No Programs Will Respond

Origin Saint

Origin Saint

Well-Known Member
I'm currently attempting a repair of my friends desktop computer. It seems to have some type of infection or something that is prohibiting anything from running basically. It will boot, and load into the Windows 7 desktop. You can open any program you wish, however, once it is open, clicking on it a few times (sometimes even upon opening it) it will show as "Not Responding" and white out and Windows will try to save it and then restart it, but fails every time. I have managed to run Malwarebytes on it and deleted 130 PUP infectious files, but it did not fix the issue, and now I can't get Malwarebytes to run a scan again because of the not responding issue. Any help here would be great mates!
 
Boot to safe mode and run the following programs.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.


3.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

So in your original thread asking for help, please give us a short description of what the problem is and then post the logs from the following 3 programs.

1. Adwcleaner
2. Junkware removal tool
3. OTL

Also, if you could post the malwarebytes log that you already did.
 
Here is the text log from AdwCleaner.

# AdwCleaner v3.211 - Report created 28/05/2014 at 01:26:34
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Caleb - CALEB-PC
# Running from : C:\Users\Caleb\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\AppSafe
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Caleb\AppData\Local\Conduit
Folder Deleted : C:\Users\Caleb\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Caleb\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Caleb\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Caleb\AppData\Roaming\1H1Q
Folder Deleted : C:\Users\Caleb\AppData\Roaming\AppCloudUpdater
Folder Deleted : C:\Users\Caleb\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Caleb\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Caleb\AppData\Roaming\BrowserCompanion
Folder Deleted : C:\Users\Caleb\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\Extensions\[email protected]
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\user.js
File Deleted : C:\windows\Tasks\AppCloudUpdater.job
File Deleted : C:\windows\System32\Tasks\AppCloudUpdater
File Deleted : C:\windows\Tasks\Speedial.job
File Deleted : C:\windows\System32\Tasks\Speedial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\AppCloudUpdater
Key Deleted : HKCU\Software\AppSafe
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\AppSafe
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppCloudUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\prefs.js ]

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109221&tt=060612_6_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "0669469d000000000000ac8112202f02");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "0669469d000000000000ac8112202f02");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15512");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109221&tt=060612_6_&babsrc=NT_ss&mntrId=0669469d000000000000ac8112202f02");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:28:47");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=FBCFF6B7-C988-43E1-9583-6A16D34D255A&n=77ecdd91&ptnrS=YNyyyyyyYYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.installation.installDate", "2012011921");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.installation.partnerId", "YNyyyyyyYYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.installation.partnerSubId", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.installation.toolbarId", "FBCFF6B7-C988-43E1-9583-6A16D34D255A");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.lastActivePing", "1331493513611");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.searchHistory", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.tab.date", "-1327026189545");
Line Deleted : user_pref("extensions.toolbar.mindspark._53Members_.weather.location", "45201");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("extensions.toolbar.mindspark.sa.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.tab.enabled", true);

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Caleb\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Startup_urls] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=8589865a-ea05-4be9-afb8-51b7322ad642&searchtype=hp
Deleted [Startup_urls] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=8589865a-ea05-4be9-afb8-51b7322ad642&searchtype=hp&installDate=01/01/1970
Deleted [Startup_urls] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=8589865a-ea05-4be9-afb8-51b7322ad642&searchtype=hp&installDate={installDate}
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3277370&SearchSource=48&CUI=UN81064532914851140&UM=2
Deleted [Homepage] : hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=8589865a-ea05-4be9-afb8-51b7322ad642&searchtype=hp
Deleted [Extension] : dhkplhfnhceodhffomolpfigojocbpcb

*************************

AdwCleaner[R0].txt - [15003 octets] - [28/05/2014 01:21:39]
AdwCleaner[R1].txt - [16272 octets] - [28/05/2014 01:24:39]
AdwCleaner[S0].txt - [15913 octets] - [28/05/2014 01:26:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15974 octets] ##########
 

Attachments

Last edited by a moderator:
Here is the OTL log file.


