Hello, my son posted a request for help several days back (http://forums.spybot.info/showthread.php?70558-Please-help!-ilivid-virus), and tried to get the logs requested, but ran into trouble with it. Yesterday he asked me to do it for him while he was at school. I ran ERUNDT, but couldn't get DDS to run properly. I then couldn't get into his password manager to log into the forum in his name (his directions for entering his password didn't work for me). We're in New Zealand so there's a big time difference and we ended up missing the 3 day deadline to reply.

So, I'm entering this as a new thread. I see that the DDS file that downloaded is a screen saver and not an executable, so I have the correct file now and am running it. It's been almost 5 minutes and I can't find a DDS.txt file anywhere so I'll try it again. Still no dds.txt or attach.txt files. Not sure what's going wrong. It looks like the program's running.

Using a Windows 7 laptop.

Thanks

Hi, forum policy , threads are closed if no response in 3 days, sorry.

If DDS runs this time please do post the log please

Without the logs its hard to figure out whats going on on your system, if there are more serious things going on besides ilivid we wont see them, lets bypass that for now and see if you can run this tool.


-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.



Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

How are you coming along ? Tell me where your at as far as the scans and let me see if I can help you. Since your in a different time zone I will keep this thread open for you past the 3 days

Thank you Ken for helping us. The DDS still isn't working for some reason, and we are now kicking off AdwCleaner. Will check the report when I get up in the morning and will send it to you then.

# AdwCleaner v3.210 - Report created 21/05/2014 at 23:23:45
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : J & S - RYAN-MSI
# Running from : C:\Users\Ryan_2\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : DatamngrCoordinator
Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\Movies Toolbar
Folder Found : C:\Program Files (x86)\savae net
Folder Found : C:\ProgramData\DataMngr
Folder Found : C:\ProgramData\savae net
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\Family\AppData\Local\torch
Folder Found : C:\Users\Family\Desktop\Save
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\J & S\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\J & S\AppData\Local\torch
Folder Found : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\Ryanl\AppData\Local\torch
Folder Found : C:\Users\Ryan_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\Ryan_2\AppData\Local\torch
Folder Found : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Found : C:\Users\UpdatusUser\AppData\Local\torch

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\net
Key Found : HKLM\SOFTWARE\Classes\net.5.14
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : oleonpjjplojdjogmfhkcaflcmgddelp

[ File : C:\Users\J & S\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : oleonpjjplojdjogmfhkcaflcmgddelp

[ File : C:\Users\Ryan_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : oleonpjjplojdjogmfhkcaflcmgddelp

*************************

AdwCleaner[R0].txt - [4137 octets] - [21/05/2014 23:23:45]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [4197 octets] ##########

Hadn't tried it yet since I was roadblocked on DDS. Let me know if I should do it.

Good



Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.






http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.









http://i.imgur.com/GUZVCQN.jpg Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.



Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
Once installed, Malwarebytes will ask if you want to Launch Now. Please select to do so and then Malwarebytes will open and update on its own. Please allow this to complete.
If an update is found, it will download and install the latest version.
Let's be sure to run a Hyper Scan. Press the Scan tab and then select Hyper Scan.
Press Scan Now then Skip Update (since we just updated it)

http://www.bleepstatic.com/fhost/uploads/2/mbam2.0.1.jpg



When the scan is complete, click View Detailed Log, then Export to save the log to your Desktop (name the log MBAM Scan).
Copy and Paste all of the information in that file to your next reply.

We ran AdwCleaner, then clicked clean. It restarted but produced no log file (even checked the directory it should be in). We re-ran it, but this time, the 2 items shown under "Services" were not there. Looking at the files again, I see that there was a text file called "AdwCleaner[SO]" so we'll copy that one.

AdwCleaner[SO]

# AdwCleaner v3.210 - Report created 22/05/2014 at 21:34:27
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RyanWensel - RYANWENSEL-MSI
# Running from : C:\Users\RyanWensel_2\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DatamngrCoordinator
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DataMngr
Folder Deleted : C:\ProgramData\savae net
Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Program Files (x86)\savae net
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Family\AppData\Local\torch
Folder Deleted : C:\Users\Family\Desktop\Save
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Jen & Steve\AppData\Local\torch
Folder Deleted : C:\Users\RyanWensel\AppData\Local\torch
Folder Deleted : C:\Users\RyanWensel_2\AppData\Local\torch
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Deleted : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Deleted : C:\Users\Jen & Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Deleted : C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Deleted : C:\Users\RyanWensel_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oleonpjjplojdjogmfhkcaflcmgddelp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\net
Key Deleted : HKLM\SOFTWARE\Classes\net.5.14
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6229ACC-D97F-254C-3CE8-2EEE93C903DD}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : oleonpjjplojdjogmfhkcaflcmgddelp

