PDA

View Full Version : Live Player 3.2, Full Spectrum Interactive - Having Trouble Removing



Hammerfd5
2013-12-06, 07:49
I was a fool, and agreed to download some supposed plugin for hd sports online. I am paying the price.
Now on startup of my laptop, I receive a couple prompts from programs wanting access to install things on my machine and a couple run boxes open. One of the programs calls itself Full Spectrum Interactive.
Also, there is now an extension installed on chrome called Live Player 3.2. It is grayed out, and I cannot uninstall it. There is a black toolbar at the bottom of the browser and I receive new-windowed popup ads each time I click on new links. I am unable to locate any of these programs on windows uninstall programs tool.

I have used spybot and malwarebytes without resolution.
I would very much appreciate any assistance. Thanks!


---------
DDS Log:
---------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
Run by Ryan at 21:18:23 on 2013-12-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4046.1406 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\spool\drivers\x64\3\E_YATIHVA.EXE
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\SaphiraSystray.exe
C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\tTOSD201101.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Spotify Web Helper] "C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Ryan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
uRun: [Volume2] C:\Program Files (x86)\Volume2\Volume2.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SaphiraGamingMSU1106] "C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\SaphiraSystray.exe"
mRun: [SaphiraGamingOSD] "C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\tTOSD201101.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [autoauto] c.bat
mRun: [ooo] ttt.bat
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Ryan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: HideSCAVolume = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{4DB02C8C-9F20-4E69-B439-A4436C18C52A} : DHCPNameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{A10D2C98-31A5-475F-A109-5E330C8DCEB2} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{A10D2C98-31A5-475F-A109-5E330C8DCEB2}\44562707 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A10D2C98-31A5-475F-A109-5E330C8DCEB2}\4457E6E6022427F6370234F666665656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A10D2C98-31A5-475F-A109-5E330C8DCEB2}\46F6276666 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A10D2C98-31A5-475F-A109-5E330C8DCEB2}\4756070796475607 : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{A10D2C98-31A5-475F-A109-5E330C8DCEB2}\E4F6274786D27457563747 : DHCPNameServer = 4.2.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\0w52a4ll.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2013-4-30 26712]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-4-30 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-25 241152]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-11 92216]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-1-28 281656]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-30 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-13 418376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 134944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-4-30 173656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-13 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-13 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2013-4-30 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-4 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-30 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-4-30 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-30 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-30 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-30 1255736]
.
=============== Created Last 30 ================
.
2013-12-06 02:46:49 -------- d-----w- C:\Program Files\HitmanPro
2013-12-06 02:46:14 -------- d-----w- C:\ProgramData\HitmanPro
2013-12-06 00:29:16 -------- d-----w- C:\AdwCleaner
2013-12-05 05:47:27 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B4698859-67BF-4705-B7BE-4DC4C3D1CF86}\mpengine.dll
2013-12-04 03:30:10 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-01 09:36:35 -------- d-----w- C:\Users\Ryan\AppData\Local\Blizzard
2013-12-01 08:57:08 -------- d-----w- C:\Program Files (x86)\Hearthstone
2013-12-01 08:56:02 -------- d-----w- C:\Users\Ryan\AppData\Local\Blizzard Entertainment
2013-12-01 08:55:42 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Battle.net
2013-12-01 08:55:42 -------- d-----w- C:\Users\Ryan\AppData\Local\Battle.net
2013-12-01 08:53:51 -------- d-----w- C:\Program Files (x86)\Battle.net
2013-11-14 03:40:00 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-14 03:40:00 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-06 06:05:20 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D04EC583-B6B1-44FD-B89E-32BEA5F41109}\gapaengine.dll
.
==================== Find3M ====================
.
2013-12-06 02:07:00 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
2013-12-06 02:06:56 69792 ----a-w- C:\Windows\SysWow64\rpcnet.dll
2013-11-19 10:21:41 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-10 02:47:27 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 02:47:27 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-09 15:17:58 68 ----a-w- C:\Windows\SysWow64\ttt.bat
2013-10-08 12:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-27 15:53:06 248240 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-09-27 15:53:06 134944 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
.
============= FINISH: 21:19:03.29 ===============