OTL logfile created on: 5/28/2014 1:36:23 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Caleb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.98 Gb Total Physical Memory | 2.89 Gb Available Physical Memory | 72.57% Memory free
7.96 Gb Paging File | 6.90 Gb Available in Paging File | 86.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 648.94 Gb Free Space | 71.60% Space Free | Partition Type: NTFS
Drive G: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.84% Space Free | Partition Type: FAT

Computer Name: CALEB-PC | User Name: Caleb | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Caleb\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (LitModeCtrl) -- C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe (Lenovo)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (LenovoCOMSvc) -- C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe (Lenovo)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Application Sendori) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe (Sendori, Inc.)
SRV - (sndappv2) -- C:\Program Files (x86)\Sendori\sndappv2.exe (Sendori)
SRV - (Service Sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe (sendori)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (CEEBC40A-FDED-4C59-B354-939132350B01) -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe ()
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (MsgPlusDriver) -- C:\Windows\SysNative\drivers\MsgPlusDriver.sys (e2eSoft)
DRV:64bit: - (LMIRfsClientNP) -- C:\windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (RzSynapse) -- C:\Windows\SysNative\drivers\RzSynapse.sys (Razer USA Ltd)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192Ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (RivaTuner64) -- C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys ()
DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_dsit...GtA0DyE0C0D0A0ByC0Bzy0FyE2Q&cr=1859817645&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites02_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtBtDtB0FtDtByEyCzy0DtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0AyBtD0CtA0B0AtGtC0D0FtDtG0Fzz0CyCtGyCyEyEtAtGyD0F0F0E0FyB0Dzz0B0DtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyB0FtAyDtDtB0FtGyCyDtA0AtG0Dzz0EtCtGzyyEyBzztGtA0DyE0C0D0A0ByC0Bzy0FyE2Q&cr=1859817645&ir=
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNyyyyyyYYus&ptb=FBCFF6B7-C988-43E1-9583-6A16D34D255A&ind=2012021218&ptnrS=YNyyyyyyYYus&si=&n=77ed01e2&psa=&st=sb&searchfor={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_dsites02_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtBtDtB0FtDtByEyCzy0DtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0AyBtD0CtA0B0AtGtC0D0FtDtG0Fzz0CyCtGyCyEyEtAtGyD0F0F0E0FyB0Dzz0B0DtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyB0FtAyDtDtB0FtGyCyDtA0AtG0Dzz0EtCtGzyyEyBzztGtA0DyE0C0D0A0ByC0Bzy0FyE2Q&cr=1859817645&ir=
IE - HKCU\..\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=YNyyyyyyYYus&ptb=FBCFF6B7-C988-43E1-9583-6A16D34D255A&ind=2012021218&ptnrS=YNyyyyyyYYus&si=&n=77ed01e2&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 37.59.179.156:80

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Speedial"
FF - prefs.js..browser.startup.homepage: "http://speedial.com/?f=1&a=spd_dsites02_14_21_ch&cd=2XzuyEtN2Y1L1Qzu0A0CzztCtCtBtBtDtB0FtDtByEyCzy0DtN0D0Tzu0SzzyBtCtN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0AyBtD0CtA0B0AtGtC0D0FtDtG0Fzz0CyCtGyCyEyEtAtGyD0F0F0E0FyB0Dzz0B0DtC0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyB0FtAyDtDtB0FtGyCyDtA0AtG0Dzz0EtCtGzyyEyBzztGtA0DyE0C0D0A0ByC0Bzy0FyE2Q&cr=1859817645&ir="
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:6.0.1367
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Caleb\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Caleb\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Caleb\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Caleb\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Caleb\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/09 12:36:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/05/27 15:34:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:51:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/14 06:45:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B64D9B05-48E1-4CEB-BF58-E0643994E900}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2014/04/22 00:35:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 02:51:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/14 06:45:16 | 000,000,000 | ---D | M]

