Two Plus Two Publishing LLC
Two Plus Two Publishing LLC
 

Go Back   Two Plus Two Poker Forums > >

Notices

Computer Technical Help Post your questions about computer hardware and software and configuring same here.

Reply
 
Thread Tools Display Modes
Old 09-13-2014, 07:16 AM   #1
synth_floyd
Pooh-Bah
 
Join Date: Sep 2005
Posts: 4,587
Was infected by a virus and lost my roll on Stars. What method did they use?

I was recently infected with a virus, had my Pokerstars account password stolen and all my money lost. Stars security basically said "It was your fault so you're SOL." What I want to know is how did they do it? Was it a key logger? Remote access to my computer? Scanning my pokerstars software to get my password (I had "remember password" on)? What other software should I be worried about (it doesn't seem like they accessed or changed anything on Skype, for example)?

Stars security said that my account was accessed from a computer from Russia and they said it was likely a key logger. However, I never typed in my password since I always used the "remember password" function. Admittedly it was a very weak password but they said that the person logged in with no wrong attempts so they knew exactly what it was. I have no other poker software on my comp now, but I had full tilt and a few other poker sites installed and also used "remember password" with those. And I think with those software even if you uninstall it, it still saves your saved password on the computer somewhere so if you re-install it will still have the password saved. Should I be worried about these too?

I already changed my gmail password from a different computer and it doesn't look like that was broken into and since the virus, I haven't logged into anything on this computer except for 2+2 now. I also ran the following virus scans:

windows defender
avast 2x (2x means i ran it twice)
super anti spyware 2x
ccleaner 2x
malwarebytes anti-malware 2x
avg 2x

With Avast, I ran it once, it found nothing suspicious, then the 2nd time I ran it, it found something called "UBS.Bicololo" so I'm assuming that was the virus. No other scans found anything (did a boot scan with Avast too). Should I be worried that a virus might still be on my computer and not log into anything sensitive?
synth_floyd is offline   Reply With Quote
Old 09-13-2014, 10:47 AM   #2
MegaDisgruntled
old hand
 
Join Date: May 2006
Location: In a world of my own making...
Posts: 1,396
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

Avast - run a boot scan
TCPView - I know of a neteller hacking last week where it appears somebody was connected from an outside IP.

Sorry this happened. I guess a security token was never in play here?

Fwiw, reformat that pc immediately.
MegaDisgruntled is offline   Reply With Quote
Old 09-13-2014, 12:23 PM   #3
wahoo3
veteran
 
Join Date: Sep 2008
Location: VA
Posts: 2,792
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

bicololo was probably it - russian based trojan.

http://blog.avast.com/2013/02/05/bic...server-errors/

no expert on it, but it appears it alters your hosts file, so when you go to open up facebook or whatever website, it redirects you to a phony login page and you really are just entering your name and password into their fake website. not sure whether someone altered it to do this specifically for pokerstars, or if you use the same login info for pokerstars as for your email or facebook, or what exactly they did.

you are probably safe at this point, but you could follow the instructions in the malware sticky at the top of this forum and post an OTL log and someone should be able to make sure that you're all clear. you should also consider how you got it - i think it's possible to get from a website, but also from downloading sketchy stuff that you shouldn't be. so if you're doing that, stop that. otherwise just make sure you constantly keep your java, flash, browser, windows, etc up to date constantly.

Last edited by wahoo3; 09-13-2014 at 12:34 PM.
wahoo3 is offline   Reply With Quote
Old 09-13-2014, 12:24 PM   #4
Rig Astley
self-banned
 
Rig Astley's Avatar
 
Join Date: Mar 2013
Location: Brown Nosing the Shills
Posts: 671
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

Quote:
Originally Posted by synth_floyd View Post
However, I never typed in my password since I always used the "remember password" function.
You sure about that? Everytime the PS Software needs an update, I have to re-enter my PW, even though I use "save PW", too.
Rig Astley is offline   Reply With Quote
Old 09-13-2014, 06:58 PM   #5
synth_floyd
Pooh-Bah
 
Join Date: Sep 2005
Posts: 4,587
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

Yes, occasionally when the software updates it does clear out the "remember password" part and I have to retype it. But I'm pretty sure that I got hacked very shortly after I downloaded the virus. I was on an unreputable website and I got a few popups from Avast saying it blocked some suspicious files. I had gotten those popups before but just ignored them. Plus, there's nothing to do when the popups come up They just say "Suspicious file blocked" and then disappear. Also, I tried to check later what files were blocked but couldn't find any kind of history. Anyone know if there's a place in Avast where you can check that history?

Anyway, a few hours after I got those popups, I got an e-mail from Stars saying my account had been accessed by a new device, so I'm assuming that the popups and the hacking are related. I guess it is possible that they did install a keylogger a while ago and then finally when I had to type in my password after Stars updated then they got my password. But it seems like Stars was the only thing they got (not sure if that was the only thing they targeted).

Also, is there a way to reformat my harddrive and Windows without any original discs?
synth_floyd is offline   Reply With Quote
Old 09-13-2014, 07:01 PM   #6
synth_floyd
Pooh-Bah
 
Join Date: Sep 2005
Posts: 4,587
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

This is my TCPView. Nothing looks strange from a quick glance.