[ File : C:\Users\Jen & Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : oleonpjjplojdjogmfhkcaflcmgddelp

[ File : C:\Users\RyanWensel_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=161&systemid=406&v=n12521-347&apn_uid=3055595516574121&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
Deleted [Extension] : oleonpjjplojdjogmfhkcaflcmgddelp

*************************

AdwCleaner[R0].txt - [4295 octets] - [21/05/2014 23:23:45]
AdwCleaner[R1].txt - [4719 octets] - [22/05/2014 21:32:57]
AdwCleaner[S0].txt - [4662 octets] - [22/05/2014 21:34:27]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4722 octets] ##########

AdwCleaner[R2]

# AdwCleaner v3.210 - Report created 22/05/2014 at 21:41:17
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : RyanWensel - RYANWENSEL-MSI
# Running from : C:\Users\RyanWensel_2\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Google Chrome v34.0.1847.137

[ File : C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Jen & Steve\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\RyanWensel_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4295 octets] - [21/05/2014 23:23:45]
AdwCleaner[R1].txt - [4719 octets] - [22/05/2014 21:32:57]
AdwCleaner[R2].txt - [953 octets] - [22/05/2014 21:41:17]
AdwCleaner[S0].txt - [4820 octets] - [22/05/2014 21:34:27]

########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [1072 octets] ##########

Good, lets see what Junkware removal and Malwarebytes find

Hello, my son hasn't been successful getting Junkware Removal to work and he now tells me that at one point the keyboard wasn't working for him to log into the computer. I too haven't been able to get Junkware Removal to complete. Here's the log it generates while attempting to run (I'm typing it, as there was not a saved txt file):

Creating a registry backup
The system cannot find the path specified (repeated 4x)
Checking startup
Checking modules
The system cannot find the path specified (repeated 6x)
Checking processes
Checking sources
Checking files
Checking folders
Checking registry

Then it stops running without a txt file or error msg. I did run it with Microsoft Security Essentials turned off (our Windows Defender is always off). Spybot & Malwarebytes is installed, but not running real-time protection (free versions). I'll now run Malwarebytes (I discovered that my son hadn't been updating or running it and the database was 44 days without an update).

Another odd thing is that there are lots of files and folders in the desktop directory, but they don't appear visually on the desktop. I'm not sure why this is.

Here's the log below. But in doing this, I just discovered something really messed up. Right now I'm logged into my son's account (Windows 7). No-one else is logged into this computer, yet when I saved the Malwarebytes files to the desktop, it saved to my desktop. When I click on my son's start menu, it shows my account name as if we're in my account. However, the libraries folders contain my son's files. He thinks this may have started with ilivid. After running the quick scan, there are 2 items. You didn't say what to do, so I'll go ahead and quarantine them. Can I run the Malwarebytes full scan now and remove/quarantine whatever comes up?

-----------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 26/05/2014
Scan Time: 9:27:52 p.m.
Logfile: Malwarebytes log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.26.01
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jen & Steve

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 356347
Time Elapsed: 3 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Superfish.A, C:\Users\RyanWensel_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [8c6d67ee0f6c092dc7fd642907fbad53],
PUP.Optional.Superfish.A, C:\Users\RyanWensel_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [b742fb5a592214226d57bdd0d032936d],

Physical Sectors: 0
(No malicious items detected)


(end)

Not sure what your referring to as a lot of files on the desktop but not showing on the desktop ?? Any scans should be run the the main account ( administrators account )

Run Malwarebytes again and this time run the Threat Scan.

When the scan has completed, you will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected. To remove the malicious programs that Malwarebytes Anti-malware has found, click on the “Quarantine All” button, and then click on the “Apply Now” button.

Then post the log please



OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

This is after the threat scan.