[2011/12/25 12:53:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Extensions
[2014/05/28 01:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\extensions
[2014/05/24 22:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\extensions\staged
[2012/06/20 21:09:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\jetpack\[email protected]
[2012/06/20 21:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\jetpack\[email protected]\simple-storage
[2012/11/16 00:43:02 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\extensions\[email protected]
[2012/12/10 12:52:23 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\extensions\[email protected]
[2012/11/27 15:31:54 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/05/20 09:55:19 | 000,001,219 | ---- | M] () -- C:\Users\Caleb\AppData\Roaming\Mozilla\Firefox\Profiles\na12gnb9.default\searchplugins\Speedial.xml
[2013/05/03 16:59:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/12/05 02:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/05 02:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/09/09 12:36:33 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\CALEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NA12GNB9.DEFAULT\EXTENSIONS\[email protected]
[2012/12/05 02:51:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/05 22:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/08/30 20:34:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 22:10:45 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: First user (Disabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Caleb\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Caleb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Adblock Plus = C:\Users\Caleb\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.1_0\
CHR - Extension: Death Note Theme = C:\Users\Caleb\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadcbcoebefhfheifhdcjgmlmghohbfp\2_0\
CHR - Extension: Command & Conquer Tiberium Alliances = C:\Users\Caleb\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0\
CHR - Extension: Google Wallet = C:\Users\Caleb\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo)
O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [Sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)
O4 - HKLM..\Run: [SetDefaultSCR] C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe (Lenovo)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:64bit: - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C558371B-1CA8-4631-8370-4650045362C6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40CDAF8-CC5E-4D54-BFF1-8EC07AA3E2D4}: DhcpNameServer = 66.174.71.33 66.174.95.44
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a0b6bd09-2785-11e2-9a72-406186751d61}\Shell - "" = AutoRun
O33 - MountPoints2\{a0b6bd09-2785-11e2-9a72-406186751d61}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{be71b225-d1c9-11e3-9375-406186751d61}\Shell - "" = AutoRun
O33 - MountPoints2\{be71b225-d1c9-11e3-9375-406186751d61}\Shell\AutoRun\command - "" = G:\VerizonSWUpgradeAssistantLauncher.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\mint4win.exe --force-wubi --cdmenu --skipmd5check
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/28 01:19:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/28 01:19:01 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Caleb\Desktop\JRT.exe
[2014/05/28 01:19:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Caleb\Desktop\OTL.exe
[2014/05/27 20:56:27 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/05/27 01:32:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/05/25 10:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2014/05/25 10:56:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2014/05/23 15:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HappyCloud
[2014/05/22 00:25:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/05/21 11:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/21 11:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/05/20 18:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[2014/05/20 09:55:34 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2014/05/20 09:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HighlightTool
[2014/05/14 22:49:06 | 000,000,000 | ---D | C] -- C:\Users\Caleb\Documents\My Curse
[2014/05/08 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Caleb\AppData\Roaming\NCSOFT
[2014/05/08 18:06:12 | 000,000,000 | ---D | C] -- C:\Users\Caleb\AppData\Local\NCSOFT
[2014/05/06 03:00:12 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/05/04 23:14:49 | 000,000,000 | ---D | C] -- C:\Users\Caleb\AppData\Roaming\Ponscripter
[2014/05/04 23:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Narcissu Side 2nd
[2014/04/28 05:27:49 | 000,000,000 | -HSD | C] -- C:\Users\Caleb\AppData\Local\EmieUserList
[2014/04/28 05:27:49 | 000,000,000 | -HSD | C] -- C:\Users\Caleb\AppData\Local\EmieSiteList
[2010/12/29 20:52:41 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe
[6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/05/28 01:32:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/05/28 01:32:42 | 3207,495,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/28 01:29:12 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/28 01:22:01 | 000,783,400 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/28 01:22:01 | 000,662,852 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/28 01:22:01 | 000,122,462 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/28 01:11:48 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 01:11:48 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/28 01:09:44 | 001,327,971 | ---- | M] () -- C:\Users\Caleb\Desktop\AdwCleaner.exe
[2014/05/28 01:09:40 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Caleb\Desktop\JRT.exe
[2014/05/28 01:09:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Caleb\Desktop\OTL.exe
[2014/05/28 01:05:33 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/28 00:56:35 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2166126468-1313136757-3521785204-1001UA.job
[2014/05/28 00:27:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/27 01:25:04 | 000,000,000 | ---- | M] () -- C:\Users\Caleb\AppData\Local\{090DD82D-2943-4F9F-9C57-2DA4D304CF27}
[2014/05/26 08:22:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2166126468-1313136757-3521785204-1001Core.job
[2014/05/25 11:26:05 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/05/22 00:38:54 | 000,000,219 | ---- | M] () -- C:\Users\Caleb\Desktop\Dota 2.url
[2014/05/20 18:46:09 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2014/05/07 13:53:32 | 000,325,920 | ---- | M] (Sendori) -- C:\windows\SysWow64\Sendori.dll
[2014/05/04 22:56:23 | 000,000,222 | ---- | M] () -- C:\Users\Caleb\Desktop\Narcissu 1st & 2nd.url
[6 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/05/28 01:19:01 | 001,327,971 | ---- | C] () -- C:\Users\Caleb\Desktop\AdwCleaner.exe
[2014/05/27 01:25:04 | 000,000,000 | ---- | C] () -- C:\Users\Caleb\AppData\Local\{090DD82D-2943-4F9F-9C57-2DA4D304CF27}
[2014/05/25 10:56:23 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2014/05/22 00:38:53 | 000,000,219 | ---- | C] () -- C:\Users\Caleb\Desktop\Dota 2.url
[2014/05/20 18:46:09 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2014/05/04 22:56:22 | 000,000,222 | ---- | C] () -- C:\Users\Caleb\Desktop\Narcissu 1st & 2nd.url
[2014/04/22 16:30:01 | 000,000,045 | ---- | C] () -- C:\Users\Caleb\AppData\Roaming\WB.CFG
[2014/02/18 19:15:46 | 000,000,045 | ---- | C] () -- C:\Users\Caleb\jagex_cl_runescape_LIVE1.dat
[2013/11/21 01:10:06 | 000,000,044 | ---- | C] () -- C:\Users\Caleb\jagex_cl_runescape_LIVE.dat
[2013/11/21 01:10:06 | 000,000,024 | ---- | C] () -- C:\Users\Caleb\random.dat
[2013/10/16 03:51:57 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2013/09/11 16:37:14 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012/09/07 17:48:07 | 000,283,032 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/09/07 17:48:01 | 003,130,440 | ---- | C] () -- C:\windows\SysWow64\pbsvc_blr.exe
[2012/09/07 17:48:01 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/08/22 17:31:31 | 000,000,600 | ---- | C] () -- C:\Users\Caleb\AppData\Local\PUTTY.RND
[2012/05/27 16:49:45 | 000,000,132 | ---- | C] () -- C:\Users\Caleb\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/04/09 22:52:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/19 00:41:01 | 000,000,600 | ---- | C] () -- C:\Users\Caleb\AppData\Roaming\winscp.rnd

