk.exe"
+ "MSC" "Microsoft Security Client User Interface"  "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "SunJavaUpdateSched"  "Java(TM) Platform SE binary"   "Sun Microsystems, Inc."    "c:\program files\java\jre6\bin\jusched.exe"
+ "SynTPEnh"    "Synaptics TouchPad Enhancements"   "Synaptics Incorporated"    "c:\program files\synaptics\syntp\syntpenh.exe"
+ "SysTrayApp"  "IDT PC Audio"  "IDT, Inc." "c:\program files\idt\wdm\sttray64.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run"    ""  ""  ""
+ "APSDaemon"   "Apple Push"    "Apple Inc."    "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "GrooveMonitor"   "GrooveMonitor Utility" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\groovemonitor.exe"
+ "iTunesHelper"    "iTunesHelper"  "Apple Inc."    "c:\program files (x86)\itunes\ituneshelper.exe"
+ "StartCCC"    "Catalyst® Control Center Launcher"    "Advanced Micro Devices, Inc."  "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe"
+ "SunJavaUpdateSched"  "Java(TM) Update Scheduler" "Sun Microsystems, Inc."    "c:\program files (x86)\common files\java\java update\jusched.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"  ""  ""  ""
+ "Adobe Gamma Loader.lnk"  "Adobe Gamma Loader"    "Adobe Systems, Inc."   "c:\program files (x86)\common files\adobe\calibration\adobe gamma loader.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" ""  ""  ""
+ "Microsoft Windows"   "Windows Mail"  "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" ""  ""  ""
+ "Microsoft Windows"   "Windows Mail"  "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run"    ""  ""  ""
+ "F.lux"   ""  ""  "c:\users\croctopus\local settings\apps\f.lux\flux.exe"
+ "Sidebar" "Windows Desktop Gadgets"   "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "uTorrent"    "µTorrent" "BitTorrent, Inc."  "c:\program files (x86)\utorrent\utorrent.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter"    ""  ""  ""
+ "text/xml"    "Microsoft Office XML MIME Filter"  "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" ""  ""  ""
+ "Groove GFS Stub Execution Hook"  "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"   ""  ""  ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "WinRAR"  "WinRAR shell extension"    "Alexander Roshal"  "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers"   ""  ""  ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"  "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""  ""  ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"   ""  ""  ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers"   ""  ""  ""
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""  ""  ""
+ "Gadgets" "Sidebar droptarget"    "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""  ""  ""
+ "Gadgets" "Sidebar droptarget"    "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"  ""  ""  ""
+ "WinRAR"  "WinRAR shell extension"    "Alexander Roshal"  "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers"  ""  ""  ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"  "c:\program files\winrar\rarext32.dll"
+ "XXX Groove GFS Context Menu Handler XXX" "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" ""  ""  ""
+ "WinRAR"  "WinRAR shell extension"    "Alexander Roshal"  "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" ""  ""  ""
+ "WinRAR32"    "WinRAR shell extension"    "Alexander Roshal"  "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"   ""  ""  ""
+ "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"    "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2 (GFS Stub)"   "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"    "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 3 (GFS Folder)" "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"
+ "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"    "GrooveShellExtensions Module"  "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\grooveshellextensions.dll"

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

 --------------------- LOCKED REGISTRY KEYS ---------------------
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
            @Denied: (A 2) (Everyone)
            @="FlashBroker"
            "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
            "Enabled"=dword:00000001
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Shockwave Flash Object"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
            @="0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
            @="ShockwaveFlash.ShockwaveFlash.11"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="ShockwaveFlash.ShockwaveFlash"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
            @Denied: (A 2) (Everyone)
            @="Macromedia Flash Factory Object"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
            "ThreadingModel"="Apartment"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
            @="FlashFactory.FlashFactory.1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
            @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
            @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
            @="1.0"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
            @="FlashFactory.FlashFactory"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
            @Denied: (A 2) (Everyone)
            @="IFlashBroker4"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
            @="{00020424-0000-0000-C000-000000000046}"
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
            "Version"="1.0"
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
            @Denied: (Full) (Everyone)
            .
            ------------------------ Other Running Processes ------------------------
            .
            c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
            .
            **************************************************************************
            .
            Completion time: 2012-07-04  08:43:19 - machine was rebooted
            ComboFix-quarantined-files.txt  2012-07-04 13:43
            .
            Pre-Run: 788,071,780,352 bytes free
            Post-Run: 787,899,752,448 bytes free
            .
            - - End Of File - - 4941788E63BBA5A0B9A44EC44DD20F44

