Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Second computer scan, keylogger or virus?


  • Please log in to reply

#1
vaporchic

vaporchic

    New Member

  • Member
  • Pip
  • 2 posts
Hello, I just posted the log in another topic on my Sony computer. This is my ASUS computer. I used spybot search and destroy, malwarebytes, eset to run scans and they all come up clean. Here is the attached scan you had me run. Thank you again!!! We are seperated and he's told me he spys on me from work and I dont know how he's doing that, getting into my computer or using a program of some type. He says he thinks the name of the program is KVM or something when I asked so I can remove it. Thank You in advance.

OTL logfile created on: 4/10/2012 9:41:08 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tara\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 50.79% Memory free
7.59 Gb Paging File | 5.45 Gb Available in Paging File | 71.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 95.90 Gb Free Space | 64.34% Space Free | Partition Type: NTFS
Drive D: | 425.64 Gb Total Space | 302.08 Gb Free Space | 70.97% Space Free | Partition Type: NTFS
Drive F: | 465.65 Gb Total Space | 75.88 Gb Free Space | 16.30% Space Free | Partition Type: FAT32

Computer Name: TARA-PC | User Name: Tara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/10 09:38:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
PRC - [2012/03/28 18:34:56 | 000,110,592 | ---- | M] (AdobeServices) -- C:\Program Files (x86)\WinApps\RDS.exe
PRC - [2012/03/28 17:57:30 | 000,233,472 | ---- | M] (VGAHIDServices ) -- C:\Program Files (x86)\WinApps\cmss.exe
PRC - [2012/03/28 17:57:30 | 000,122,880 | ---- | M] (HTTPGoogleServices) -- C:\Program Files (x86)\WinApps\dlink.exe
PRC - [2012/03/28 17:57:30 | 000,049,152 | ---- | M] (NetworkDiscoveryService) -- C:\Program Files (x86)\WinApps\messenger.exe
PRC - [2012/03/08 01:05:06 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\Key Scrambler\KeyScrambler.exe
PRC - [2012/02/28 05:55:12 | 003,478,936 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/02/16 10:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2010/12/11 00:07:40 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/07/02 17:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/06/09 13:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/03 18:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/05/03 18:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/02/04 18:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/12/15 14:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 14:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 14:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 14:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 21:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/30 21:09:36 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/08 12:24:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/03/08 12:23:41 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/03/08 12:23:30 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/03/08 12:23:21 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/03/08 12:23:10 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/03/08 12:21:46 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/03/08 12:21:40 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/03/08 12:21:35 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/08 12:21:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/08 12:21:30 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/03/08 12:21:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/03/02 14:45:02 | 000,078,336 | ---- | M] () -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\shpn866h.default\extensions\[email protected]\modules\ctypes-binary\MuterWin7-32.dll
MOD - [2012/02/16 10:40:41 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/11/11 15:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 15:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 15:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 15:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 15:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2010/07/02 17:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010/02/23 19:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 19:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010/02/23 19:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 19:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 19:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/07 19:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 19:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2010/03/05 14:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/03/05 14:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 14:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/12/07 20:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/30 22:09:11 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 14:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/07 21:13:32 | 000,149,640 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Pro Webcam C910(UVC)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/18 02:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/01/10 23:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/14 20:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 10:20:38 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2011/08/04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 10:20:38 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2011/08/04 10:20:38 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/18 14:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/05/16 21:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 21:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 21:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/04/13 06:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/03/18 02:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/03/04 05:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/02/26 04:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 18:38:29 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:15:55 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/13 13:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/09/05 01:46:56 | 000,203,328 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 21:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2007/09/05 01:46:56 | 000,203,328 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tara\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/03/08 12:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/08 14:43:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/03/08 12:47:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Tara\AppData\Roaming\IDM\idmmzcc5 [2012/03/09 12:32:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Tara\AppData\Roaming\IDM\idmmzcc5 [2012/03/09 12:32:23 | 000,000,000 | ---D | M]