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/24 21:09:02 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\.minecraft
[2012/05/23 20:01:18 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\.mono
[2014/04/19 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\.technic
[2012/02/12 22:14:10 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Aimersoft Video Converter Std
[2012/03/12 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\BANDISOFT
[2012/10/19 01:28:05 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Chameleon
[2012/05/27 18:18:11 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/27 09:14:41 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\com.adobe.dmp.contentviewer
[2012/05/25 17:55:05 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/30 15:26:41 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\com.dansl.QRreader
[2014/02/21 01:23:30 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\com.zoosk.Desktop
[2014/02/21 01:23:31 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/09/18 18:19:59 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Curse Advertising
[2012/06/21 12:04:20 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\DAEMON Tools Lite
[2014/04/24 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\DVDVideoSoft
[2012/09/17 17:15:13 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\e-academy Inc
[2014/03/15 09:10:04 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Kalypso Media
[2012/04/22 10:14:39 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\LolClient
[2012/05/23 16:33:48 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\LolClient2
[2014/04/16 15:18:04 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Mumble
[2014/05/08 18:06:12 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\NCSOFT
[2014/04/16 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\OBS
[2014/04/22 22:21:41 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Oracle
[2012/05/27 18:13:37 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\PACE Anti-Piracy
[2012/06/28 13:42:34 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Pokemon Online
[2013/02/17 23:12:16 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Pokémon Trading Card Game Online
[2014/05/04 23:14:49 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Ponscripter
[2012/08/01 11:59:29 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Publish Providers
[2012/09/29 20:25:27 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\raidcall
[2012/10/30 15:30:07 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\RCKR
[2012/01/19 00:01:19 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\redsn0w
[2014/03/14 22:51:10 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\RenPy
[2012/05/27 18:07:26 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2014/05/20 18:46:43 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Riot Games
[2012/10/15 04:37:06 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\SoftGrid Client
[2012/08/01 11:59:27 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Sony
[2012/07/09 00:00:33 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\SplitMediaLabs
[2014/03/13 19:22:25 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\steamvr
[2012/01/15 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\SystemRequirementsLab
[2012/01/05 00:17:15 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\TP
[2014/04/09 16:45:28 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\Tropico 4
[2014/05/20 10:01:44 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\uTorrent
[2012/06/19 17:59:27 | 000,000,000 | ---D | M] -- C:\Users\Caleb\AppData\Roaming\WinZip

========== Purity Check ==========



< End of report >
 
Here is the latest Malwarebytes log file as well.


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.21.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17107
Caleb :: CALEB-PC [administrator]

5/27/2014 7:30:32 PM
mbam-log-2014-05-27 (19-30-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 280649
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Detected: 1
C:\Users\Caleb\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe (PUP.Optional.Speedial.A) -> 988 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 33
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03} (PUP.Optional.uTorrentTB.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc (PUP.Optional.uTorrentTB.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\InstallCore\Speedial (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\speedial (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh (PUP.Optional.1ClickDownLoader.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc (PUP.Optional.uTorrentTB.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\InstallCore\Speedial (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{687578B9-7132-4A7A-80E4-30EE31099E03} (PUP.Optional.uTorrentTB.A) -> Data: ¹xuh2qzJ€ä0î1 ž -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{687578B9-7132-4A7A-80E4-30EE31099E03} (PUP.Optional.uTorrentTB.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{687578B9-7132-4A7A-80E4-30EE31099E03} (PUP.Optional.uTorrentTB.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{687578b9-7132-4a7a-80e4-30ee31099e03} (PUP.Optional.uTorrentTB.A) -> Data: -> Quarantined and deleted successfully.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: zr2Y1J1D1T2Y0Q1C2Z2W1H -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: 11111111 -> Quarantined and deleted successfully.