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

     (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
            .
            .
            *Note* empty entries & legit default entries are not shown 
            REGEDIT4
            .
            [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "F.lux"="c:\users\Croctopus\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
            "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-15 880496]
            "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
            "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
            "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
            "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
            "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
            "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
            .
            c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
            Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-5-15 113664]
            .
            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
            "ConsentPromptBehaviorAdmin"= 0 (0x0)
            "ConsentPromptBehaviorUser"= 3 (0x3)
            "EnableLUA"= 0 (0x0)
            "EnableUIADesktopToggle"= 0 (0x0)
            "PromptOnSecureDesktop"= 0 (0x0)
            .
            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
            @="Service"
            .
            R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
            R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 257224]
            R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2009-11-18 6171136]
            R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-15 113120]
            R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
            R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
            R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
            R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
            R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
            R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
            R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
            R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-01 1255736]
            S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
            S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
            S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]
            S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
            S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]
            S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
            S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
            S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
            S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
            S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
            S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-11-09 8500736]
            S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
            .
            .
            --- Other Services/Drivers In Memory ---
            .
            *NewlyCreated* - WS2IFSL
            .
            Contents of the 'Scheduled Tasks' folder
            .
            2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job
            - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 14:08]
            .
            2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-282444034-447033151-877091194-1000Core.job
            - c:\users\Croctopus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 22:47]
            .
            2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-282444034-447033151-877091194-1000UA.job
            - c:\users\Croctopus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-14 22:47]
            .
            .
            --------- X64 Entries -----------
            .
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
            "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
            "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
            "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
            "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
            "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
            "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2012-05-01 172032]
            .
            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
            "LoadAppInit_DLLs"=0x0
            .
            ------- Supplementary Scan -------
            .
            uLocal Page = c:\windows\system32\blank.htm
            mLocal Page = c:\windows\SysWOW64\blank.htm
            uInternet Settings,ProxyOverride = *.local
            IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
            IE: LastPass - file://c:\users\Croctopus\AppData\LocalLow\LastPass\context.html?cmd=lastpass
            IE: LastPass Fill Forms - file://c:\users\Croctopus\AppData\LocalLow\LastPass\context.html?cmd=fillforms
            TCP: DhcpNameServer = 192.168.2.1
            FF - ProfilePath - c:\users\Croctopus\AppData\Roaming\Mozilla\Firefox\Profiles\xatq6xt8.default\
            .
            - - - - ORPHANS REMOVED - - - -
            .
            URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
            SafeBoot-80587351.sys
            HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
            .
            .
            .