------------
aswMBR log:
------------



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-05 21:44:01
-----------------------------
21:44:01.702 OS Version: Windows x64 6.1.7601 Service Pack 1
21:44:01.702 Number of processors: 4 586 0x2A07
21:44:01.702 ComputerName: RYAN-PC UserName: Ryan
21:44:02.321 Initialize success
21:46:22.749 AVAST engine defs: 13120500
21:46:50.841 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:46:50.843 Disk 0 Vendor: TOSHIBA_ MH00 Size: 305245MB BusType: 3
21:46:50.952 Disk 0 MBR read successfully
21:46:50.954 Disk 0 MBR scan
21:46:50.988 Disk 0 Windows 7 default MBR code
21:46:50.990 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 315 MB offset 2048
21:46:51.028 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 241011 MB offset 647168
21:46:51.064 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 58550 MB offset 494237696
21:46:51.104 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5367 MB offset 614148096
21:46:51.193 Disk 0 scanning C:\Windows\system32\drivers
21:47:02.875 Service scanning
21:47:30.599 Modules scanning
21:47:30.604 Disk 0 trace - called modules:
21:47:30.644 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
21:47:30.648 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066aa060]
21:47:30.650 3 CLASSPNP.SYS[fffff88000e5f43f] -> nt!IofCallDriver -> [0xfffffa8006543b10]
21:47:30.654 5 hpdskflt.sys[fffff8800144a189] -> nt!IofCallDriver -> [0xfffffa8004872430]
21:47:30.657 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004876050]
21:47:31.276 AVAST engine scan C:\Windows
21:47:33.322 AVAST engine scan C:\Windows\system32
21:50:52.804 AVAST engine scan C:\Windows\system32\drivers
21:51:10.811 AVAST engine scan C:\Users\Ryan
21:57:37.284 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
21:57:37.290 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-05 21:58:52
-----------------------------
21:58:52.255 OS Version: Windows x64 6.1.7601 Service Pack 1
21:58:52.255 Number of processors: 4 586 0x2A07
21:58:52.256 ComputerName: RYAN-PC UserName: Ryan
21:58:52.928 Initialize success
21:59:07.413 AVAST engine defs: 13120500
21:59:24.663 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:59:24.664 Disk 0 Vendor: TOSHIBA_ MH00 Size: 305245MB BusType: 3
21:59:24.867 Disk 0 MBR read successfully
21:59:24.869 Disk 0 MBR scan
21:59:24.873 Disk 0 Windows 7 default MBR code
21:59:24.881 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 315 MB offset 2048
21:59:24.909 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 241011 MB offset 647168
21:59:24.945 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 58550 MB offset 494237696
21:59:24.984 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 5367 MB offset 614148096
21:59:25.220 Disk 0 scanning C:\Windows\system32\drivers
21:59:42.999 Service scanning
22:00:13.379 Modules scanning
22:00:13.384 Disk 0 trace - called modules:
22:00:13.751 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
22:00:13.754 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066aa060]
22:00:13.757 3 CLASSPNP.SYS[fffff88000e5f43f] -> nt!IofCallDriver -> [0xfffffa8006543b10]
22:00:13.760 5 hpdskflt.sys[fffff8800144a189] -> nt!IofCallDriver -> [0xfffffa8004872430]
22:00:13.762 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004876050]
22:00:14.760 AVAST engine scan C:\Windows
22:00:22.634 AVAST engine scan C:\Windows\system32
22:05:49.728 AVAST engine scan C:\Windows\system32\drivers
22:06:08.527 AVAST engine scan C:\Users\Ryan
23:00:57.228 AVAST engine scan C:\ProgramData
23:01:31.271 Scan finished successfully
23:31:29.095 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
23:31:29.329 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"

ken545
2013-12-17, 02:49
:welcome:

Sorry for the delay


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Hammerfd5
2013-12-18, 03:05
Alright, downloaded and ran combofix. I have attached the combofix text file.
ComboFix 13-12-17.02 - Ryan 12/17/2013 18:46:54.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4046.1646 [GMT -6:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.xml
c:\windows\SysWow64\c.bat
c:\windows\SysWow64\v.vbs
.
.
((((((((((((((((((((((((( Files Created from 2013-11-18 to 2013-12-18 )))))))))))))))))))))))))))))))
.
.
2013-12-18 00:56 . 2013-12-18 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-16 17:33 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C99B15B-60D7-417A-8AB7-A73E24273143}\mpengine.dll
2013-12-14 21:08 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 09:04 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 09:04 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 09:04 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 09:04 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 09:04 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-11 18:30 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-12-06 18:45 . 2013-10-20 23:27 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42BE7794-3261-4204-A1F9-C783E2BC5959}\gapaengine.dll
2013-12-06 03:13 . 2013-12-06 03:13 -------- d-----w- c:\program files (x86)\ERUNT
2013-12-06 02:46 . 2013-12-06 02:46 -------- d-----w- c:\program files\HitmanPro
2013-12-06 02:46 . 2013-12-06 02:58 -------- d-----w- c:\programdata\HitmanPro
2013-12-06 00:29 . 2013-12-06 02:06 -------- d-----w- C:\AdwCleaner
2013-12-04 17:43 . 2013-10-15 00:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-12-01 09:36 . 2013-12-01 09:36 -------- d-----w- c:\users\Ryan\AppData\Local\Blizzard
2013-12-01 08:57 . 2013-12-11 06:46 -------- d-----w- c:\program files (x86)\Hearthstone
2013-12-01 08:56 . 2013-12-01 08:56 -------- d-----w- c:\users\Ryan\AppData\Local\Blizzard Entertainment
2013-12-01 08:55 . 2013-12-17 07:17 -------- d-----w- c:\users\Ryan\AppData\Local\Battle.net
2013-12-01 08:55 . 2013-12-01 09:02 -------- d-----w- c:\users\Ryan\AppData\Roaming\Battle.net
2013-12-01 08:53 . 2013-12-04 03:52 -------- d-----w- c:\program files (x86)\Battle.net
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-18 00:36 . 2013-05-09 19:12 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2013-12-16 17:23 . 2013-04-30 19:09 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-14 20:57 . 2013-05-15 17:56 69792 ----a-w- c:\windows\SysWow64\rpcnet.dll
2013-12-11 07:47 . 2013-05-01 12:32 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 07:47 . 2013-05-01 12:32 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2013-04-30 16:51 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-26 02:30 . 2013-10-26 02:30 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2013-10-20 23:27 . 2013-05-21 15:14 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-14 03:39 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-14 03:39 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-14 03:39 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-14 03:39 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 03:39 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-09 15:17 . 2013-10-09 15:17 68 ----a-w- c:\windows\SysWow64\ttt.bat
2013-10-08 12:50 . 2013-10-17 21:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25 . 2013-11-14 03:40 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-14 03:40 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-14 03:39 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-14 03:39 197120 ----a-w- c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-14 03:39 1930752 ----a-w- c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-14 03:39 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-14 03:39 168960 ----a-w- c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-14 03:39 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-14 03:39 404480 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-14 03:39 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-14 03:39 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2013-09-27 15:53 . 2013-09-27 15:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 15:53 . 2013-01-20 20:59 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-14 03:39 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-14 03:39 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-14 03:39 135680 ----a-w- c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-14 03:39 28672 ----a-w- c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-14 03:39 28160 ----a-w- c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-14 03:39 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-14 03:39 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-14 03:39 1447936 ----a-w- c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-14 03:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-14 03:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-14 03:39 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-14 03:39 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-14 03:39 30720 ----a-w- c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-06 1168896]
"Spotify"="c:\users\Ryan\AppData\Roaming\Spotify\spotify.exe" [2013-12-06 5951488]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE" [2011-04-25 239488]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-01-28 299576]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-26 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"SaphiraGamingMSU1106"="c:\program files (x86)\Thermaltake Ttesports Saphira Gaming\SaphiraSystray.exe" [2011-12-21 1232384]
"SaphiraGamingOSD"="c:\program files (x86)\Thermaltake Ttesports Saphira Gaming\tTOSD201101.exe" [2012-01-19 638976]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-25 642816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"ooo"="ttt.bat" [2013-10-09 68]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAVolume"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys;c:\windows\SYSNATIVE\Drivers\SPUVCbv_x64.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys;c:\windows\SYSNATIVE\drivers\johci.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 05:37 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-01 07:47]
.
2013-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:44]
.
2013-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-01 12:44]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-27 835072]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.2.226
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\0w52a4ll.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Volume2 - c:\program files (x86)\Volume2\Volume2.exe
Wow6432Node-HKLM-Run-autoauto - c.bat
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-17 18:59:33
ComboFix-quarantined-files.txt 2013-12-18 00:59
.
Pre-Run: 171,057,688,576 bytes free
Post-Run: 171,274,788,864 bytes free
.
- - End Of File - - 26C2348A3D041D1EB3DD06B4704CC41C

ken545
2013-12-18, 04:07
Hi,

if you can just copy and paste the logs into this forum in lew of attaching them, easier for me to see

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Hammerfd5
2013-12-18, 04:28
Sounds good. Thank you for helping me!
Here are the two logs:

-----------------------------------------------------------------------------------------
OTL logfile created on: 12/17/2013 8:14:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ryan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 65.13% Memory free
7.90 Gb Paging File | 6.09 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235.36 Gb Total Space | 159.58 Gb Free Space | 67.80% Space Free | Partition Type: NTFS
Drive D: | 57.18 Gb Total Space | 44.72 Gb Free Space | 78.22% Space Free | Partition Type: NTFS
Drive E: | 5.23 Gb Total Space | 2.37 Gb Free Space | 45.40% Space Free | Partition Type: FAT32

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ryan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\tTOSD201101.exe (Chicony)
PRC - C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\SaphiraSystray.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\fsHid.dll ()
MOD - C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\SaphiraSystray.exe ()
MOD - C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\WMINPUT.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (rpcnet) -- C:\Windows\SysWOW64\rpcnet.exe (Absolute Software Corp.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron Technology Corp.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE D0 48 FB 49 F6 CE 01 [binary data]
IE - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/15 20:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2013/11/25 19:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\0w52a4ll.default\extensions
[2013/11/25 20:12:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/25 20:12:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: KeyRocket for Gmail\u2122 = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp\0.7.3.2_0\
CHR - Extension: AdBlock = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: live player = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcnoocjdgpaeliplnkbhbpccighjkeef\3.2_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.21_0\
CHR - Extension: Google Wallet = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/12/17 18:56:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ooo] C:\Windows\SysWow64\ttt.bat ()
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SaphiraGamingMSU1106] C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\SaphiraSystray.exe ()
O4 - HKLM..\Run: [SaphiraGamingOSD] C:\Program Files (x86)\Thermaltake Ttesports Saphira Gaming\tTOSD201101.exe (Chicony)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645" File not found
O4 - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001..\Run: [Spotify] C:\Users\Ryan\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001..\Run: [Spotify Web Helper] C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0
O7 - HKU\S-1-5-21-2844515343-2857779979-3863918861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DB02C8C-9F20-4E69-B439-A4436C18C52A}: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A10D2C98-31A5-475F-A109-5E330C8DCEB2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/17 20:11:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2013/12/17 18:59:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/12/17 18:59:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/12/17 18:45:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/12/17 18:45:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/12/17 18:45:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/12/17 18:40:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/17 18:40:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/12/17 18:39:16 | 005,155,004 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2013/12/14 15:51:40 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\phone
[2013/12/12 03:04:22 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2013/12/12 03:04:22 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2013/12/12 03:04:22 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2013/12/12 03:04:20 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2013/12/12 03:02:47 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/12/12 03:02:46 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:02:46 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:02:46 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/12/12 03:02:46 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:02:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/12/12 03:02:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/12/12 03:02:45 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/12/12 03:02:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/12/12 03:02:44 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/12/12 03:02:44 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/12/12 03:02:44 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/12/12 03:02:44 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/12/12 03:02:43 | 001,928,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:02:42 | 001,995,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:02:40 | 005,769,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/11 12:30:37 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msieftp.dll
[2013/12/11 12:30:36 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/12/11 12:30:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/12/11 12:30:36 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msieftp.dll
[2013/12/11 12:30:35 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 12:30:32 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 12:30:32 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 12:30:32 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 12:30:32 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/11 12:30:31 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 12:30:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 12:30:31 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 12:30:31 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/05 21:42:47 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2013/12/05 21:17:55 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2013/12/05 21:14:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\erunt backup
[2013/12/05 21:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/12/05 21:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/12/05 20:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/12/05 20:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/12/05 20:44:36 | 010,264,904 | ---- | C] (SurfRight B.V.) -- C:\Users\Ryan\Desktop\HitmanPro_x64.exe
[2013/12/05 18:29:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/04 11:43:41 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/12/04 11:41:12 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/04 11:41:12 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/12/04 11:41:06 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/12/04 11:41:06 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/12/04 11:41:06 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/12/04 11:41:06 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/12/04 11:41:06 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/12/04 11:41:06 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/04 11:41:06 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/12/04 11:41:06 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/12/04 11:41:06 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/12/04 11:41:06 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/12/04 11:41:06 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/04 11:41:06 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/12/04 11:41:06 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/04 11:41:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/04 11:41:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/12/04 11:41:06 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/12/04 11:41:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/12/04 11:41:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/12/04 11:41:06 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/12/04 11:41:06 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/04 11:41:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/12/04 11:41:06 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/12/04 11:41:05 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/12/04 11:41:05 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/04 11:41:05 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/12/04 11:41:05 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/12/04 11:41:05 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/12/04 11:41:05 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/12/04 11:41:05 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/12/04 11:41:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/12/04 11:41:05 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/12/04 11:41:05 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/12/04 11:41:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/12/04 11:41:04 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/12/04 11:41:04 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/12/04 11:41:04 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/12/04 11:41:04 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/12/04 11:41:04 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/12/04 11:41:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/12/04 11:41:04 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/04 11:41:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/12/04 11:41:03 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/12/04 11:41:03 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/12/04 11:41:03 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/12/04 11:41:03 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/12/04 11:41:03 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/12/04 11:41:03 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/04 11:41:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/12/04 11:41:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/12/04 11:41:02 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/04 11:41:02 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/04 11:41:02 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/04 11:41:02 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/12/04 11:41:02 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/12/04 11:41:02 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/12/04 11:41:02 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/12/04 11:41:02 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/12/04 11:41:02 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/04 11:41:02 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/12/04 11:41:02 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/12/04 11:41:02 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/12/04 11:41:02 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/12/01 03:36:35 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Blizzard
[2013/12/01 02:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2013/12/01 02:57:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2013/12/01 02:56:02 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Blizzard Entertainment