[System Process] 0 TCP bababooey.mshome.net 61138 a72-246-190-131.deploy.akamaitechnologies.com http TIME_WAIT
alg.exe 2712 TCP bababooey.mshome.net 49166 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12025 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12110 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12119 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12143 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12465 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12563 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12993 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12995 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 27275 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP bababooey.mshome.net 49165 r-062-043-234-077.ff.avast.com http ESTABLISHED
AvastSvc.exe 1428 TCP Bababooey 12025 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12110 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12119 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12143 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12465 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12563 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12993 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 12995 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCP Bababooey 27275 Bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12025 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12110 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12119 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12143 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12465 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12563 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12993 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 12995 bababooey 0 LISTENING
AvastSvc.exe 1428 TCPV6 [0:0:0:0:0:0:0:1] 27275 bababooey 0 LISTENING
chrome.exe 2704 TCP bababooey.mshome.net 60925 tf-in-f188.1e100.net 5228 ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 60968 www2.twitter.jp https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61015 tf-in-f141.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61016 tf-in-f95.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61018 a23-2-142-13.deploy.static.akamaitechnologies.com https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61019 nrt04s08-in-f18.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61020 nrt04s08-in-f1.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61024 nrt04s08-in-f24.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61027 www2.twitter.jp https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61042 a72-246-188-105.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61046 tf-in-f95.1e100.net https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61047 a23-2-134-221.deploy.static.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61049 nrt04s08-in-f9.1e100.net https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61050 nrt04s08-in-f18.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61051 nrt04s08-in-f18.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61052 nrt04s08-in-f18.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61053 nrt04s08-in-f14.1e100.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61055 tf-in-f84.1e100.net https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61068 nrt04s08-in-f7.1e100.net https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61082 nrt04s08-in-f18.1e100.net https ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61123 65.54.226.151 http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61126 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61127 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61128 a72-246-190-131.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61129 a72-246-190-131.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61130 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61131 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61132 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61133 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61134 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61135 a72-246-190-115.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61136 a72-246-190-131.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61137 a72-246-190-131.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61140 a72-246-190-97.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61144 23.101.26.37 http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61145 a72-246-190-91.deploy.akamaitechnologies.com http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61147 *.112.2o7.net http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61148 134.170.185.126 http ESTABLISHED
chrome.exe 2704 TCP bababooey.mshome.net 61156 nrt04s08-in-f31.1e100.net https ESTABLISHED 6 714 9 7,793
chrome.exe 2704 TCP bababooey.mshome.net 61158 107.191.107.162 22222 ESTABLISHED 9 1,539 4 673
lsass.exe 752 TCP Bababooey 49156 Bababooey 0 LISTENING
lsass.exe 752 TCPV6 bababooey 49156 bababooey 0 LISTENING
services.exe 736 TCP Bababooey 49155 Bababooey 0 LISTENING
services.exe 736 TCPV6 bababooey 49155 bababooey 0 LISTENING
spoolsv.exe 1740 UDP Bababooey 59653 * * 3 234
svchost.exe 1016 TCP Bababooey epmap Bababooey 0 LISTENING
svchost.exe 412 TCP Bababooey 49153 Bababooey 0 LISTENING
svchost.exe 756 TCP Bababooey 49154 Bababooey 0 LISTENING
svchost.exe 756 UDP Bababooey domain * *
svchost.exe 1520 UDP bababooey.mshome.net ssdp * * 60 28,416 120 56,472
svchost.exe 1520 UDP Bababooey ssdp * *
svchost.exe 1196 UDP Bababooey llmnr * *
svchost.exe 756 UDP Bababooey 52695 * *
svchost.exe 756 UDP Bababooey 52696 * *
svchost.exe 1520 UDP bababooey.mshome.net 59651 * *
svchost.exe 1520 UDP Bababooey 59652 * *
svchost.exe 756 UDP Bababooey 63651 * *
svchost.exe 756 UDP Bababooey 63653 * *
svchost.exe 1016 TCPV6 bababooey epmap bababooey 0 LISTENING
svchost.exe 412 TCPV6 bababooey 49153 bababooey 0 LISTENING
svchost.exe 756 TCPV6 bababooey 49154 bababooey 0 LISTENING
svchost.exe 756 UDPV6 [fe80:0:0:0:48dc:d5e1:1f9c:46] 53 * *
svchost.exe 756 UDPV6 bababooey 547 * *
svchost.exe 1520 UDPV6 [0:0:0:0:0:0:0:1] 1900 * *
svchost.exe 1520 UDPV6 [fe80:0:0:0:48dc:d5e1:1f9c:46] 1900 * *
svchost.exe 1196 UDPV6 bababooey 5355 * *
svchost.exe 1520 UDPV6 [fe80:0:0:0:48dc:d5e1:1f9c:46] 59649 * *
svchost.exe 1520 UDPV6 [0:0:0:0:0:0:0:1] 59650 * *
svchost.exe 756 UDPV6 bababooey 63652 * *
svchost.exe 756 UDPV6 bababooey 63654 * *
System 4 TCP bababooey.mshome.net netbios-ssn Bababooey 0 LISTENING
System 4 TCP Bababooey microsoft-ds Bababooey 0 LISTENING
System 4 TCP Bababooey icslap Bababooey 0 LISTENING
System 4 TCP Bababooey 10243 Bababooey 0 LISTENING
System 4 UDP bababooey.mshome.net netbios-ns * * 21 1,050 6 300 50 50 1 1
System 4 UDP bababooey.mshome.net netbios-dgm * *
System 4 TCPV6 bababooey microsoft-ds bababooey 0 LISTENING
System 4 TCPV6 bababooey icslap bababooey 0 LISTENING
System 4 TCPV6 bababooey 10243 bababooey 0 LISTENING
UNS.exe 2324 TCP Bababooey 49185 Bababooey 0 LISTENING
wininit.exe 676 TCP Bababooey 49152 Bababooey 0 LISTENING
wininit.exe 676 TCPV6 bababooey 49152 bababooey 0 LISTENING
wmpnetwk.exe 2484 TCP Bababooey rtsp Bababooey 0 LISTENING
wmpnetwk.exe 2484 UDP Bababooey 5004 * *
wmpnetwk.exe 2484 UDP Bababooey 5005 * *
wmpnetwk.exe 2484 TCPV6 bababooey rtsp bababooey 0 LISTENING
wmpnetwk.exe 2484 UDPV6 bababooey 5004 * *
wmpnetwk.exe 2484 UDPV6 bababooey 5005 * *
synth_floyd is offline   Reply With Quote
Old 09-13-2014, 07:35 PM   #7
synth_floyd
Pooh-Bah
 