[2012/03/08 15:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Extensions
[2012/04/10 08:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\shpn866h.default\extensions
[2012/03/10 16:19:58 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\shpn866h.default\extensions\[email protected]
[2012/04/10 08:59:51 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\shpn866h.default\extensions\[email protected]
[2012/03/14 05:36:51 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\shpn866h.default\extensions\[email protected]
[2012/03/10 16:20:02 | 000,000,000 | ---D | M] (Muter) -- C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\shpn866h.default\extensions\[email protected]
[2012/03/08 14:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/09 12:32:23 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\TARA\APPDATA\ROAMING\IDM\IDMMZCC5
() (No name found) -- C:\USERS\TARA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHPN866H.DEFAULT\EXTENSIONS\{B442F4C0-C292-4998-AABE-48608A73BA75}.XPI
[2012/02/16 10:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 06:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 06:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tara\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tara\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tara\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tara\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\2.9.8_0\
CHR - Extension: Google Search = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.25_0\
CHR - Extension: Picnik = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmnggcpelemfookhlhkdfbechcdadfp\1.0.6_0\
CHR - Extension: StumbleUpon = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.3.22.1_0\
CHR - Extension: StumbleUpon = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.4.5.3_0\
CHR - Extension: Gmail = C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [IntellRaidConfigurer] C:\Program Files (x86)\WinApps\cmss.exe (VGAHIDServices )
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{249A2FB2-7295-4E49-AA75-95EF554655D9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 09:38:35 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
[2012/04/10 09:00:28 | 000,000,000 | ---D | C] -- C:\Users\Tara\plugtmp-1
[2012/04/10 07:11:39 | 000,000,000 | R--D | C] -- C:\Users\Tara\Favorites
[2012/04/10 06:52:52 | 000,000,000 | ---D | C] -- C:\Users\Tara\WPDNSE
[2012/04/09 22:29:05 | 000,000,000 | ---D | C] -- C:\Users\Tara\plugtmp
[2012/04/09 17:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/09 17:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/04/09 17:37:07 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/04/09 17:19:38 | 000,000,000 | ---D | C] -- C:\Users\Tara\hsperfdata_Tara
[2012/04/08 22:35:07 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/04/08 22:35:03 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\IrfanView
[2012/04/08 22:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012/04/08 12:31:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\iphoneApril
[2012/04/08 00:28:37 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\IObit
[2012/03/28 18:39:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Accessories
[2012/03/28 18:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Accessories
[2012/03/28 18:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinApps
[2012/03/25 21:19:45 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{7ED2B347-4AFE-4563-AFA9-E432C8ADF6DB}
[2012/03/25 21:17:59 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{8F35F9AB-3799-4330-B0D1-FE9F506013BA}
[2012/03/25 15:40:55 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{C0F02BD1-9F4E-4AB7-A215-0D1E68F573D9}
[2012/03/23 19:39:29 | 000,000,000 | -H-D | C] -- C:\Users\Tara\AppData\Roaming\QFX Software
[2012/03/21 17:39:34 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{7E70C949-20DF-4196-B25F-5A1FCD988CCA}
[2012/03/20 19:03:50 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{3EC1791F-17C3-45BA-8A62-FFC9B5C18BA2}
[2012/03/20 18:34:58 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{1250E26B-CEBF-4F5C-82CD-B86409187A28}
[2012/03/19 09:03:14 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/18 12:32:35 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\dvdcss
[2012/03/18 12:16:11 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2012/03/17 12:33:05 | 000,222,904 | ---- | C] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2012/03/17 12:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Key Scrambler
[2012/03/17 12:17:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/17 11:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software
[2012/03/16 17:26:45 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{B4875B4E-F4BE-48D6-A58A-2D040AD0CFD3}