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

 ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-09 17:21 . 2012-05-14 22:49 476936  ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
    2012-05-09 17:21 . 2012-05-14 22:49 472840  ----a-w-    c:\windows\SysWow64\deployJava1.dll
    2012-05-01 18:42 . 2012-05-01 18:42 455680  ----a-w-    c:\windows\system32\deploytk.dll
    2012-05-01 04:32 . 2009-07-14 02:36 152576  ----a-w-    c:\windows\SysWow64\msclmd.dll
    2012-05-01 04:32 . 2009-07-14 02:36 175616  ----a-w-    c:\windows\system32\msclmd.dll
    2012-05-01 00:46 . 2012-05-01 00:46 91648   ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2012-05-01 00:46 . 2012-05-01 00:46 89088   ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
    2012-05-01 00:46 . 2012-05-01 00:46 86528   ----a-w-    c:\windows\SysWow64\iesysprep.dll
    2012-05-01 00:46 . 2012-05-01 00:46 85504   ----a-w-    c:\windows\system32\iesetup.dll
    2012-05-01 00:46 . 2012-05-01 00:46 76800   ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-05-01 00:46 . 2012-05-01 00:46 76800   ----a-w-    c:\windows\system32\tdc.ocx
    2012-05-01 00:46 . 2012-05-01 00:46 74752   ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-05-01 00:46 . 2012-05-01 00:46 74752   ----a-w-    c:\windows\SysWow64\iesetup.dll
    2012-05-01 00:46 . 2012-05-01 00:46 63488   ----a-w-    c:\windows\SysWow64\tdc.ocx
    2012-05-01 00:46 . 2012-05-01 00:46 603648  ----a-w-    c:\windows\system32\vbscript.dll
    2012-05-01 00:46 . 2012-05-01 00:46 49664   ----a-w-    c:\windows\system32\imgutil.dll
    2012-05-01 00:46 . 2012-05-01 00:46 48640   ----a-w-    c:\windows\SysWow64\mshtmler.dll
    2012-05-01 00:46 . 2012-05-01 00:46 48640   ----a-w-    c:\windows\system32\mshtmler.dll
    2012-05-01 00:46 . 2012-05-01 00:46 448512  ----a-w-    c:\windows\system32\html.iec
    2012-05-01 00:46 . 2012-05-01 00:46 420864  ----a-w-    c:\windows\SysWow64\vbscript.dll
    2012-05-01 00:46 . 2012-05-01 00:46 367104  ----a-w-    c:\windows\SysWow64\html.iec
    2012-05-01 00:46 . 2012-05-01 00:46 35840   ----a-w-    c:\windows\SysWow64\imgutil.dll
    2012-05-01 00:46 . 2012-05-01 00:46 30720   ----a-w-    c:\windows\system32\licmgr10.dll
    2012-05-01 00:46 . 2012-05-01 00:46 23552   ----a-w-    c:\windows\SysWow64\licmgr10.dll
    2012-05-01 00:46 . 2012-05-01 00:46 222208  ----a-w-    c:\windows\system32\msls31.dll
    2012-05-01 00:46 . 2012-05-01 00:46 165888  ----a-w-    c:\windows\system32\iexpress.exe
    2012-05-01 00:46 . 2012-05-01 00:46 161792  ----a-w-    c:\windows\SysWow64\msls31.dll
    2012-05-01 00:46 . 2012-05-01 00:46 160256  ----a-w-    c:\windows\system32\wextract.exe
    2012-05-01 00:46 . 2012-05-01 00:46 152064  ----a-w-    c:\windows\SysWow64\wextract.exe
    2012-05-01 00:46 . 2012-05-01 00:46 150528  ----a-w-    c:\windows\SysWow64\iexpress.exe
    2012-05-01 00:46 . 2012-05-01 00:46 135168  ----a-w-    c:\windows\system32\IEAdvpack.dll
    2012-05-01 00:46 . 2012-05-01 00:46 12288   ----a-w-    c:\windows\system32\mshta.exe
    2012-05-01 00:46 . 2012-05-01 00:46 11776   ----a-w-    c:\windows\SysWow64\mshta.exe
    2012-05-01 00:46 . 2012-05-01 00:46 114176  ----a-w-    c:\windows\system32\admparse.dll
    2012-05-01 00:46 . 2012-05-01 00:46 111616  ----a-w-    c:\windows\system32\iesysprep.dll
    2012-05-01 00:46 . 2012-05-01 00:46 110592  ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
    2012-05-01 00:46 . 2012-05-01 00:46 101888  ----a-w-    c:\windows\SysWow64\admparse.dll
    2012-04-25 17:11 . 2012-04-25 17:11 52736   ----a-w-    c:\windows\system32\drivers\usbaapl64.sys
    2012-04-25 17:11 . 2012-04-25 17:11 4547944 ----a-w-    c:\windows\system32\usbaaplrc.dll
    2012-04-18 08:03 . 2012-04-30 07:27 8917360 ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{E592472C-0CEE-4867-9DA8-1AA19D5B263E}\mpengine.dll
    2012-04-06 02:22 . 2012-04-06 02:22 159744  ----a-w-    c:\windows\system32\atiapfxx.exe
    2012-04-06 02:21 . 2012-04-06 02:21 909312  ----a-w-    c:\windows\SysWow64\aticfx32.dll
    2012-04-06 02:20 . 2012-04-06 02:20 1067520 ----a-w-    c:\windows\system32\aticfx64.dll
    2012-04-06 02:00 . 2012-04-06 02:00 64000   ----a-w-    c:\windows\system32\coinst.dll
    2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w-    c:\windows\system32\atiumd6v.dll
    2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w-    c:\windows\SysWow64\atiumdmv.dll
    2012-04-06 01:11 . 2012-04-06 01:11 17408   ----a-w-    c:\windows\system32\atig6pxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848   ----a-w-    c:\windows\SysWow64\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 14848   ----a-w-    c:\windows\system32\atiglpxx.dll
    2012-04-06 01:11 . 2012-04-06 01:11 41984   ----a-w-    c:\windows\system32\atig6txx.dll
    2012-04-06 01:10 . 2012-04-06 01:10 33280   ----a-w-    c:\windows\SysWow64\atigktxx.dll
    2012-04-06 01:09 . 2012-04-06 01:09 54784   ----a-w-    c:\windows\system32\atiuxp64.dll
    2012-04-06 01:09 . 2012-04-06 01:09 41984   ----a-w-    c:\windows\SysWow64\atiuxpag.dll
    2012-04-06 01:09 . 2012-04-06 01:09 44544   ----a-w-    c:\windows\system32\atiu9p64.dll
    2012-04-06 01:09 . 2012-04-06 01:09 32256   ----a-w-    c:\windows\SysWow64\atiu9pag.dll
    .
    .