Join Date: Sep 2005
Posts: 4,587
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

OTL logfile created on: 9/14/2014 8:03:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 62.36% Memory free
7.85 Gb Paging File | 6.03 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 319.11 Gb Free Space | 70.74% Space Free | Partition Type: NTFS

Computer Name: BABABOOEY | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/14 08:02:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
PRC - [2014/07/31 21:28:36 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/21 09:28:21 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/24 07:39:14 | 001,017,224 | ---- | M] (Flux Software LLC) -- C:\Users\Steve\AppData\Local\FluxSoftware\Flux\flu x.exe
PRC - [2010/04/01 18:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/24 16:02:20 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/11/21 11:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/11/13 02:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/10/27 12:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/27 02:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/25 05:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/20 12:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/06/20 02:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/20 02:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 09:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2007/08/08 16:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/07/21 09:28:22 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/21 09:28:22 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2009/11/13 02:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/09/25 05:50:02 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/19 07:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/07/21 09:28:21 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/05/04 22:13:01 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/27 14:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/09/18 03:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/07 06:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/03 08:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2007/08/08 16:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2014/03/21 07:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/01 11:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 11:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/16 09:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/21 09:28:36 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/07/21 09:28:24 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/07/21 09:28:24 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/07/21 09:28:24 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/21 09:28:24 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/07/21 09:28:24 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/07/21 09:28:24 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/07/21 09:28:24 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/05/04 22:13:01 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2014/05/04 22:13:01 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/05/04 22:13:01 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/01/22 23:52:21 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/02 11:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/02/14 20:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 23:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 15:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/27 17:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 15:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 15:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/25 18:27:49 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/21 11:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/21 11:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/10/15 18:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/09/30 10:34:31 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/04 14:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/08/21 15:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/20 11:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/07 06:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/07 06:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/20 18:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/01 13:46:57 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/07/01 13:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 13:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 13:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/19 04:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/11 05:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 19:04:55 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/05/13 10:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 16:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/12/09 09:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/24 09:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/25 03:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/04/10 02:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2009/07/14 10:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/07 07:01:48 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.micros oft:{language}:{referrer:source?}&ie={inputEncodin g}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_60 2_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.24. 15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.24. 15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/21 09:28:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn\0.1.1.5023_0\
CHR - Extension: ******* Plus = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddi lifddb\1.8.5_0\
CHR - Extension: Block site = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeo jpcgbh\3.1.1_0\
CHR - Extension: Hola Better Internet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio\1.4.694_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilc cfpfoe\1.0.15_0\
CHR - Extension: Murder Files = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijfecbiladpinddbjfodaaiahg gomhaf\2.0.26_0\
CHR - Extension: FlashControl = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckim kipmoe\5.14.2_0\
CHR - Extension: Google Wallet = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.1_0\
CHR - Extension: BackStop = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pidcjgldchekcoolelhbjfbncc jkckfj\2.0.1_0\