===================================
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/05/2014
Scan Time: 10:40:16 p.m.
Logfile: Malwarebytes Clean.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.29.05
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RyanWensel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413693
Time Elapsed: 7 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Tarma.A, C:\Users\RyanWensel\AppData\Local\Temp\{A62BBFFF-6775-43BD-A156-2F577DC89D09}\Setup.exe, Quarantined, [2dfc06512c4f2412954ecd78e91720e0],

Physical Sectors: 0
(No malicious items detected)


(end)

OTL logfile created on: 30/05/2014 10:10:00 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RyanWensel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

7.92 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 66.98% Memory free
15.84 Gb Paging File | 13.14 Gb Available in Paging File | 82.95% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 412.52 Gb Total Space | 329.14 Gb Free Space | 79.79% Space Free | Partition Type: NTFS
Drive D: | 275.01 Gb Total Space | 176.40 Gb Free Space | 64.14% Space Free | Partition Type: NTFS

Computer Name: RYANWENSEL-MSI | User Name: RyanWensel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\RyanWensel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\SCM\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI)
PRC - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
PRC - C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe (Creative Technology Ltd)
PRC - C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\72284863df9bea3f081ae98996400619\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f703846404bb66a4ae03ef8133755007\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\660ac5d6da77df8e86fb26f05c6a9816\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (WTabletServicePro) -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Wacom Technology, Corp.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (WD Boost) -- C:\Program Files\Western Digital\WD Boost\WDBoost.exe (Western Digital)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Micro Star SCM) -- C:\Program Files (x86)\SCM\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (RtkBleServ) -- C:\Program Files (x86)\Realtek\Realtek Bluetooth\RtkBleServ.exe (Realtek Semiconductor Corporation)
SRV - (BTDevManager) -- C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe ()
SRV - (AvrcpService) -- C:\Program Files (x86)\Realtek\Realtek Bluetooth\AvrcpService.exe (Realtek Semiconductor Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (MSI_SuperCharger) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe (MSI)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.16\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (MSI Foundation Service) -- C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe (MSI)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MGHwCtrl) -- C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys File not found
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\drivers\rtwlane.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (hiosd) -- C:\Windows\SysNative\drivers\hiosd.sys (Western Digital)
DRV:64bit: - (hiofs) -- C:\Windows\SysNative\drivers\hiofs.sys (Western Digital)
DRV:64bit: - (RtkAvrcpCtrlr) -- C:\Windows\SysNative\drivers\RtkAvrcpCtrlr.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (RtkBtFilter) -- C:\Windows\SysNative\drivers\RtkBtfilter.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RtkAvrcp) -- C:\Windows\SysNative\drivers\RtkAvrcp.sys (Realtek Semiconductor Corporation)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (DUKEMS) -- C:\Windows\SysNative\drivers\DUKEMS.sys ( )
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (NTIOLib_1_0_3) -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys (MSI)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {06656A4E-F484-4C4E-BF1B-7EC9CE59B823}
IE:64bit: - HKLM\..\SearchScopes\{06656A4E-F484-4C4E-BF1B-7EC9CE59B823}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE9TR&pc=MAMIJS&src=IE9TR
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msi.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{06656A4E-F484-4C4E-BF1B-7EC9CE59B823}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2935956336-2545272421-2336413830-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://msi13.msn.com
IE - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wensel.org/
IE - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)



========== Chrome ==========

CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = https://duckduckgo.com/?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage:
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Turn Off the Lights = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\3.0.0.6_0\
CHR - Extension: YouTube = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.17_0\
CHR - Extension: YouTweak for YouTubeâ„¢ - Remove watched videos = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfgpigllcihcpkbokdnmpkjobnebflgh\3.11_0\
CHR - Extension: Google Search = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google+ = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm\1.2.0.418_0\
CHR - Extension: HTTPS Everywhere = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2014.4.25_0\
CHR - Extension: AdBlock = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.35_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.21_0\
CHR - Extension: Disconnect = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\5.18.12_0\
CHR - Extension: DuckDuckGo Home Page = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkalbbbffedallekgkdheknngopfhif\0.0.8_0\
CHR - Extension: Timer = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lohdjjakgiggfpnipdbjkikbiicilfch\1.3_0\
CHR - Extension: Ghostery = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.2.1_0\
CHR - Extension: Google Wallet = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Khan Academy = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahdiadnidmaaoohjmlkcjffbfcapgko\0.0.0.1_0\
CHR - Extension: Click&Clean App = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Gmail = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Abstract-Blue = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.1_0\
CHR - Extension: AVG PrivacyFix = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\5.0.8_0\