[2013/12/01 02:55:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Battle.net
[2013/12/01 02:55:42 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Battle.net
[2013/12/01 02:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2013/12/01 02:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2013/11/25 20:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/12/17 20:11:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\OTL.exe
[2013/12/17 19:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/17 19:40:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/17 18:56:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/12/17 18:39:30 | 005,155,004 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\ComboFix.exe
[2013/12/17 18:36:22 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/12/17 18:36:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/17 01:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/16 11:37:41 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/16 11:37:41 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/14 15:01:18 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/14 15:01:18 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/14 15:01:18 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/14 14:57:03 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013/12/14 14:56:47 | 000,416,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/14 14:56:02 | 3182,186,496 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/11 01:47:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/11 01:47:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/05 23:31:29 | 000,000,512 | ---- | M] () -- C:\Users\Ryan\Desktop\MBR.dat
[2013/12/05 21:42:58 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Ryan\Desktop\aswMBR.exe
[2013/12/05 21:38:48 | 000,002,394 | ---- | M] () -- C:\Users\Ryan\Desktop\attach.zip
[2013/12/05 21:18:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Ryan\Desktop\dds.scr
[2013/12/05 21:13:33 | 000,001,108 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/05 21:13:14 | 000,000,928 | ---- | M] () -- C:\Users\Ryan\Desktop\NTREGOPT.lnk
[2013/12/05 21:13:14 | 000,000,909 | ---- | M] () -- C:\Users\Ryan\Desktop\ERUNT.lnk
[2013/12/05 20:45:46 | 010,264,904 | ---- | M] (SurfRight B.V.) -- C:\Users\Ryan\Desktop\HitmanPro_x64.exe
[2013/12/04 11:41:12 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/12/04 11:41:12 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/12/04 11:41:06 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/12/04 11:41:06 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/12/04 11:41:06 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/12/04 11:41:06 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/12/04 11:41:06 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/12/04 11:41:06 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/04 11:41:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/12/04 11:41:06 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/12/04 11:41:06 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/12/04 11:41:06 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/12/04 11:41:06 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/04 11:41:06 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/12/04 11:41:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/04 11:41:06 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/04 11:41:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/12/04 11:41:06 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/12/04 11:41:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/12/04 11:41:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/12/04 11:41:06 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/12/04 11:41:06 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/12/04 11:41:06 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/04 11:41:06 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/12/04 11:41:06 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/12/04 11:41:06 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/04 11:41:05 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/12/04 11:41:05 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/04 11:41:05 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/12/04 11:41:05 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/12/04 11:41:05 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/12/04 11:41:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/12/04 11:41:05 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/12/04 11:41:05 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/12/04 11:41:05 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/12/04 11:41:05 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/12/04 11:41:05 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/12/04 11:41:04 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/12/04 11:41:04 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/12/04 11:41:04 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/12/04 11:41:04 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/12/04 11:41:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/12/04 11:41:04 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/12/04 11:41:04 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/12/04 11:41:03 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/12/04 11:41:03 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/12/04 11:41:03 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/12/04 11:41:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/12/04 11:41:03 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/12/04 11:41:03 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/04 11:41:03 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/12/04 11:41:03 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/12/04 11:41:03 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/04 11:41:02 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/04 11:41:02 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/04 11:41:02 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/04 11:41:02 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/12/04 11:41:02 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/12/04 11:41:02 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/12/04 11:41:02 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/12/04 11:41:02 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/12/04 11:41:02 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/04 11:41:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/12/04 11:41:02 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/12/04 11:41:02 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/12/04 11:41:02 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/12/01 02:57:09 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2013/11/26 04:18:23 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/26 03:48:07 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/26 03:46:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/26 03:27:54 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/26 03:21:24 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/26 03:18:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/26 03:16:57 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/26 02:57:44 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/26 02:35:02 | 005,769,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/26 02:32:08 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/26 02:28:16 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/26 02:02:16 | 001,995,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/26 01:32:06 | 001,928,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/26 00:34:55 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/26 00:34:27 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/23 12:26:20 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/11/23 11:47:34 | 000,465,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/11/19 23:15:55 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/19 01:19:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2013/12/17 18:45:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/12/17 18:45:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/12/17 18:45:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/12/17 18:45:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/12/17 18:45:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/12/05 21:57:37 | 000,000,512 | ---- | C] () -- C:\Users\Ryan\Desktop\MBR.dat
[2013/12/05 21:38:47 | 000,002,394 | ---- | C] () -- C:\Users\Ryan\Desktop\attach.zip
[2013/12/05 21:13:33 | 000,001,108 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/05 21:13:14 | 000,000,928 | ---- | C] () -- C:\Users\Ryan\Desktop\NTREGOPT.lnk
[2013/12/05 21:13:14 | 000,000,909 | ---- | C] () -- C:\Users\Ryan\Desktop\ERUNT.lnk
[2013/12/04 11:41:06 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/12/04 11:41:03 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/12/01 02:57:09 | 000,001,187 | ---- | C] () -- C:\Users\Public\Desktop\Hearthstone.lnk
[2013/11/19 01:19:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/15 11:58:05 | 000,019,472 | RHS- | C] () -- C:\ProgramData\3002.abs
[2013/05/09 13:13:23 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/05/09 13:12:39 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/04/30 10:31:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/04/30 10:29:35 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2013/04/30 10:20:39 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/25 15:29:40 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/04/25 15:29:40 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/04/25 14:50:38 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/04/25 14:50:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/28 09:42:06 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/11/28 09:42:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/11/27 00:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/01 03:02:40 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Battle.net
[2013/09/10 23:00:48 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\BitTorrent
[2013/05/16 22:47:09 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Curse Advertising
[2013/12/17 20:11:57 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Spotify
[2013/05/09 13:20:21 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Synaptics
[2013/10/10 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Volume2

========== Purity Check ==========



< End of report >

Hammerfd5
2013-12-18, 04:31
Needed to split up the two logs. Here is Extras.txt:

-------------------------------------------------------------------------------
OTL Extras logfile created on: 12/17/2013 8:14:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ryan\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.57 Gb Available Physical Memory | 65.13% Memory free
7.90 Gb Paging File | 6.09 Gb Available in Paging File | 77.03% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 235.36 Gb Total Space | 159.58 Gb Free Space | 67.80% Space Free | Partition Type: NTFS
Drive D: | 57.18 Gb Total Space | 44.72 Gb Free Space | 78.22% Space Free | Partition Type: NTFS
Drive E: | 5.23 Gb Total Space | 2.37 Gb Free Space | 45.40% Space Free | Partition Type: FAT32

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2844515343-2857779979-3863918861-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{618D7F15-D934-412D-A1AD-B9629EF680D4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003CD955-3550-4B81-A121-32E60417DEE2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{09240054-C8FF-4169-97EE-FC3FD1B109F9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{09CD50E2-61B9-4FE9-BF2B-3AE7903814E1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{16C38B8E-5500-44BB-9F83-AD00D6BBED9F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe |
"{17ED52AB-E30D-4A0C-849E-E12E75AE7100}" = protocol=6 | dir=in | app=c:\users\ryan\appdata\roaming\bittorrent\bittorrent.exe |
"{193F6B52-28A7-4484-B056-1F142BA8240C}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{201E2A60-5AEE-4D65-82B5-7EB58C717A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{255E9F03-1686-4B8C-A0C8-EFE456A94126}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3F37BBD5-F7E4-4040-B904-D082ABCEBEBA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{435BF266-3AF6-4B11-854C-06B5DEAF3748}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{44C3A440-D947-4031-AFA5-D14AB8AEC8AD}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{467D8E62-8878-416E-A273-4746E4003131}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4DE5EE52-E6B9-4650-AA2E-4AE27FDA3448}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{516C06FD-EC4F-4A58-A459-3BE896FE43F5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{56F86E7C-BDC4-4E16-AF11-28ACBEA64D24}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{6086744E-BA26-4F24-9A83-F51CFF33307E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{65A405DF-9A83-4DDB-A095-540F89F1B107}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{68B208F9-6649-4D2B-8250-9E51EA618D31}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{6E50B600-E0AA-432A-9E67-27189AE7EBF2}" = protocol=17 | dir=in | app=c:\users\ryan\appdata\roaming\bittorrent\bittorrent.exe |
"{70FD67E1-522B-489A-A1CF-06F7CFFA8B7F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2417\agent.exe |
"{761E8F3A-F4FE-423D-ACC2-3A6DE0C42DF2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2391\agent.exe |
"{857463F1-B15B-472C-93BD-6198B461E4A3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2417\agent.exe |
"{8D1623FF-F1ED-4025-8B04-7F27FBF4E6B0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A4CD168E-BEED-4BF2-A2CB-D81203C84590}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{B7EDDD5D-476F-44E8-B537-BFF1E0B263E4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{C1489650-787D-4B80-9C4B-5EEFFB9FD592}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{CB4A94FD-D48C-439A-A805-40D6CD5B112E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe |
"{DBBBD8D7-2CFF-44F5-9719-7108C62E7F71}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2391\agent.exe |