O1 HOSTS File: ([2009/06/11 06:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [f.lux] C:\Users\Steve\AppData\Local\FluxSoftware\Flux\flu x.exe (Flux Software LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{54E8413F-FA77-4AAC-9936-3483E9DC3DA6}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1c2873e4-c889-11df-b1d6-1c4bd6094715}\Shell - "" = AutoRun
O33 - MountPoints2\{1c2873e4-c889-11df-b1d6-1c4bd6094715}\Shell\AutoRun\command - "" = E:\_AUTORUN\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.xvid - C:\Windows\SysWow64\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/09/14 08:02:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2014/09/13 13:02:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\TuneUp Software
[2014/09/13 13:00:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2014/09/13 13:00:09 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\MFAData
[2014/09/13 13:00:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2014/09/11 19:41:25 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 19:41:24 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 19:41:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 19:41:19 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 19:41:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 19:41:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 19:41:18 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 19:41:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 19:41:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 19:41:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 19:41:17 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 19:41:17 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 19:41:16 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 19:41:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 19:41:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 19:41:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 19:41:15 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 19:41:14 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 19:41:14 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 19:41:14 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 19:41:14 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 19:41:13 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 19:41:12 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 19:41:12 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 19:41:10 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 19:41:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 19:41:09 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 19:41:09 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 19:41:09 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 19:41:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 19:41:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 19:41:08 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 19:41:02 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 19:41:00 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 19:41:00 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 19:28:59 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 19:28:58 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/11 19:26:45 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/11 19:25:47 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/11 19:25:46 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/11 19:25:35 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/03 07:36:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Flux
[2014/09/03 07:36:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\FluxSoftware
[2014/09/01 19:49:52 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/28 19:49:38 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2014/08/28 19:49:38 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2014/08/28 19:49:38 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2014/08/28 19:49:29 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2014/08/28 19:49:29 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2014/08/28 19:49:29 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2014/08/28 19:49:29 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2014/08/28 19:49:29 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2014/08/28 19:49:29 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2014/08/28 19:49:25 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2014/08/28 19:49:25 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2014/08/28 19:49:25 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2014/08/28 19:49:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2014/08/16 18:12:31 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/16 18:12:31 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/16 18:12:31 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/16 18:12:31 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/16 18:12:27 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/16 18:12:27 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/16 18:12:05 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/16 18:12:05 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/16 18:11:18 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/16 18:11:16 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/16 18:11:16 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/16 18:11:16 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/16 18:11:15 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/16 18:11:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/16 18:10:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/08/16 18:10:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/08/16 18:10:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/08/16 18:10:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/08/16 18:10:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/08/16 18:10:54 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/08/16 18:10:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/08/16 18:10:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/08/16 18:10:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/08/16 18:10:54 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/08/16 18:08:25 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2008/08/12 13:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/14 08:02:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2014/09/14 07:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-204866776-3214822341-3711418835-1000UA.job
[2014/09/13 21:58:13 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/13 20:44:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-204866776-3214822341-3711418835-1000Core.job
[2014/09/13 17:23:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/13 17:23:51 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/13 17:16:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/13 17:16:30 | 3161,870,336 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/13 16:34:03 | 000,002,202 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2014/09/13 16:34:03 | 000,001,753 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2014/09/13 08:00:12 | 000,002,419 | ---- | M] () -- C:\Users\Steve\Desktop\Google Chrome.lnk
[2014/09/12 09:09:11 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/12 09:09:11 | 000,654,480 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/12 09:09:11 | 000,122,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/11 19:38:54 | 000,766,820 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/01 22:34:13 | 000,531,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/26 19:53:08 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2014/08/23 11:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/19 07:29:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/19 07:19:53 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/19 07:15:34 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/19 07:15:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/19 07:14:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/19 07:14:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/19 07:08:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/19 07:05:01 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/19 07:03:47 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/19 07:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/19 07:03:01 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/19 06:56:17 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/19 06:51:29 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/19 06:45:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/19 06:45:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/19 06:44:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/19 06:44:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/19 06:40:29 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/19 06:39:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/19 06:39:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/19 06:38:12 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/19 06:37:17 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/19 06:36:07 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/19 06:35:24 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/19 06:25:40 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/19 06:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/19 06:23:17 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/19 06:23:16 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/19 06:22:48 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/19 06:19:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/19 06:17:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/19 06:08:54 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/19 06:07:44 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/19 05:38:41 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/19 05:36:30 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/04 22:17:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/12/22 11:17:28 | 000,766,820 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/06 22:20:36 | 000,005,076 | ---- | C] () -- C:\ProgramData\flwjycbm.bab
[2013/03/29 11:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/29 11:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2012/04/03 00:19:22 | 000,000,412 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\All CPU Meter_Settings.ini
[2011/05/25 09:32:30 | 000,000,218 | ---- | C] () -- C:\Users\Steve\.recently-used.xbel
[2010/06/09 07:05:54 | 000,001,513 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\dvdae.config
[2010/06/05 03:19:16 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/06/04 19:08:06 | 000,007,602 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2010/06/04 06:20:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/24 15:43:14 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/04/09 02:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/23 00:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2009/07/14 13:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 11:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 10:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 10:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 10:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2014/09/14 08:02:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >
[2007/06/13 01:34:50 | 000,035,822 | ---- | M] () -- C:\Program Files (x86)\Common Files\ASPG_icon.ico
[2008/05/23 00:35:54 | 000,051,962 | ---- | M] () -- C:\Program Files (x86)\Common Files\banner.jpg
[2009/04/09 02:31:56 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/08/12 13:45:20 | 000,155,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2014/09/13 17:16:47 | 000,000,018 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\log.txt

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2011/11/14 05:03:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\3DO
[2013/04/09 18:44:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/03/24 15:58:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AmIcoSingLun
[2011/01/08 06:37:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2014/05/04 22:14:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/07/01 16:42:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2014/08/11 21:24:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/09/25 18:27:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/11/04 10:06:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DOSBox-0.74
[2010/06/03 04:42:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2013/06/25 16:51:35 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/03/24 15:56:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2014/09/11 19:56:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2014/08/05 20:14:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2013/09/16 19:18:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LibreOffice 4
[2014/08/26 19:53:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MediaMonkey
[2014/02/16 18:18:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/06/03 04:22:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010/06/03 03:43:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office Outlook Connector
[2014/07/28 19:48:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/03 03:42:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/06/03 03:43:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2013/01/10 13:17:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009/07/14 14:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2010/03/24 15:25:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2013/12/14 01:46:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Naver
[2010/03/24 15:58:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NEC Electronics
[2014/09/13 18:42:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars
[2010/06/05 03:20:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PostgreSQL
[2010/03/24 15:57:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 14:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2014/06/09 21:06:08 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/03/24 15:58:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/14 13:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/06/04 06:55:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2013/07/22 20:49:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/06/03 03:43:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/06/03 03:41:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/02/24 08:26:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2013/12/22 12:40:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 14:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/02/24 08:26:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/02/24 08:26:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/02/24 08:26:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< MD5 for: EXPLORER.EXE >
[2011/02/26 14:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87 e574ddfe652d\explorer.exe
[2011/02/25 15:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 15:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa7 9dc39081d0ba\explorer.exe
[2011/02/26 15:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b033 3b22a99da332\explorer.exe
[2010/11/20 21:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f 56d3c4bcbafb\explorer.exe
[2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 14:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc 4815c4e292b5\explorer.exe
[2010/11/20 22:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afda ac81905bf900\explorer.exe