Registry Data Items Detected: 2
HKCU\Software\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Speedial.A) -> Bad: (http://speedial.com/?f=1&a=spd_dsit...GtA0DyE0C0D0A0ByC0Bzy0FyE2Q&cr=1859817645&ir=) Good: (www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Speedial.A) -> Bad: (http://speedial.com/?f=1&a=spd_dsit...GtA0DyE0C0D0A0ByC0Bzy0FyE2Q&cr=1859817645&ir=) Good: (www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 11
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\OpenCandy\660084FE18A049EB8CB64D67F8767A9B (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speedial (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speedial\1.8.29.15 (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speedial\1.8.29.15\bh (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\Speedial (PUP.Optional.Speedial.A) -> Delete on reboot.
C:\Users\Caleb\AppData\Roaming\Speedial\icons_2.20.13.1 (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\Speedial\UpdateProc (PUP.Optional.Speedial.A) -> Delete on reboot.

Files Detected: 72
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\OpenCandy\660084FE18A049EB8CB64D67F8767A9B\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\OpenCandy\660084FE18A049EB8CB64D67F8767A9B\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Local\Temp\is1158881826\1553190_stp\pm.exe (PUP.Optional.PriceMeter.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\Downloads\FreeStudio.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Caleb\Downloads\JavaSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\21d2bb231d3c04f5b6434220b2b1cb9e_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\21f0428a26d427df5855a0bc90045021 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\21f0428a26d427df5855a0bc90045021_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\34ee935ddf02e8177cf55c616a4be122 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\34ee935ddf02e8177cf55c616a4be122_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4139ce40922185449b5f6d4af90a225c (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4139ce40922185449b5f6d4af90a225c_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\47c8e93101435074defa1a58122ad1c7_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4cf83c7594afcd208d90be0e04676650 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4cf83c7594afcd208d90be0e04676650_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4d698528bca6b5d0a39c0c9284ab305e (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\4d698528bca6b5d0a39c0c9284ab305e_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\680670b86f0b67567a12d8162b67b978 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\680670b86f0b67567a12d8162b67b978_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\6c3471db07129d90f90170ae52091a3a (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\6c3471db07129d90f90170ae52091a3a_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\859b48ccb0344069fb329b6d72940a6e (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\859b48ccb0344069fb329b6d72940a6e_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\b67ae40ff20f98eb9d7904c21b97a16d (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\b67ae40ff20f98eb9d7904c21b97a16d_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\d34813b44bcc8a441d4d2ab95f401f5c (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\d34813b44bcc8a441d4d2ab95f401f5c_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\dc6668d28979688b1e2066d1dcaef0f6_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\e394b97e9118a3153bf352ead025fa2e (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\e394b97e9118a3153bf352ead025fa2e_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963 (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Optional.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\OpenCandy\660084FE18A049EB8CB64D67F8767A9B\2211.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\OpenCandy\660084FE18A049EB8CB64D67F8767A9B\SendoriSetupx10403.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\OpenCandy\660084FE18A049EB8CB64D67F8767A9B\SendoriSetupx10403_p4v4.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speedial\1.8.29.15\FavIcon.ico (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speedial\1.8.29.15\Sqlite3.dll (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Speedial\1.8.29.15\uninst.dat (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\Speedial\UpdateProc\config.dat (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\Speedial\UpdateProc\info.dat (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\Speedial\UpdateProc\STTL.DAT (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\Speedial\UpdateProc\TTL.DAT (PUP.Optional.Speedial.A) -> Quarantined and deleted successfully.
C:\Users\Caleb\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe (PUP.Optional.Speedial.A) -> Delete on reboot.

(end)
 
Well thanks for all the help. Something in everything you mentioned fixed the problem at least for the time being, it's back up and running fine. Thanks again.
 
Unfortunately, you still have some malware on the system according to the OTL log. If you can give me some time to give you your next steps. Been kinda busy today after work building a pc for a client and helping out here. If you could try running junkware removal tool in safe mode and let me know what happens.
 
You must log in or register to reply here.
Back
Top