"{DC1AC443-F74D-45BE-85E2-0EAE3D70A20A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1845CA2-1618-485D-9367-08DDFE7532CB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F1947F96-5013-4739-A35D-DB7D4E10BBD0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F66AE97E-EB48-4E50-AF7E-0741ACDF1407}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{FECD99C3-7666-4588-BBD4-46CC5E411315}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{A51BB9E0-7191-4137-AD4B-694CEB966A26}C:\users\ryan\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\ryan\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B13B617C-28AD-4DD2-BFF5-D7400E927E0A}C:\users\ryan\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\ryan\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1229D364-BE78-4B33-BAE9-3A038A0AED8F}" = AMD Media Foundation Decoders
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEFB256-FFC2-B597-9C15-88E169B35277}" = ccc-utility64
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8CA0B5DD-1606-4BAB-DFF1-E5BDD30283AF}" = AMD Drag and Drop Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D25F8038-09B3-AF89-45A9-CDEE0489449B}" = AMD Catalyst Install Manager
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FB4B6283-FBC4-E661-E134-B4AD226A6A8B}" = AMD Accelerated Video Transcoding
"EPSON WorkForce 645 Series" = EPSON WorkForce 645 Series Printer Uninstall
"HitmanPro37" = HitmanPro 3.7
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.00 (64-bit)
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A80CD3-3F2D-9A25-5946-9CDCD9720825}" = CCC Help German
"{02679CA8-A830-AD29-AB87-077E5FE9EA30}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2A59C2D0-401A-D15A-D458-534FD7653B01}" = CCC Help Portuguese
"{35ACEB92-8B41-06E1-3A41-A8389171B3AE}" = CCC Help Thai
"{3640874B-3C05-E28B-BF00-D8FF4F2D0595}" = CCC Help Dutch
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF6FA51-9027-2521-7555-C5D1906E3AC1}" = CCC Help Korean
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{568E8031-C40A-45CB-9285-FC34D9279BEA}" = CCC Help French
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C99355D-2CBC-76F1-5AB2-49E1FFE7410B}" = CCC Help Greek
"{755D0C0E-5706-52B9-4A97-C207B4D9672B}" = CCC Help Chinese Standard
"{7664300B-FB27-2073-40F9-84D4A24C84A6}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8249C881-0FAC-9363-E893-A1AB84498B65}" = Catalyst Control Center Graphics Previews Common
"{8A584509-37E8-6022-4305-59629A892605}" = Catalyst Control Center Localization All
"{8CF5741E-D997-705A-DFE9-D0B5BA73C0EE}" = CCC Help Spanish
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{E11F4303-0BB1-4C4A-9D3F-2D803F7A6DA1}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B245D1AB-AB90-9404-C01B-8D487BD99421}" = Catalyst Control Center InstallProxy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48CC4AF-D5C0-5691-E4DE-B7733EC3813D}" = CCC Help Finnish
"{B5A9AAD1-4F23-7204-326D-F9BEF9386A06}" = CCC Help Italian
"{B90E4381-BFE2-3E0D-8349-C894A763A16C}" = CCC Help Japanese
"{BFDDF42D-D76E-03D0-1998-417DE6136E56}" = CCC Help Danish
"{CDDCE9E6-0FD8-0555-E739-15A221AE22BE}" = CCC Help Polish
"{D281F8CD-B5F2-4F74-8A66-75FC08C0606B}" = Tt eSPORTS SAPHIRA
"{DAAB5117-31F3-1FCB-F271-83E26592B139}" = CCC Help Russian
"{DB5FFCB9-8B40-CB91-A689-5A25B1A7CABB}" = CCC Help English
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{ECC69DF0-0A86-0389-5633-B6912F3E99D6}" = CCC Help Norwegian
"{F17D78B2-FCC7-9C6E-23F5-F184596802B4}" = CCC Help Czech
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F9E4DA6D-422C-C5A3-A54E-A5951D312196}" = Catalyst Control Center
"{FD9F1C73-16B3-70CA-A45D-84253DBD74C5}" = CCC Help Chinese Traditional
"{FE8D0D5E-565F-FB7A-E849-7D185EAB8C4F}" = CCC Help Turkish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Battle.net" = Battle.net
"BitTorrent" = BitTorrent
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RollerCoaster Tycoon Deluxe_is1" = RollerCoaster Tycoon Deluxe
"Steam App 570" = Dota 2
"SZCCID" = Alcor Micro Smart Card Reader Driver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2844515343-2857779979-3863918861-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2013 3:07:44 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/26/2013 3:07:44 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5133

Error - 10/26/2013 3:07:44 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5133

Error - 10/26/2013 3:07:45 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/26/2013 3:07:45 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6131

Error - 10/26/2013 3:07:45 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6131

Error - 10/26/2013 4:30:38 PM | Computer Name = Ryan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 10/26/2013 4:54:22 PM | Computer Name = Ryan-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/27/2013 1:31:09 AM | Computer Name = Ryan-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 10/27/2013 3:24:19 AM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 9/27/2013 8:43:44 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the lmhosts service.

Error - 10/10/2013 10:43:41 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the hpqwmiex service.

Error - 10/10/2013 10:43:41 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AMD External Events Utility service.

Error - 10/10/2013 11:14:30 PM | Computer Name = Ryan-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.5
with the system having network hardware address 00-26-18-F3-3B-EF. Network operations
on this system may be disrupted as a result.

Error - 10/10/2013 11:18:45 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Steam
Client Service service to connect.

Error - 10/10/2013 11:18:45 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7000
Description = The Steam Client Service service failed to start due to the following
error: %%1053

Error - 10/14/2013 8:17:32 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the hpqwmiex service.

Error - 10/16/2013 5:00:13 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the hpqwmiex service.

Error - 10/16/2013 5:00:13 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AeLookupSvc service.

Error - 11/11/2013 4:39:20 PM | Computer Name = Ryan-PC | Source = DCOM | ID = 10010
Description =


< End of report >

ken545
2013-12-18, 13:21
Good Morning,

bittorrent <--- This is how you infect your system, the program itself is safe but file sharing of any kind is dangerous, your downloading that file from an unknown source and not all but the greater percentage of them are infected files, its like playing Russian Roulette malwarewise , I strongly urge you to uninstall it via Programs and Features in the Control Panel.


Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
O4 - HKLM..\Run: [ooo] C:\Windows\SysWow64\ttt.bat ()

:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces


Then run a new scan with OTL and lets make sure its gone

Hammerfd5
2013-12-19, 02:49
Followed the instructions. And now running an OTL scan.

Here is the log from the Run Fix:


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ooo deleted successfully.
C:\Windows\SysWOW64\ttt.bat moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ryan\Desktop\cmd.bat deleted successfully.
C:\Users\Ryan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Ryan
->Java cache emptied: 29748 bytes

User: Setup

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Ryan
->Temp folder emptied: 57440 bytes
->Temporary Internet Files folder emptied: 312554944 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 317131093 bytes
->Google Chrome cache emptied: 523003608 bytes
->Flash cache emptied: 4682 bytes

User: Setup
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19866 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,099.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12182013_174925

Files\Folders moved on Reboot...
C:\Users\Ryan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hammerfd5
2013-12-19, 07:44
Ran the OTL Scan and rebooted. Upon startup, there are no prompts for attempted software installations or run windows opened like before.

However, there is still a grayed out extension on google chrome called Live Player 3.2 that I cannot disable. The black bar at the bottom of the browser still remains. Clicking on links still creates new-windowed popups/advertisements.

I really appreciate the assistance you have been providing me with.

ken545
2013-12-19, 12:49
Good Morning,

I am going to link you to a removal guide for live player, it would be easier for you to follow in lew of me typing all the info, it will show you how to get rid of it in all your browsers. One file Combofix removed and the one we removed with OTL were viruses. Let me know if you have problems following this tutorial.

http://malwaretips.com/blogs/live-player-3-2-virus-removal/

ken545
2013-12-23, 14:28
Have you resolved this issue or do you still need help ?

ken545
2013-12-26, 23:22
Due to inactivity, this thread will now be closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
-----------------------------------------
Admin Edit

Thank you Ken. :)