< MD5 for: NETLOGON.DLL >
[2010/11/20 22:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 22:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bdd bcb24e997298\netlogon.dll
[2010/11/20 21:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 21:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632 670482fa3493\netlogon.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 10:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 10:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_ none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 10:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 10:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591a fc466a15356\svchost.exe
[2009/07/14 10:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 10:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04 b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de30 24012ff21116\userinit.exe
[2010/11/20 22:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 22:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4e bf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 22:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde9 0685eb910636\winlogon.exe
[2014/03/04 20:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce74 8d1d04acf24f\winlogon.exe
[2014/03/04 18:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014/03/04 18:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8 bf35eb848572\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Steve\AppData\Local\Google\Chrome\Applic ation\chrome.exe" --show-icons [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Steve\AppData\Local\Google\Chrome\Applic ation\chrome.exe" --hide-icons [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Steve\AppData\Local\Google\Chrome\Applic ation\chrome.exe" --make-default-browser [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Users\Steve\AppData\Local\Google\Chrome\Applic ation\chrome.exe" [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2014/08/20 03:05:24 | 000,810,168 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2014/08/20 03:05:24 | 000,810,168 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\STEVE\APPDATA\LOCAL\GOOGLE\CHROME\APPLIC ATION\CHROME.EXE" --SHOW-ICONS [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\STEVE\APPDATA\LOCAL\GOOGLE\CHROME\APPLIC ATION\CHROME.EXE" --HIDE-ICONS [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\STEVE\APPDATA\LOCAL\GOOGLE\CHROME\APPLIC ATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\USERS\STEVE\APPDATA\LOCAL\GOOGLE\CHROME\APPLIC ATION\CHROME.EXE" [2014/09/04 12:01:19 | 000,852,808 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2014/08/19 06:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2014/08/19 06:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2014/08/19 06:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2014/08/20 03:05:24 | 000,810,168 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2014/08/20 03:05:24 | 000,810,168 | ---- | M] (Microsoft Corporation)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

========== Files - Unicode (All) ==========
[2010/06/03 03:42:29 | 000,000,020 | ---- | M] ()(C:\Windows\?oR) -- C:\Windows\*°«
[2010/06/03 03:42:28 | 000,000,020 | ---- | C] ()(C:\Windows\?oR) -- C:\Windows\*°«

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:28BF1793
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A724744F

< End of report >
synth_floyd is offline   Reply With Quote
Old 09-13-2014, 07:39 PM   #8
synth_floyd
Pooh-Bah
 
Join Date: Sep 2005
Posts: 4,587
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

OTL Extras logfile created on: 9/14/2014 8:03:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steve\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 62.36% Memory free
7.85 Gb Paging File | 6.03 Gb Available in Paging File | 76.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 319.11 Gb Free Space | 70.74% Space Free | Partition Type: NTFS

Computer Name: BABABOOEY | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{012443E3-3878-4D2C-AA43-B573379C27D1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{107838F9-7C77-4B3D-8AC7-D8241DDC9694}" = rport=137 | protocol=17 | dir=out | app=system |
"{158DBF6E-B961-4E5C-91A7-E06D055C09CF}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{291407E9-0FCA-4631-83CB-EE966D270DA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{345229B7-85B3-4C9B-97C9-62538B13A7D8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{349A9844-3DCE-44EA-904A-985A750F5AE9}" = rport=139 | protocol=6 | dir=out | app=system |
"{37AE48BC-FF89-453C-B87D-8F196C9CF116}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{391655C8-336F-478E-887F-22AA5886ABDA}" = lport=5432 | protocol=6 | dir=in | name=postgres |
"{3DE59686-2966-486A-BC52-827E92F3728D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{5CC236FA-29F7-4EB8-A8A3-544542D498E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60B3E452-6C80-415F-B5FC-27648234B32D}" = lport=138 | protocol=17 | dir=in | app=system |
"{6EEAE346-8C72-448A-8E22-DF95ED44D72A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71BCA526-D928-4A5A-BBB5-0D3FB7314D88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{72286933-4905-4ED8-8B26-DBB733827D03}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{74983E84-C4C4-4B36-BCF0-B1FBAB7CDBD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{77FBD5AC-6521-4B05-9219-8BCBD89131C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A6404DC-B4D8-4405-B409-C6646AF414D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C1A70A7-9F23-4690-AE13-BE37A42B7889}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8B9D0CD4-D143-42CA-99F4-2C5682BC2369}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{989B940F-F965-4580-BD5B-C9824E001224}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A00CE333-6F14-4B8A-8851-040B3ED1DD09}" = lport=445 | protocol=6 | dir=in | app=system |
"{A57595AF-5558-4886-9919-2CB08E164752}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AEA3FCDB-B944-462F-9287-D2A29DDA3FC1}" = lport=137 | protocol=17 | dir=in | app=system |
"{AEBDBE86-16A3-49E6-957C-43D7F79F70ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B09816B8-5CBB-4CE1-9B15-6872CBE00903}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCA72EAC-4A1D-4628-9251-A662A16DC0ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1C25439-4C6F-4B7B-AD6B-840299AED072}" = rport=138 | protocol=17 | dir=out | app=system |
"{D3A9308C-574E-4A8D-834E-CDB24A9A9360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D67AD87C-4686-4075-BCE7-AFD8D480DF57}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EA9DF2D9-F76E-4231-81D5-A6304B309C33}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC493D13-A650-4487-83E3-553387ED2B2E}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{ED1338AD-E452-4329-9D31-01444E95ADD7}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{013E583C-BD74-4703-873B-D02098A1D6B1}" = protocol=17 | dir=in | app=c:\users\steve\appdata\roaming\utorrent\utorre nt.exe |
"{01EEAE05-5E85-4485-BC0C-1E191F384D67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{067E16DC-561D-49C2-A31F-6FA8504D851B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2909F902-3918-4AFB-9D0B-84BF1E0B4EB1}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2FA18E2E-29A6-4DEF-9934-88EBF9571406}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3E3D568E-403D-4D94-A44D-FF4B68DBA377}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{41ABA3F9-E6E8-482B-A8E6-75B19F27903D}" = protocol=6 | dir=out | app=system |
"{468A36CF-CED0-44C0-95C1-2C3F5A1E74B6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B276B2F-0E7E-4EB8-9447-188521578BD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{518F019B-7B26-4636-8A3B-EDFCC4C942CC}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{5974038E-7D66-4DFB-A88B-D95E829AD055}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EC193CD-8004-43A4-A3A4-6905C1A599C2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6D9EE6D6-0C76-4342-8A70-30C60C61B015}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{71F4606B-5FED-4C92-96CB-1E0A022D36B8}" = protocol=6 | dir=in | app=c:\users\steve\appdata\roaming\utorrent\utorre nt.exe |
"{771F4A18-94C8-4E7D-8074-C865D78F959A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C870CDD-069A-4AF5-89E1-EEA7B06EE898}" = protocol=6 | dir=in | app=c:\users\steve\appdata\roaming\utorrent\utorre nt.exe |
"{8790E9F0-9876-4379-8D5D-0A5F7890123D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BDE1482-FFEC-4A4D-864B-C684427F600C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{92B20526-4CA2-4A43-8306-E17B06D3E91C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B48AE62-89FA-4015-89BF-29156BF0B1F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9D6EEA04-E0C1-40B4-BAE5-B9417CE6749D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A07299CB-51F5-4B35-8102-2DFD0654E60E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2B1C9A6-F200-44C5-8625-3C76555629A2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4BDE802-9364-4E87-B78D-A2DDCD18A06A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC0C7D4E-4DF0-4604-8515-9ABDDAE51D99}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{D038D65E-3E25-44AE-A1DC-C743F5E02486}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DB2A0B4C-8500-41E7-8501-C8E592B65C1E}" = protocol=17 | dir=in | app=c:\users\steve\appdata\roaming\utorrent\utorre nt.exe |
"{DE8FBBBD-2FA8-40C4-AACC-B6E3A830503D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFE5CB47-0E22-492D-9A37-9CCD4C057DA5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EADC2F96-3567-4C6F-8907-5ACB9FE2F848}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0087312E-1ABD-453F-8243-917222B41DBC}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"TCP Query User{2F5BFD37-54D8-488D-B79E-54D4068774E9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{8E904017-DFE8-4491-970C-FAC96D61FE94}C:\users\steve\desktop\my shared folder\apple2\applewin.exe" = protocol=6 | dir=in | app=c:\users\steve\desktop\my shared folder\apple2\applewin.exe |
"TCP Query User{934C67EA-0130-44B9-AABB-B6593866ED27}C:\program files (x86)\naver\line\line.exe" = protocol=6 | dir=in | app=c:\program files (x86)\naver\line\line.exe |
"TCP Query User{9F7CF112-FE3E-471D-A755-2F989A1E6B8F}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{B59F9298-2351-44F6-8AD6-01D280BEF58E}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |
"TCP Query User{B7B31796-B787-4CFE-A162-2A1F183EEF94}C:\users\steve\appdata\local\google\c hrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\steve\appdata\local\google\chrome\app lication\chrome.exe |
"TCP Query User{CAE3B262-9EE4-4456-B6AD-880B4389087D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{1DD66C02-CE1E-442A-A0CB-CD2E52A98DBC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{2E9C92E0-E1FA-4C8D-86EF-5A36EC31DD38}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5F2755B1-9BBD-4F15-8C0F-E030234C5567}C:\users\steve\desktop\my shared folder\apple2\applewin.exe" = protocol=17 | dir=in | app=c:\users\steve\desktop\my shared folder\apple2\applewin.exe |
"UDP Query User{8F0D2F97-657C-4B8C-8D55-BF78EE3AF506}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{D33FB9B1-878F-4A18-9239-5FA4ED71A5ED}C:\users\steve\appdata\local\google\c hrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\steve\appdata\local\google\chrome\app lication\chrome.exe |
"UDP Query User{E032429F-2EC8-4A80-8AD1-AB3EF15B9A5F}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"UDP Query User{E40C4832-AADC-48FA-9227-8657690CE090}C:\program files (x86)\naver\line\line.exe" = protocol=17 | dir=in | app=c:\program files (x86)\naver\line\line.exe |
"UDP Query User{F031F070-C5DF-479E-B144-53B0808DDE54}C:\program files (x86)\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mediamonkey\mediamonkey.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{489F2C5A-83B9-79D5-714C-1DEF32A898E5}" = ATI AVIVO64 Codecs
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AA5A2780-10FC-913C-B8AA-FE42DFDBAA42}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0528577-31BF-2ABC-D7FC-E443EBF8B40A}" = ATI Catalyst Install Manager
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
"2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"F9FD5BBF579A4BFD40D38BE291F731666B27DC28" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{182A1405-9660-F35E-4910-2F4804EF9CD1}" = Catalyst Control Center Core Implementation
"{1E9165D4-D1BB-A8FF-4D81-4769904075BE}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{2271DC83-BDCA-B742-0F66-51C548D83878}" = CCC Help Hungarian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2458E345-90BF-A135-A9F6-7B79E5A1B034}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{2801377C-AED0-9DF8-8C13-DE5B8A255E01}" = CCC Help Italian
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{2944D228-BD9D-293C-9207-36F3F83200C7}" = Catalyst Control Center Graphics Full Existing
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2BE54333-0A35-B568-B9B6-BBAC93363F07}" = CCC Help Polish
"{321CA409-D308-D275-FD2E-07745286F7B1}" = CCC Help Portuguese
"{394B8A28-0984-B687-DC3D-600A83E3D8AB}" = ccc-core-static
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C168069-602E-D4DE-AAEA-C83395FD7CBB}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{507BF84D-922E-367A-1B91-2C92A8626627}" = CCC Help Finnish
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{56670C91-F1BA-86BC-0AAE-8605B726EF2F}" = CCC Help Russian
"{57CB36B6-4884-535F-9379-34560046C912}" = CCC Help Dutch
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{698E45C8-5054-554F-51CB-68847E4B0BA5}" = CCC Help Greek
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6FEBE183-A517-770B-9BEC-E0AF07B2C0ED}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719C5E05-B9B2-EBBB-766D-2A1245147DF9}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77498F29-4EFE-159E-DB0E-8E36C3E2B473}" = CCC Help Danish
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{788A7564-40B9-4993-78AF-1852D423781E}" = CCC Help Chinese Traditional
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = SkypeÖ 6.18
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{846A2732-D5DB-48BA-AF00-158078C1E034}" = LibreOffice 4.1 Help Pack (English (United States))
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91D02903-7EDB-2A1F-C19F-8EBB335BA708}" = CCC Help Chinese Standard
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95F1EE6A-2C0E-5CE9-8042-287E11DFA089}" = Catalyst Control Center InstallProxy
"{9933221A-32B7-75A8-A496-713191B260CC}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C28D1FA-B33F-AA17-9A87-FA556C5B6C2D}" = CCC Help English
"{9C976EB6-3C08-3B82-0162-26513153E347}" = CCC Help French
"{9EC8C2B7-74F5-EEDC-E3F2-3E13564ABF8D}" = Catalyst Control Center Graphics Light
"{A0306AD8-1D8C-A5BB-6311-81A42370EEB9}" = Catalyst Control Center Graphics Previews Vista
"{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}" = Catalyst Control Center - Branding
"{AB77649D-25F2-EC99-67CD-A1B2F9862199}" = CCC Help Turkish
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{B0474B6D-9508-9D4F-694A-9C78F06BB037}" = CCC Help Swedish
"{B5529701-E380-06B7-14A8-D24EC95B5CD2}" = CCC Help Japanese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA32FA50-7D3C-F111-9E79-619774EDB517}" = Catalyst Control Center Localization All
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD9CA010-1B74-B806-F4B7-C2175EE3AC2C}" = CCC Help Korean
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EE568A-171F-4C06-9BE6-2395BED067A3}" = LibreOffice 4.1.1.2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F5E5DFE5-37AC-61A7-1A57-6741C243C96F}" = CCC Help Czech
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF250E8C-2925-C0C8-71EF-C456BE470759}" = CCC Help Thai
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver
"avast" = avast! Free Antivirus
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"LINE" = LINE
"MediaMonkey_is1" = MediaMonkey 4.1
"Might and Magic« VII" = Might and Magic« VII
"PokerStars" = PokerStars
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Flux" = f.lux
"Google Chrome" = Google Chrome
"uTorrent" = ÁTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/22/2014 11:00:02 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/23/2014 11:00:01 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/24/2014 11:00:01 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/25/2014 11:25:42 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/25/2014 7:38:33 PM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/26/2014 1:48:23 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/26/2014 11:56:40 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/27/2014 11:00:01 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/28/2014 10:35:10 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/28/2014 11:00:00 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

Error - 7/29/2014 10:12:31 AM | Computer Name = Bababooey | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 5/19/2012 4:11:25 PM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:11:25 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 4:16:11 AM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:16:10 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/20/2012 4:36:56 PM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:36:56 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 4:57:58 AM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:57:51 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/21/2012 4:23:07 PM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:23:07 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 4:10:23 AM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:10:18 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 6:56:30 AM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 3:56:30 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/22/2012 4:46:42 PM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:46:42 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/23/2012 4:00:43 AM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:00:39 AM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 5/23/2012 4:36:16 PM | Computer Name = Bababooey | Source = MCUpdate | ID = 0
Description = 1:36:16 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

[ System Events ]
Error - 9/12/2014 11:40:29 PM | Computer Name = Bababooey | Source = ipnathlp | ID = 31004
Description =

Error - 9/13/2014 3:32:01 AM | Computer Name = Bababooey | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/13/2014 3:33:14 AM | Computer Name = Bababooey | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 Lbd SBRE

Error - 9/13/2014 3:33:31 AM | Computer Name = Bababooey | Source = ipnathlp | ID = 34001
Description =

Error - 9/13/2014 3:33:31 AM | Computer Name = Bababooey | Source = ipnathlp | ID = 30013
Description =

Error - 9/13/2014 3:36:13 AM | Computer Name = Bababooey | Source = ipnathlp | ID = 30013
Description =

Error - 9/13/2014 4:16:28 AM | Computer Name = Bababooey | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 9/13/2014 4:16:46 AM | Computer Name = Bababooey | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 Lbd SBRE

Error - 9/13/2014 4:16:58 AM | Computer Name = Bababooey | Source = ipnathlp | ID = 34001
Description =

Error - 9/13/2014 4:16:58 AM | Computer Name = Bababooey | Source = ipnathlp | ID = 30013
Description =


< End of report >
synth_floyd is offline   Reply With Quote
Old 09-14-2014, 12:55 PM   #9
Gabethebabe
Malware Jedi
 
Gabethebabe's Avatar
 
Join Date: Oct 2007
Location: In front of my monitor
Posts: 22,326
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

Your OTL logs appear to be clean

Did your stars account use a password that you used for anything else?

Having "remember password" on it is very bad idea, unless you are sure nobody has access to your computer. Nobody has access to my computer and I still enter my pw every time I start up the client.
Gabethebabe is offline   Reply With Quote
Old 09-14-2014, 06:44 PM   #10
synth_floyd
Pooh-Bah
 
Join Date: Sep 2005
Posts: 4,587
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

Thank you so much for checking it, Gabe. My Stars password was the same as my Facebook password, but they don't appear to have logged into my Facebook account (or if they did, it doesn't seem like anything was changed). My facebook account was also on "remember password" in Chrome (I would just go to facebook.com, it was pre-entered in, and i would hit "login"). Steam had the same password too, but I don't have Steam installed on my computer at the moment and haven't used it for months. And a few other misc. websites use the same password, but I haven't logged onto them for a few weeks.

So I am still unsure about how they did it. The virus specifically targeted Stars (and/or other poker sites) that were installed on the infected computer and it read the data in the software for any passwords that were set to "remember password?" Nothing else seems to have been compromised.

Is it necessary to reformat the computer as well? I don't want to log into any sensitive websites while there is still any uncertainty about the method used for the hacking and whether or not I'm 110% sure all the viruses are gone.
synth_floyd is offline   Reply With Quote
Old 09-15-2014, 03:34 AM   #11
Gabethebabe
Malware Jedi
 
Gabethebabe's Avatar
 
Join Date: Oct 2007
Location: In front of my monitor
Posts: 22,326
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

Seems you have learned a couple of things about password policies, the hard way.

There are thousands of careless users like you, who are sitting on a significant amount of money and don't take the effort to properly protect themselves.

1) Create dedicated unguessable e-mail accounts like r7r163bz0qdk69o4@gmail.com for each financial account you own (Poker clients, eBay, Paypal, e-wallets, Amazon etc).
2) Assign strong passwords and use a password manager like Keepass, so you don't actually have to remember them. Use also strong unique passwords for the services themselves, ldo
3) Use those e-mail accounts exclusively for the corresponding financial service
4) Don't use your private e-mail account for anything that involves money

I don't think you need to reformat your HD, since it probably wasn't malware that caused the data leak. Improve your password policies as described above should be enough.
Gabethebabe is offline   Reply With Quote
Old 09-16-2014, 08:01 PM   #12
UbinTook
veteran
 
UbinTook's Avatar
 
Join Date: Jan 2007
Posts: 2,729
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

Quote:
Originally Posted by Gabethebabe View Post
Seems you have learned a couple of things about password policies, the hard way.

There are thousands of careless users like you, who are sitting on a significant amount of money and don't take the effort to properly protect themselves.

1) Create dedicated unguessable e-mail accounts like r7r163bz0qdk69o4@gmail.com for each financial account you own (Poker clients, eBay, Paypal, e-wallets, Amazon etc).
2) Assign strong passwords and use a password manager like Keepass, so you don't actually have to remember them. Use also strong unique passwords for the services themselves, ldo
3) Use those e-mail accounts exclusively for the corresponding financial service
4) Don't use your private e-mail account for anything that involves money

I don't think you need to reformat your HD, since it probably wasn't malware that caused the data leak. Improve your password policies as described above should be enough.
How does keypass work ?
I have many different logins and many different passwords, do i have to enter them all in manually the first time?
UbinTook is offline   Reply With Quote
Old 09-17-2014, 02:01 AM   #13
Gabethebabe
Malware Jedi
 
Gabethebabe's Avatar
 
Join Date: Oct 2007
Location: In front of my monitor
Posts: 22,326
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

You don't know Keepass?

www.keepass.com

It is an encrypted database where you store your usernames+passwords and include a title (entered manually)
On system startup keepass is initiated and you enter your master password to open it.

When you open a website or program that requires username+password you press the shortcut keys (mine are CTRL+ALT+P) you defined to activate Keepass, it will look the title of the current active window (for example "Paypal") and it will autotype username and password of the corresponding entry.

You can use passwords like 1Qwe3_f5Rtt4_tG7H8ji without effort.

The only thing you need to remember is the master password of your password DB, because if you forget that, you are cooked.

I always wear a USB keyring with me with my Keepass DB, because all my passwords are unique 20 character unguessable passwords
Gabethebabe is offline   Reply With Quote
Old 09-21-2014, 10:22 PM   #14
MistakesWereMade
journeyman
 
Join Date: Aug 2013
Posts: 298
Re: Was infected by a virus and lost my roll on Stars. What method did they use?

You prolly used the same password on something that you had on pokerstars. But I guess if Daniel Negrenu can get hacked then anyone can I suppose...

If you told pokerstars sooner wouldn't they be able to track it down and freeze the account before he withdraws the money?
MistakesWereMade is offline   Reply With Quote

Reply
      

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Forum Jump


All times are GMT -4. The time now is 07:52 PM.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright ę 2008-2017, Two Plus Two Interactive
 
 
Poker Players - Streaming Live Online