[2012/03/14 20:15:15 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\{652DB9B3-C6F9-4138-8F8D-7707128463D1}
[2012/03/14 19:28:35 | 000,000,000 | ---D | C] -- D:\Documents\ConvertXToDVD
[2012/03/14 18:13:12 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\Windows Live
[2012/03/13 03:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/03/12 17:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/03/12 09:28:04 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/03/12 09:28:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
[2012/03/12 09:27:48 | 000,203,328 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysWow64\drivers\mcdbus.sys
[2012/03/12 09:27:48 | 000,203,328 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
[2012/03/12 09:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicDisc
[2012/03/12 09:10:33 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\SoftGrid Client
[2012/03/12 09:10:33 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Local\SoftGrid Client
[2012/03/12 09:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/12 09:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/12 09:09:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012/03/12 09:09:31 | 000,000,000 | ---D | C] -- C:\Users\Tara\AppData\Roaming\TP
[2012/03/12 09:04:58 | 000,000,000 | ---D | C] -- C:\Users\Tara\Desktop\juice
[5 C:\Users\Tara\*.tmp files -> C:\Users\Tara\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/10 09:38:19 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tara\Desktop\OTL.exe
[2012/04/10 09:09:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/10 08:59:37 | 000,262,176 | -H-- | M] () -- C:\Users\Tara\etilqs_KFUwNivzpInOpNg
[2012/04/10 08:05:08 | 000,742,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/10 08:05:08 | 000,636,034 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/10 08:05:08 | 000,110,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/10 07:54:28 | 000,005,632 | ---- | M] () -- C:\Users\Tara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/10 07:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/10 07:19:46 | 000,032,008 | ---- | M] () -- D:\Documents\cc_20120410_071937.reg
[2012/04/10 07:00:00 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 07:00:00 | 000,019,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 06:53:19 | 000,001,210 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012/04/10 06:52:03 | 3054,931,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/09 17:37:14 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/09 10:37:36 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2012/04/08 23:20:36 | 000,002,174 | ---- | M] () -- D:\Documents\cc_20120408_232031.reg
[2012/04/08 23:19:37 | 000,016,820 | ---- | M] () -- D:\Documents\cc_20120408_231930.reg
[2012/04/08 22:35:07 | 000,001,000 | ---- | M] () -- C:\Users\Tara\Desktop\IrfanView.lnk
[2012/04/08 04:01:38 | 000,011,828 | ---- | M] () -- D:\Documents\cc_20120408_040128.reg
[2012/04/07 07:54:47 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3935525964-1921349102-355961390-1000UA.job
[2012/04/07 07:54:47 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3935525964-1921349102-355961390-1000Core.job
[2012/04/04 18:43:29 | 000,016,400 | -H-- | M] () -- C:\Users\Tara\etilqs_Qu6WZbhVcKgd6up
[2012/04/04 18:43:29 | 000,002,052 | -H-- | M] () -- C:\Users\Tara\etilqs_esK2PcUHsRWFfqS
[2012/04/04 18:43:28 | 000,010,260 | -H-- | M] () -- C:\Users\Tara\etilqs_OuPeKkEd310V9AR
[2012/04/04 18:43:28 | 000,008,200 | -H-- | M] () -- C:\Users\Tara\etilqs_LwctuqolXsKPTad
[2012/04/04 08:45:41 | 000,001,057 | ---- | M] () -- C:\Users\Tara\AppData\Roaming\vso_ts_preview.xml
[2012/04/03 13:09:47 | 000,000,450 | ---- | M] () -- C:\Users\Tara\Desktop\Data (D) - Shortcut.lnk
[2012/03/31 09:41:41 | 000,000,004 | -H-- | M] () -- C:\Users\Tara\etilqs_h6cuI1F4wDyuCCl
[2012/03/31 09:40:38 | 000,012,304 | -H-- | M] () -- C:\Users\Tara\etilqs_89wBjpADF1IpcQS
[2012/03/31 09:40:37 | 000,006,160 | -H-- | M] () -- C:\Users\Tara\etilqs_Y8GG18z0adaBCG4
[2012/03/31 09:40:37 | 000,000,004 | -H-- | M] () -- C:\Users\Tara\etilqs_L2aqLd3pa91dCg5
[2012/03/31 09:40:36 | 000,004,104 | -H-- | M] () -- C:\Users\Tara\etilqs_XR2KzIbaAboX5q5
[2012/03/29 16:40:33 | 000,002,208 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/03/28 17:57:35 | 000,000,026 | ---- | M] () -- C:\Windows\refsdm.dll
[2012/03/28 17:18:15 | 000,012,304 | -H-- | M] () -- C:\Users\Tara\etilqs_qR7ksq9cIxMR1m8
[2012/03/28 17:18:14 | 000,002,056 | -H-- | M] () -- C:\Users\Tara\etilqs_C9uDzon9UyfddM5
[2012/03/28 17:18:13 | 000,006,160 | -H-- | M] () -- C:\Users\Tara\etilqs_OlbScBd9n4exyNc