O1 HOSTS File: ([2014/03/04 11:31:32 | 000,450,709 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15469 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BtServer] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (Realtek Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MBCfg64] C:\windows\SysNative\MBCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Radio Manager] C:\Program Files (x86)\SCM\Radio Manager.exe (MSI)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SCM] C:\Program Files (x86)\SCM\SCM.exe (MSI)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [Sound Blaster Cinema] C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\RyanWensel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1135950D-1365-4E43-8FD7-C98138657184}: DhcpNameServer = 10.2.52.2 10.2.52.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AC40DDC-20F7-4562-9F09-101FDA2355C1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D3FE195-09C8-4980-B126-175F9B7655D8}: DhcpNameServer = 192.168.100.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/30 22:02:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RyanWensel\Desktop\OTL.exe
[2014/05/26 21:10:15 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/26 21:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/26 21:09:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/26 21:09:55 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/26 21:09:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/22 22:21:10 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/05/21 23:24:10 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/05/21 23:23:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/18 12:07:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2014/05/18 11:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/05/18 11:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/05/18 10:55:52 | 000,000,000 | ---D | C] -- C:\Users\RyanWensel\AppData\Local\Packages
[2014/05/18 10:53:30 | 000,000,000 | ---D | C] -- C:\Users\RyanWensel\AppData\Local\Comodo
[2014/05/18 10:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\ba603c9383002c81
[2014/05/18 10:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014/05/14 20:50:07 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/14 20:50:06 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/05/14 20:48:22 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2014/05/14 20:47:30 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2014/05/14 20:47:30 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2014/05/14 20:47:30 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2014/05/14 20:47:29 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2014/05/14 20:47:29 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\objsel.dll
[2014/05/14 20:47:29 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\objsel.dll
[2014/05/14 20:47:29 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe
[2014/05/14 20:47:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2014/05/14 20:47:28 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cngprovider.dll
[2014/05/14 20:47:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\adprovider.dll
[2014/05/14 20:47:28 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\capiprovider.dll
[2014/05/14 20:47:28 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapiprovider.dll
[2014/05/14 20:47:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cngprovider.dll
[2014/05/14 20:47:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\adprovider.dll
[2014/05/14 20:47:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\capiprovider.dll
[2014/05/14 20:47:28 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpapiprovider.dll
[2014/05/14 20:47:28 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dimsroam.dll
[2014/05/14 20:47:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dimsroam.dll
[2014/05/14 20:47:27 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2014/05/14 20:47:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wincredprovider.dll
[2014/05/14 20:47:27 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wincredprovider.dll
[2014/05/14 20:47:27 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2014/05/14 20:47:27 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2014/05/14 20:47:04 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/14 20:47:04 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/14 20:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/05/12 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/12 13:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/05/12 13:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/05/08 06:42:23 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/05/01 10:14:06 | 000,000,000 | ---D | C] -- C:\Users\RyanWensel\AppData\Local\CrashDumps
[2014/05/01 10:11:12 | 000,000,000 | ---D | C] -- C:\Users\RyanWensel\AppData\Roaming\Epson
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/30 22:04:04 | 000,024,656 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 22:04:04 | 000,024,656 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/30 22:02:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RyanWensel\Desktop\OTL.exe
[2014/05/30 21:59:39 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/30 21:59:25 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/30 21:56:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/30 21:56:07 | 2085,023,743 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/30 21:29:00 | 000,000,906 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/30 20:08:55 | 000,000,956 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2935956336-2545272421-2336413830-1007UA.job
[2014/05/29 22:38:04 | 000,000,632 | RHS- | M] () -- C:\Users\RyanWensel\ntuser.pol
[2014/05/29 22:27:00 | 000,000,934 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2935956336-2545272421-2336413830-1007Core.job
[2014/05/26 21:09:57 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/25 20:09:57 | 000,758,602 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/25 20:09:57 | 000,650,038 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/25 20:09:57 | 000,119,700 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/23 19:54:08 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/22 18:48:40 | 987,298,846 | ---- | M] () -- C:\windows\MEMORY.DMP
[2014/05/18 11:59:55 | 000,001,118 | ---- | M] () -- C:\Users\RyanWensel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/18 11:59:41 | 000,000,938 | ---- | M] () -- C:\Users\RyanWensel\Desktop\NTREGOPT.lnk
[2014/05/18 11:59:41 | 000,000,919 | ---- | M] () -- C:\Users\RyanWensel\Desktop\ERUNT.lnk
[2014/05/14 20:35:44 | 000,000,367 | ---- | M] () -- C:\windows\wininit.ini
[2014/05/14 19:49:08 | 000,493,608 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/05/09 18:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/05/09 18:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/05/06 15:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/05/06 14:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/05/04 11:05:08 | 000,003,120 | ---- | M] () -- C:\windows\SysWow64\ALLFSAF14a.ocx
[2014/05/01 10:26:22 | 000,004,613 | ---- | M] () -- C:\Users\RyanWensel\AppData\Local\recently-used.xbel
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/18 11:59:55 | 000,001,118 | ---- | C] () -- C:\Users\RyanWensel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/18 11:59:41 | 000,000,938 | ---- | C] () -- C:\Users\RyanWensel\Desktop\NTREGOPT.lnk
[2014/05/18 11:59:41 | 000,000,919 | ---- | C] () -- C:\Users\RyanWensel\Desktop\ERUNT.lnk
[2014/05/14 20:35:44 | 000,000,367 | ---- | C] () -- C:\windows\wininit.ini
[2014/05/04 11:05:08 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\ALLFSAF14a.ocx
[2014/05/01 10:26:22 | 000,004,613 | ---- | C] () -- C:\Users\RyanWensel\AppData\Local\recently-used.xbel
[2014/03/02 21:22:09 | 000,000,051 | ---- | C] () -- C:\windows\EPART725.ini
[2014/01/31 11:08:39 | 000,000,632 | RHS- | C] () -- C:\Users\RyanWensel\ntuser.pol
[2013/07/20 05:22:16 | 000,008,570 | ---- | C] () -- C:\windows\SysWow64\MBCfg32.ini
[2013/07/20 05:22:16 | 000,005,856 | ---- | C] () -- C:\windows\SysWow64\MBCfgUninstall32.ini
[2013/07/20 05:22:16 | 000,002,835 | ---- | C] () -- C:\windows\MBCfg_SP_APOIM.ini
[2013/07/20 05:22:16 | 000,002,783 | ---- | C] () -- C:\windows\MBCfg_APOIM.ini
[2013/07/20 05:22:16 | 000,002,747 | ---- | C] () -- C:\windows\MBCfg_HP_APOIM.ini
[2013/07/20 05:22:15 | 000,246,272 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL
[2013/07/20 05:22:15 | 000,074,240 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL
[2013/07/20 04:45:57 | 000,036,864 | ---- | C] () -- C:\windows\runSW.exe
[2013/07/20 04:45:56 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/07/20 04:33:52 | 000,764,068 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/07/19 14:21:17 | 019,587,072 | ---- | C] () -- C:\windows\SysWow64\igdfcl32.dll
[2013/07/19 14:21:17 | 000,241,152 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2013/07/19 14:21:17 | 000,103,936 | ---- | C] () -- C:\windows\SysWow64\igdail32.dll
[2012/12/11 09:12:50 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2009/07/14 16:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 14:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 13:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 15:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 13:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/05 17:59:08 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Epson
[2014/03/04 08:24:01 | 000,000,000 | ---D | M] -- C:\Users\Jen & Steve\AppData\Roaming\Epson
[2014/04/06 12:35:27 | 000,000,000 | ---D | M] -- C:\Users\Jen & Steve\AppData\Roaming\SketchUp
[2014/04/27 10:23:43 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel\AppData\Roaming\.minecraft
[2014/02/25 09:52:21 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel\AppData\Roaming\DMCache
[2014/05/01 10:11:12 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel\AppData\Roaming\Epson
[2014/02/25 09:44:29 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel\AppData\Roaming\IDM
[2014/05/17 18:47:20 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\.minecraft
[2014/05/30 16:00:08 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\DMCache
[2014/03/03 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\Epson
[2014/05/07 08:37:36 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\IDM
[2014/04/30 17:33:46 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\inkscape
[2014/04/29 22:15:19 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\LibreOffice
[2014/03/22 18:08:01 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\SketchUp
[2014/04/30 17:11:39 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\Sublime Text 2
[2014/03/08 05:35:35 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\TheBannerSaga
[2014/03/07 07:03:08 | 000,000,000 | ---D | M] -- C:\Users\RyanWensel_2\AppData\Roaming\TheBannerSagaFactions

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 30/05/2014 10:10:00 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RyanWensel\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

7.92 Gb Total Physical Memory | 5.31 Gb Available Physical Memory | 66.98% Memory free
15.84 Gb Paging File | 13.14 Gb Available in Paging File | 82.95% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 412.52 Gb Total Space | 329.14 Gb Free Space | 79.79% Space Free | Partition Type: NTFS
Drive D: | 275.01 Gb Total Space | 176.40 Gb Free Space | 64.14% Space Free | Partition Type: NTFS

Computer Name: RYANWENSEL-MSI | User Name: RyanWensel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2935956336-2545272421-2336413830-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C163473-929A-4809-A0DF-34B6CB6FB2BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{209E77F6-BC92-42DD-9053-841292E4E472}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{280B3916-B86E-4E05-9580-7F66104CD46D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7539836E-C0BF-4B80-8439-C0E871676DBB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7D9249BE-A24D-4221-825F-11CAA37AC56F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7E815EC7-7344-4752-99DF-1690755F9D41}" = rport=10243 | protocol=6 | dir=out | app=system |
"{93226785-6F03-4627-99F4-799DECE01AEE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{AE619C7D-1EB8-461A-ABA8-B6A532834B50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B0F28314-34AE-46E0-8F29-20246491F8DA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C72B62E5-A998-497B-81FE-7D755B8363BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C86E9DE3-358D-43B0-9EA8-9C7927AAEC99}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D7810285-4CF1-4A36-85DB-981200806E06}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08952F41-F755-48EB-8829-5798A85A173F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CE95433-3F56-447C-8C76-860CD0C6EC49}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0E8BCC6E-9BF6-443D-87A2-9F078C9BA08E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter.exe |
"{13640807-082E-4656-8480-FD6465383387}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1472372A-5AC2-42F7-ADF2-1C6400AEEA2B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1C6D949D-A8FB-4E25-85FA-D6E479F13D53}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{26BEB17A-6AAA-48D0-BC28-01DD10481272}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cryptic studios\neverwinter.exe |
"{27508D76-B7CD-4273-91AC-73563052DE59}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{27935BDD-3753-4F30-9666-2E7265C0C0F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3A6780F6-1C68-4240-AFB8-A60E20238C2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{52CC829F-5692-47EF-B2E1-8DD6ECF1F37F}" = protocol=6 | dir=out | app=system |
"{530B7775-5374-487E-A71E-46FEBB9113EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{53CBEA6C-6E88-4D03-846E-3A51C5DA8B87}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D04499A-0059-42B2-9966-827FBF6C1629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D9C4868-3226-41E5-AEC7-FC6CBB7E6069}" = protocol=17 | dir=in | app=c:\program files\western digital\wd boost\wdboost.exe |
"{71CA59F2-57BE-40A1-842C-53FF96474EFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82A5B77A-E3BD-4969-B9C6-4D0F16E0C899}" = protocol=6 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{85368453-BABD-440A-B5B3-1F0B7C82A2B6}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{8546A2AA-5C2A-40BE-A8DB-FC62E3F0C500}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8856E8C4-517A-4094-B430-EC1F02D3143F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9247544D-F1D5-488E-8FD6-95E3E04E5F74}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{9ADD56CB-B177-414F-B958-2A509AC25ADE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B489891-C4F5-4C90-8952-FD58D6D45E4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D1E9368-E9EE-469E-B523-DEFB10BCF139}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{A0F38B41-0263-410C-AD6F-EC1A919E2298}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion demo\bastion.exe |
"{A83C910A-D3F8-43F9-BDB0-988E42ED65E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA9B6838-51D7-4D0A-AD8B-68FE392CFA01}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B2208ADF-91C0-451F-9A49-31BF625DF0FC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CE87A865-DB4F-483D-937D-CF5BD4196191}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{D5149840-8948-4CA1-858A-33A32C265EA0}" = protocol=17 | dir=in | app=c:\program files (x86)\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{D67D296B-CAF3-4547-B73E-88A37DC76149}" = protocol=6 | dir=in | app=c:\program files\western digital\wd boost\wdboost.exe |
"{D6F54901-483E-4AD8-8A06-488789B41509}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D6FF8959-0AB3-4810-8079-08848CDDD477}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the banner saga factions\win32\the banner saga factions.exe |
"{DB2FA1DC-7159-4E53-99C6-8AA7E3022C64}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DBE3185C-C3AB-4905-9EC5-96EFF9632CBD}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"{DFBABA1B-FA50-4337-A899-D2F0AE70C9B6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E6850002-8965-4BAC-BBDD-AFF4C8B80AEF}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{E7ADCBFA-7396-4956-AF47-02EB69909D9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tbs\win32\the banner saga.exe |
"{F9929089-9064-4EA0-8B34-2DB72A79323E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\tbs\win32\the banner saga.exe |
"TCP Query User{08476782-7B74-4C3F-8AC9-9392D3888890}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{089056ED-73C0-4011-B616-A0AC69A6E8D3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{1B35CCF0-FAF3-4585-B910-E7D3C977D38F}C:\users\ryanwensel_2\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\ryanwensel_2\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{3C6F3A9A-7647-47AC-BCBE-19B3971033A7}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"TCP Query User{7995A906-DCF2-4216-BD06-1001A826F515}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"TCP Query User{7D4B2A91-64A5-4DA1-A020-ADEE40D9346A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{2BEE955A-5E0A-4F3A-A118-4C8FE081B33C}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"UDP Query User{6CCC497E-8C47-4301-8232-5D26673FA990}C:\users\ryanwensel_2\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\ryanwensel_2\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{8F95FC97-8B91-4A2C-8C55-9EEB92511F97}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{8FC6200F-643F-4F97-8EC8-D5CC0FF9B0B4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{B663312C-8ADC-43EC-A92D-95072C69E76B}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"UDP Query User{EDEE7134-0EB0-4143-9E0F-EB05A6EFE973}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB368A4-562A-41B6-A5B3-06054A27F5A6}" = Intel(R) Rapid Storage Technology
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.8
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel(R) Turbo Boost Technology Monitor 2.6
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.43
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{CA85D7A7-6B45-4011-9BCC-C01F31EDE157}" = SCM
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D4311756-3895-4F60-9657-6C5C228EB1DC}" = WD Boost
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{FA00A3CC-7440-4938-A271-F186F50DD40D}" = Intel® Trusted Connect Service Client
"Elantech" = ETDWare PS/2-X64 11.13.2.4_WHQL
"EPSON Artisan 720 Series" = EPSON Artisan 720 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.10
"Microsoft Security Client" = Microsoft Security Essentials
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"Wacom Tablet Driver" = Wacom Tablet
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 64 bit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01944037-D136-45EE-A007-403EAD929FC7}" = Windows Live Writer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{061FF8F3-5226-4278-8AAB-282C1B024F58}" = Photo Common
"{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}" = Cisco PEAP Module
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{13F3CEA5-9E2C-4C4E-9F0F-D0DB389CF4A9}" = Movie Maker
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{2177152C-83DD-4540-B2F0-970F7303B7BA}" = Windows Live Writer Resources
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{332EBFE0-C39E-42D1-99B5-ABBBECAD71B6}" = MSI Software Install
"{3C41298B-A3F5-40C8-8BE3-A9A3F0644B0A}" = Windows Live Writer
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4117DF3C-6677-4A22-90B7-FF06923417E9}" = LibreOffice 4.2.3.3
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.6.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{619FA785-489B-4D22-911F-82D6EDF5BDB0}" = MSI Battery Calibration
"{631C4E4F-6FDC-4CC0-A067-E9876A9BA7FD}" = 影像中心
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{8030AE22-7FA0-4880-A538-8906EDBF49F4}" = Windows Live Writer Resources
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8801CA65-921A-4CCC-9D63-879D1D0BAA97}" = Sound Blaster Cinema
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F7FECEC-088F-431D-A5FB-2B59E1E69943}" = Galería de fotos
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{96914829-DF65-40AE-8A31-6F3E96BAEBBD}" = Windows Live Mail
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A5EF-4123-B2B9-172095903AB}" = REALTEK Bluetooth Driver
"{9DAABC60-A5EF-41FF-B2B9-17329590CD5}" = REALTEK Wireless LAN Driver
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}" = SketchUp 2014
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AF312B06-5C5C-468E-89B3-BE6DE2645722}" = Cisco LEAP Module
"{B328282C-DCE9-49B7-8B98-C08D9AA28C46}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D5082B89-2E86-447E-A02C-922534592FA8}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DA5597C9-9216-44FF-9670-D1E48817B998}" = MSI HOUSE
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B5FDF0-6940-44B2-8204-CFA746A6B4AF}" = Movie Maker
"{E1B5BE00-D3F8-4EDE-9680-D47091DD87A1}" = Time Boss 3.10
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) SDK for OpenCL - CPU Only Runtime Package
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"GOGPACKBALDURSGATE1_is1" = Baldur's Gate - The Original Saga
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"NortonPCCheckup" = Norton PC Checkup
"Steam" = Steam
"Steam App 107110" = Bastion - Demo
"Steam App 109600" = Neverwinter
"Steam App 219340" = The Banner Saga: Factions
"Steam App 237990" = The Banner Saga
"Sublime Text 2_is1" = Sublime Text 2.0.2
"VLC media player" = VLC media player 2.1.3
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin 32 bit
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/05/2014 6:53:41 a.m. | Computer Name = RyanWensel-MSI | Source = WTabletServicePro | ID = 1
Description =

Error - 18/05/2014 7:06:31 a.m. | Computer Name = RyanWensel-MSI | Source = WinMgmt | ID = 10
Description =

Error - 21/05/2014 6:40:54 a.m. | Computer Name = RyanWensel-MSI | Source = WinMgmt | ID = 10
Description =

Error - 22/05/2014 2:52:17 a.m. | Computer Name = RyanWensel-MSI | Source = WinMgmt | ID = 10
Description =

Error - 22/05/2014 5:37:39 a.m. | Computer Name = RyanWensel-MSI | Source = WinMgmt | ID = 10
Description =

Error - 23/05/2014 3:35:41 a.m. | Computer Name = RyanWensel-MSI | Source = Application Error | ID = 1000
Description = Faulting application name: WDBoost.exe, version: 1.50.0.0, time stamp:
0x51689918 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000000000000000 Faulting process id: 0x200 Faulting
application start time: 0x01cf75a1322e874f Faulting application path: C:\Program
Files\Western Digital\WD Boost\WDBoost.exe Faulting module path: unknown Report Id:
d6f8ce8f-e24c-11e3-b580-54271e0c587f

Error - 24/05/2014 9:06:48 p.m. | Computer Name = RyanWensel-MSI | Source = WinMgmt | ID = 10
Description =

Error - 25/05/2014 4:04:16 a.m. | Computer Name = RyanWensel-MSI | Source = WinMgmt | ID = 10
Description =

Error - 25/05/2014 4:13:44 a.m. | Computer Name = RyanWensel-MSI | Source = Windows Backup | ID = 4103
Description =

Error - 26/05/2014 3:09:28 a.m. | Computer Name = RyanWensel-MSI | Source = WinMgmt | ID = 10
Description =

[ Spybot - Search and Destroy Events ]
Error - 14/05/2014 4:35:44 a.m. | Computer Name = RyanWensel-MSI | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 26/05/2014 5:53:03 a.m. | Computer Name = RyanWensel-MSI | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 29/05/2014 6:38:50 a.m. | Computer Name = RyanWensel-MSI | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

Error - 30/05/2014 6:00:30 a.m. | Computer Name = RyanWensel-MSI | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 11/05/2014 8:54:27 p.m. | Computer Name = RyanWensel-MSI | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR9.

Error - 11/05/2014 8:54:28 p.m. | Computer Name = RyanWensel-MSI | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR9.

Error - 11/05/2014 8:54:29 p.m. | Computer Name = RyanWensel-MSI | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR9.

Error - 11/05/2014 8:55:06 p.m. | Computer Name = RyanWensel-MSI | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 11/05/2014 8:55:06 p.m. | Computer Name = RyanWensel-MSI | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 13/05/2014 6:33:18 a.m. | Computer Name = RyanWensel-MSI | Source = volmgr | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 14/05/2014 3:45:25 a.m. | Computer Name = RyanWensel-MSI | Source = Service Control Manager | ID = 7030
Description = The Datamngr Coordinator service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.

Error - 14/05/2014 3:47:05 a.m. | Computer Name = RyanWensel-MSI | Source = DCOM | ID = 10010
Description =

Error - 14/05/2014 3:47:57 a.m. | Computer Name = RyanWensel-MSI | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR10.

Error - 14/05/2014 4:53:04 a.m. | Computer Name = RyanWensel-MSI | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5


< End of report >

FYI,

I see this in Chome but not Firefox, its a browser hijacker

http://www.systemlookup.com/search.php?type=name&search=DuckDuckGo&s=



Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL




:OTL
CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = https://duckduckgo.com/?q={searchTerms}
CHR - Extension: DuckDuckGo for Chrome = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.17_0\
CHR - Extension: DuckDuckGo Home Page = C:\Users\RyanWensel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljkalbbbffedallekgkdheknngopfhif\0.0.8_0\


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and post the new log please