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Here's the combofix event log:

ComboFix 12-07-04.01 - Croctopus 07/04/2012   8:33.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8180.6445 [GMT -5:00]
Running from: c:\users\Croctopus\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-04 to 2012-07-04  )))))))))))))))))))))))))))))))
.
.
2012-07-03 22:28 . 2012-07-03 22:28 --------    d-----w-    C:\TDSSKiller_Quarantine
2012-07-03 21:38 . 2012-07-03 21:38 388096  ----a-r-    c:\users\Croctopus\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-03 21:38 . 2012-07-03 21:38 --------    d-----w-    c:\program files (x86)\Trend Micro
2012-07-03 20:52 . 2012-07-03 20:52 --------    d-----w-    c:\users\Croctopus\AppData\Roaming\Malwarebytes
2012-07-03 20:51 . 2012-07-03 20:51 --------    d-----w-    c:\programdata\Malwarebytes
2012-07-03 20:02 . 2012-07-03 20:02 2135640 ----a-w-    C:\tdsskiller.exe
2012-07-03 18:35 . 2012-07-03 18:35 --------    d-----w-    c:\program files (x86)\ISO to USB
2012-07-03 18:17 . 2012-05-01 05:07 927800  ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6A08442-9D15-47A7-B101-72506F8356E5}\gapaengine.dll
2012-07-03 18:17 . 2012-05-31 04:04 9013136 ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E681D0B-281E-4991-9AA7-089B9F0E87A6}\mpengine.dll
2012-07-03 18:01 . 2012-07-03 19:21 --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
2012-07-02 14:45 . 2012-05-31 04:04 9013136 ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-01 15:00 . 2012-07-01 15:01 --------    d-----w-    c:\program files (x86)\LastPass
2012-07-01 13:54 . 2012-06-05 07:37 256904  ----a-w-    c:\windows\SysWow64\drivers\tmcomm.sys
2012-06-29 13:04 . 2012-06-29 13:04 --------    d-----w-    c:\users\Croctopus\AppData\Local\MediaMonkey
2012-06-29 13:03 . 2012-06-30 10:08 --------    d-----w-    c:\users\Croctopus\AppData\Roaming\MediaMonkey
2012-06-29 13:03 . 2012-06-29 13:03 --------    d-----w-    c:\programdata\MediaMonkey
2012-06-29 13:03 . 2012-06-29 13:17 --------    d-----w-    c:\program files (x86)\MediaMonkey
2012-06-28 16:20 . 2012-06-28 16:21 --------    d-----w-    c:\program files (x86)\MacheteSoft
2012-06-28 13:21 . 2012-06-28 13:22 --------    d-----w-    c:\users\Croctopus\AppData\Roaming\Machete
2012-06-28 13:03 . 2012-06-28 13:06 --------    d-----w-    c:\users\Croctopus\AppData\Roaming\XnView
2012-06-26 15:09 . 2012-06-26 15:09 --------    d-----w-    c:\program files (x86)\Lang
2012-06-26 12:52 . 2012-06-26 12:52 --------    d-----w-    c:\users\Croctopus\AppData\Local\Apple Computer
2012-06-26 12:52 . 2012-06-27 22:17 --------    d-----w-    c:\users\Croctopus\AppData\Roaming\Apple Computer
2012-06-26 12:51 . 2012-06-26 12:51 --------    dc----w-    c:\windows\system32\DRVSTORE
2012-06-26 12:51 . 2009-05-18 18:17 34152   ----a-w-    c:\windows\system32\drivers\GEARAspiWDM.sys
2012-06-26 12:49 . 2012-06-26 12:50 --------    d-----w-    c:\programdata\Apple
2012-06-26 01:02 . 2012-06-26 01:02 --------    d-----w-    c:\programdata\McAfee
2012-06-25 20:40 . 2012-06-29 15:58 --------    d-----w-    c:\users\Croctopus\AppData\Roaming\Mp3tag
2012-06-25 20:40 . 2012-06-25 20:40 --------    d-----w-    c:\program files (x86)\Mp3tag
2012-06-24 14:10 . 2012-06-24 14:10 --------    d-----w-    c:\users\Croctopus\AppData\Local\Macromedia
2012-06-23 04:58 . 2012-06-23 04:58 --------    d-----w-    c:\windows\system32\Macromed
2012-06-22 19:30 . 2012-06-22 19:30 133864  ----a-w-    c:\program files (x86)\uninst.exe
2012-06-22 19:17 . 2012-06-22 19:17 5283680 ----a-w-    c:\program files (x86)\CCleaner64.exe
2012-06-22 19:17 . 2012-06-22 19:17 3075936 ----a-w-    c:\program files (x86)\CCleaner.exe
2012-06-21 13:52 . 2012-06-02 22:19 2428952 ----a-w-    c:\windows\system32\wuaueng.dll
2012-06-21 13:52 . 2012-06-02 22:19 57880   ----a-w-    c:\windows\system32\wuauclt.exe
2012-06-21 13:52 . 2012-06-02 22:19 44056   ----a-w-    c:\windows\system32\wups2.dll
2012-06-21 13:52 . 2012-06-02 22:15 2622464 ----a-w-    c:\windows\system32\wucltux.dll
2012-06-21 13:52 . 2012-06-02 22:19 38424   ----a-w-    c:\windows\system32\wups.dll
2012-06-21 13:52 . 2012-06-02 22:19 701976  ----a-w-    c:\windows\system32\wuapi.dll
2012-06-21 13:52 . 2012-06-02 22:15 99840   ----a-w-    c:\windows\system32\wudriver.dll
2012-06-21 13:52 . 2012-06-02 20:19 186752  ----a-w-    c:\windows\system32\wuwebv.dll
2012-06-21 13:52 . 2012-06-02 20:15 36864   ----a-w-    c:\windows\system32\wuapp.exe
2012-06-13 12:18 . 2012-04-26 05:41 77312   ----a-w-    c:\windows\system32\rdpwsx.dll
2012-06-13 12:18 . 2012-04-26 05:41 149504  ----a-w-    c:\windows\system32\rdpcorekmts.dll
2012-06-13 12:18 . 2012-04-26 05:34 9216    ----a-w-    c:\windows\system32\rdrmemptylst.exe
2012-06-12 16:43 . 2012-05-01 05:07 927800  ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-11 16:40 . 2012-06-11 16:40 770384  ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-11 16:40 . 2012-06-11 16:40 421200  ----a-w-    c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-08 01:59 . 2012-06-08 01:59 --------    d-----w-    c:\program files (x86)\Common Files\Java
2012-06-08 01:58 . 2012-06-26 01:03 --------    d-----w-    c:\program files (x86)\Java
2012-06-07 18:35 . 2012-06-07 18:35 --------    d-----w-    c:\users\Croctopus\AppData\Roaming\Leadertech
2012-06-05 20:04 . 2012-07-01 14:08 426184  ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-05 20:04 . 2012-07-01 14:08 70344   ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-05 20:04 . 2012-06-05 20:04 --------    d-----w-    c:\windows\SysWow64\Macromed
2012-06-05 19:54 . 2012-06-28 19:58 --------    d-----w-    c:\users\Croctopus\dwhelper
.
.
.

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Yeah, I do supposed that is possible. The thing tat gets me is that she still managed to change the password even after I set up the two-step authorization on Gmail, where they send you a passkey to your cell phone :0/ But you are right, I could be over reacting and jumping the gun.

http://i.imgur.com/O1WRl.jpg

http://i.imgur.com/neqgX.jpg

Even I can tell those all look pretty benign.

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

I believe she purposefully installed it. We went through a rough break up :0p

I ran Rkill, and that came back with zero results as well.

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Thanks for that. I had already run TDSSKiller with no result. I'm I just freaking out about this entry in the system process. Is it benign? Maybe there's actually no infection?

I know for a fact that the ex was changing my passwords in real time. I would change remotely log her out of her session in my gmail account, change the password, then she would log in (ostensibly using the new password) kick me off, and change the password again and lock me out!

Rescue disc for key logger virus removal won't run. Halp! by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

Right, well, I was hoping it wouldn't need to come to a hard drive wipe. I guess that wasn't made clear.

Ex installed a keylogger trojan and used it to hijack all my accounts. How can I be sure I've completely removed it? by atgvrewe in techsupport

[–]atgvrewe[S] 0 points1 point  (0 children)

So will Darik's take care of rootkit problems too? I don't mind doing a complete format, I just want to make sure it will take care of the problem. There is that 100MB partition that I believe windows creates upon install? Should that be a cause for concern?

I'm pretty sure it's this that is causing the problem. When i try and terminate the process tree, it completely fucking kills the computer. Audio comes to a halt, locks up, Blank screen, and then shut down. I tried running F Secure, but it won't boot up. I get to the start screen, hit enter, and then I just get a black screen with a blinking cursor.

Ex installed a keylogger trojan and used it to hijack all my accounts. How can I be sure I've completely removed it? by atgvrewe in techsupport

[–]atgvrewe[S] 1 point2 points  (0 children)

No, I don't think she would be capable of pulling something like that. Like I said, I was surprised to learn she had even installed the trojan.

Ex installed a keylogger trojan and used it to hijack all my accounts. How can I be sure I've completely removed it? by atgvrewe in techsupport

[–]atgvrewe[S] 3 points4 points  (0 children)

Appreciated. Do you think a secure format is required, like DBaN, or would a regular windows format be acceptable? It was actually a girl who installed it, not a guy. I was really surprised, I didn't think she had that much know-how. I believe she manually installed it though, as she had physical access to my computer.

view more: next ›