[2012/03/15 02:10:51 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/13 03:00:32 | 000,758,914 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/12 09:28:04 | 000,000,991 | ---- | M] () -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[5 C:\Users\Tara\*.tmp files -> C:\Users\Tara\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/10 08:59:37 | 000,262,176 | -H-- | C] () -- C:\Users\Tara\etilqs_KFUwNivzpInOpNg
[2012/04/10 07:19:44 | 000,032,008 | ---- | C] () -- D:\Documents\cc_20120410_071937.reg
[2012/04/09 17:37:14 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/09 17:33:38 | 000,005,632 | ---- | C] () -- C:\Users\Tara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/08 23:20:34 | 000,002,174 | ---- | C] () -- D:\Documents\cc_20120408_232031.reg
[2012/04/08 23:19:35 | 000,016,820 | ---- | C] () -- D:\Documents\cc_20120408_231930.reg
[2012/04/08 22:35:07 | 000,001,000 | ---- | C] () -- C:\Users\Tara\Desktop\IrfanView.lnk
[2012/04/08 04:01:35 | 000,011,828 | ---- | C] () -- D:\Documents\cc_20120408_040128.reg
[2012/04/08 01:53:24 | 000,002,855 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk
[2012/04/08 01:53:24 | 000,000,991 | ---- | C] () -- C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
[2012/04/04 18:43:29 | 000,016,400 | -H-- | C] () -- C:\Users\Tara\etilqs_Qu6WZbhVcKgd6up
[2012/04/04 18:43:29 | 000,002,052 | -H-- | C] () -- C:\Users\Tara\etilqs_esK2PcUHsRWFfqS
[2012/04/04 18:43:28 | 000,010,260 | -H-- | C] () -- C:\Users\Tara\etilqs_OuPeKkEd310V9AR
[2012/04/04 18:43:28 | 000,008,200 | -H-- | C] () -- C:\Users\Tara\etilqs_LwctuqolXsKPTad
[2012/04/03 13:09:47 | 000,000,450 | ---- | C] () -- C:\Users\Tara\Desktop\Data (D) - Shortcut.lnk
[2012/03/31 09:41:41 | 000,000,004 | -H-- | C] () -- C:\Users\Tara\etilqs_h6cuI1F4wDyuCCl
[2012/03/31 09:40:38 | 000,012,304 | -H-- | C] () -- C:\Users\Tara\etilqs_89wBjpADF1IpcQS
[2012/03/31 09:40:37 | 000,006,160 | -H-- | C] () -- C:\Users\Tara\etilqs_Y8GG18z0adaBCG4
[2012/03/31 09:40:37 | 000,000,004 | -H-- | C] () -- C:\Users\Tara\etilqs_L2aqLd3pa91dCg5
[2012/03/31 09:40:36 | 000,004,104 | -H-- | C] () -- C:\Users\Tara\etilqs_XR2KzIbaAboX5q5
[2012/03/30 21:09:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/28 18:39:03 | 000,000,026 | ---- | C] () -- C:\Windows\refsdm.dll
[2012/03/28 17:18:15 | 000,012,304 | -H-- | C] () -- C:\Users\Tara\etilqs_qR7ksq9cIxMR1m8
[2012/03/28 17:18:14 | 000,002,056 | -H-- | C] () -- C:\Users\Tara\etilqs_C9uDzon9UyfddM5
[2012/03/28 17:18:13 | 000,006,160 | -H-- | C] () -- C:\Users\Tara\etilqs_OlbScBd9n4exyNc
[2012/03/27 06:40:14 | 000,001,144 | ---- | C] () -- C:\Users\Tara\Desktop\Mozilla Firefox.lnk
[2012/03/12 09:10:01 | 000,758,914 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/08 20:19:46 | 000,001,057 | ---- | C] () -- C:\Users\Tara\AppData\Roaming\vso_ts_preview.xml
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/01/10 23:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 23:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 23:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 22:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012/04/10 06:58:30 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\DMCache
[2012/03/23 19:37:11 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\ESET
[2012/03/29 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\IDM
[2012/04/08 00:28:37 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\IObit
[2012/04/08 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\IrfanView
[2012/03/08 21:11:24 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\Leadertech
[2012/03/23 19:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Tara\AppData\Roaming\QFX Software
[2012/03/22 09:53:04 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\SoftGrid Client
[2012/04/05 07:45:06 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\Spotify
[2012/03/12 09:10:48 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\TP
[2012/04/05 20:11:56 | 000,000,000 | ---D | M] -- C:\Users\Tara\AppData\Roaming\Vso
[2009/07/14 01:08:49 | 000,024,372 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,775 posts
  • MVP
He may be messing with your head. Don't see a key logger but it could be hidden. I assume you have changed the passwords on any online stuff you do (and unfriended him on Facebook). He probably knows enough about you that he can answer the "secret questions" in order to recover a password so consider changing your logon names and canceling the old accounts.

See if you have a program called something like: Intel® Management Engine. Uninstall it. This is a remote management tool that is used by corporations to manage their PCs. Probably won't work over the Internet but you don't need it.

Did you install this WinApps stuff? Uninstall it too.

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP