Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop-ups now bombarding my computer, I don't think I changed anythi

Started by pastorchuck , Jan 23 2014 04:42 PM

  • This topic is locked This topic is locked

#1
pastorchuck
Posted 23 January 2014 - 04:42 PM

pastorchuck

    Member

  • Member
  • PipPip
  • 31 posts
OTL logfile created on: 1/23/2014 5:29:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pastor\Downloads
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 47.00% Memory free
7.60 Gb Paging File | 5.44 Gb Available in Paging File | 71.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 393.87 Gb Free Space | 87.33% Space Free | Partition Type: NTFS

Computer Name: PASTOR-PC | User Name: Pastor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/23 17:29:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pastor\Downloads\OTL (1).exe
PRC - [2014/01/13 09:45:14 | 002,486,296 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2014/01/13 09:45:14 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014/01/13 09:45:14 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2014/01/11 05:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/12 14:56:14 | 003,145,536 | ---- | M] () -- C:\Users\Pastor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/09/15 17:47:44 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/09 22:43:30 | 000,392,320 | ---- | M] (LG Electronics) -- C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
PRC - [2011/08/23 20:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/08/18 16:01:33 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\ezprint.exe
PRC - [2010/08/18 16:01:31 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleemon.exe
PRC - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 14:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/13 09:45:14 | 002,486,296 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014/01/13 09:45:14 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2014/01/11 05:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dll
MOD - [2014/01/11 05:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
MOD - [2014/01/11 05:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
MOD - [2014/01/11 05:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
MOD - [2014/01/11 05:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
MOD - [2014/01/11 05:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
MOD - [2013/12/12 14:56:14 | 003,145,536 | ---- | M] () -- C:\Users\Pastor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MOD - [2013/02/15 13:09:35 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll
MOD - [2013/02/15 13:09:16 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/01/21 11:22:49 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/01/21 11:22:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cc19e0ff1b36ba7b634efdc5630a6926\System.Xml.ni.dll
MOD - [2013/01/21 11:22:26 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/01/21 11:22:25 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/01/21 11:22:20 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2010/08/18 16:01:33 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\ezprint.exe
MOD - [2010/08/18 16:01:31 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleemon.exe
MOD - [2010/04/01 13:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleedrs.dll
MOD - [2010/04/01 13:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleescw.dll
MOD - [2010/02/09 13:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 13:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 13:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 13:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 13:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 13:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/11/26 04:50:24 | 000,086,183 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\DLEEcfg.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleedatr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\iptk.dll
MOD - [2009/03/30 08:40:44 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\epoemdll.dll
MOD - [2009/03/30 08:40:43 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\epstring.dll
MOD - [2009/03/30 08:40:42 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\epwizres.dll
MOD - [2009/03/30 08:40:26 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\epwizard.dll
MOD - [2009/03/30 08:38:36 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\customui.dll
MOD - [2009/03/30 08:38:16 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\epfunct.dll
MOD - [2009/03/30 08:38:11 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\eputil.dll
MOD - [2009/03/30 08:37:58 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\imagutil.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleecaps.dll
MOD - [2009/03/05 13:55:33 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleecnv4.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Dell V715w\dleeptp.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/28 18:02:18 | 002,255,064 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/10/10 07:55:15 | 000,654,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/21 16:03:13 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dleecoms.exe -- (dlee_device)
SRV:64bit: - [2010/05/21 16:03:06 | 000,045,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dleeserv.exe -- (dleeCATSCustConnectService)
SRV:64bit: - [2009/12/29 14:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2014/01/13 09:45:14 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/11 13:01:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 14:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/30 21:06:55 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\480\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 16:03:06 | 000,045,224 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dleeserv.exe -- (dleeCATSCustConnectService)
SRV - [2010/05/21 16:02:55 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dleecoms.exe -- (dlee_device)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 23:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 23:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/14 16:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/11 09:09:22 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/28 18:02:18 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/10/28 18:02:16 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/04/24 09:15:28 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2013/04/24 09:15:28 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2013/04/24 09:15:26 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/07 14:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 05:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/01 09:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/30 22:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 22:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 22:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 22:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 22:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/04 00:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/03 08:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/02/02 17:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/22 12:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/21 02:33:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{B7D632AD-A7BF-46CE-A2A3-E29A5BFC7B28}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{02078D75-A0FD-4557-8AF0-36DDD8B3D5F1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000250f2000001
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS415
IE - HKCU\..\SearchScopes\{7A4AD00B-E373-447C-BEC6-CF5183EFEA8D}: "URL" = http://search.yahoo....0208,6901,0,8,0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2013-09-22 08:03:55&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A31720E2-EFB8-4FA5-9409-6AB4A99F3B51}: "URL" = http://websearch.ask...0-A6DECCCC7EBD
IE - HKCU\..\SearchScopes\{A70F9721-CE3E-480D-9BFC-E33DD13326B6}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Pastor\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2 [2013/08/14 11:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/15 17:48:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/15 17:48:42 | 000,000,000 | ---D | M]

[2014/01/23 15:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/01/23 15:09:27 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Babylon Toolbar = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: Babylon Toolbar = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: Babylon Toolbar = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_1\
CHR - Extension: No name found = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: RealDownloader = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0\
CHR - Extension: RealDownloader = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_1\
CHR - Extension: RealDownloader = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_2\
CHR - Extension: No name found = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lefeecbpfmnmdoajflbekahgnbcjihcc\2_0\
CHR - Extension: Skype Click to Call = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Skype Click to Call = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_1\
CHR - Extension: Skype Click to Call = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_2\
CHR - Extension: No name found = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0\
CHR - Extension: Giant Savings = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\crossrider
CHR - Extension: Giant Savings = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_0\
CHR - Extension: Giant Savings = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_1\crossrider
CHR - Extension: Giant Savings = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.18.13_1\
CHR - Extension: Google Wallet = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Google Wallet = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_2\
CHR - Extension: Google Wallet = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_3\
CHR - Extension: No name found = C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Pastor\AppData\Local\SySaver\temp.dat ()
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [dleemon.exe] C:\Program Files (x86)\Dell V715w\dleemon.exe ()
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Dell V715w\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell V715w] C:\Program Files (x86)\Dell V715w\fm3032.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Amazon Cloud Player] C:\Users\Pastor\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe ()
O4 - HKCU..\Run: [BYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 845" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{258E805C-18CB-42CA-A621-E5B7A6365C6D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DA4E8FB-31CA-4D7B-B92D-57D328BB87FB}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\480\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\Shell - "" = AutoRun
O33 - MountPoints2\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/23 17:10:48 | 000,000,000 | ---D | C] -- C:\Users\Pastor\AppData\Local\Programs
[2014/01/23 15:09:29 | 000,000,000 | ---D | C] -- C:\Users\Pastor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver
[2014/01/23 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Pastor\AppData\Local\SySaver
[2014/01/23 15:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
[2014/01/23 15:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZipDownloader
[2014/01/23 12:18:38 | 000,000,000 | ---D | C] -- C:\Users\Pastor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2014/01/15 14:34:06 | 000,000,000 | ---D | C] -- C:\Users\Pastor\AppData\Local\{4F12D436-069E-4D34-B99C-445DE33AB87E}
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/23 17:32:34 | 000,019,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 17:32:34 | 000,019,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 17:25:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/23 17:25:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/23 17:25:21 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/23 17:11:04 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/23 17:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/23 16:39:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/13 09:46:31 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/13 09:46:31 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/13 09:46:31 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/23 17:11:04 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/20 08:13:04 | 000,002,395 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2013/05/29 15:29:55 | 000,181,760 | ---- | C] () -- C:\Windows\SysWow64\patchw32.dll
[2013/05/29 15:29:55 | 000,116,736 | ---- | C] () -- C:\Windows\SysWow64\patchw.dll
[2013/05/29 15:29:55 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\bwplay.exe
[2013/05/29 15:29:55 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2013/05/29 15:29:55 | 000,020,992 | ---- | C] () -- C:\Windows\SysWow64\bwntsend.dll
[2013/05/29 15:29:55 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\bwnthook.dll
[2013/05/29 15:29:54 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\Bwbits50.dll
[2012/08/16 15:23:40 | 000,000,089 | ---- | C] () -- C:\Windows\EWF845.ini
[2010/11/30 20:29:32 | 000,060,968 | ---- | C] () -- C:\Users\Pastor\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 20:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/22 07:06:49 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\AVG2014
[2012/08/05 09:43:12 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\Babylon
[2012/08/05 09:43:38 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\BabylonToolbar
[2012/02/24 11:55:09 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\Clip Art Collection
[2012/10/02 10:57:48 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\Epson
[2012/08/16 15:58:01 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\Leadertech
[2010/12/13 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\PCDr
[2012/08/05 09:43:43 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\SumatraPDF
[2012/10/01 11:14:19 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\TuneUp Software
[2010/12/01 10:00:46 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\V715w

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Crowbar
Posted 26 January 2014 - 11:37 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello Pastorchuck and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
Also please note before we begin:
Please be aware that removing Malware can be a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot %100 guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before we start.

Hi,
I believe I see the problem --
I see you have google chrome, I would like you to change some settings in chrome for me, as my tools don't always play well with that browser.

Step 1
Uninstall chrome extensions:
  • Start Chrome and click on the Chrome menu (it looks like 3 horizontal lines) on the browser toobar.
  • Click Tools.
  • Select Extensions
  • Click the trash can icon by the following extensions:
    • Babylon Toolbar
    • Giant Savings
  • A confirmation dialog will appear, click on Remove.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000250f2000001
    IE - HKCU\..\SearchScopes\{A31720E2-EFB8-4FA5-9409-6AB4A99F3B51}: "URL" = http://websearch.ask...0-A6DECCCC7EBD
    [2014/01/23 15:09:27 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    O2:64bit: - BHO: (Highlightly) - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
    O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Pastor\AppData\Local\SySaver\temp.dat ()
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O33 - MountPoints2\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\Shell - "" = AutoRun
    O33 - MountPoints2\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
    [2014/01/23 15:09:29 | 000,000,000 | ---D | C] -- C:\Users\Pastor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver
    [2014/01/23 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Pastor\AppData\Local\SySaver
    [2014/01/23 15:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\Highlightly
    [2012/08/05 09:43:12 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\Babylon
    [2012/08/05 09:43:38 | 000,000,000 | ---D | M] -- C:\Users\Pastor\AppData\Roaming\BabylonToolbar
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 3
Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run as administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 4
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

In your next reply I would like to see:
  • OTL fix log
  • ADWcleaner log
  • Junkware removal tool log
  • Please tell me how your computer is doing now.

  • 0

#3
pastorchuck
Posted 28 January 2014 - 08:54 AM

pastorchuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks for the cleaning steps. I am not sure my computer is running any smoother or better, but I also don't think it is and worse off. Here are all of the logs. Thanks again!
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A31720E2-EFB8-4FA5-9409-6AB4A99F3B51}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A31720E2-EFB8-4FA5-9409-6AB4A99F3B51}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE}\ deleted successfully.
C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
C:\Users\Pastor\AppData\Local\SySaver\temp.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47597c16-e7d1-11e2-9f14-f04da2511a5c}\ not found.
File E:\TL_Bootstrap.exe not found.
C:\Users\Pastor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver folder moved successfully.
C:\Users\Pastor\AppData\Local\SySaver folder moved successfully.
C:\Program Files\Highlightly\IE folder moved successfully.
C:\Program Files\Highlightly folder moved successfully.
C:\Users\Pastor\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Pastor\AppData\Roaming\BabylonToolbar\Shared folder moved successfully.
C:\Users\Pastor\AppData\Roaming\BabylonToolbar\IE folder moved successfully.
C:\Users\Pastor\AppData\Roaming\BabylonToolbar\FF folder moved successfully.
C:\Users\Pastor\AppData\Roaming\BabylonToolbar\CR folder moved successfully.
C:\Users\Pastor\AppData\Roaming\BabylonToolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pastor
->Temp folder emptied: 3477453 bytes
->Temporary Internet Files folder emptied: 3303963 bytes
->Java cache emptied: 51000 bytes
->Google Chrome cache emptied: 72892211 bytes
->Flash cache emptied: 866 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2616756 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 71680 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 1204224 bytes

Total Files Cleaned = 80.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01272014_120527

Files\Folders moved on Reboot...
C:\Users\Pastor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Pastor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1AA97E05-7573-4803-8D84-FB523364E164}.tmp not found!
File\Folder C:\Users\Pastor\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{737E533D-CEFB-4D0D-9363-49503D8A6A01}.tmp not found!
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.017 - Report created 28/01/2014 at 09:08:11
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional (64 bits)
# Username : Pastor - PASTOR-PC
# Running from : C:\Users\Pastor\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\BabylonToolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Pastor\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Pastor\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Pastor\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Pastor\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Pastor\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Folder Deleted : C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Pastor\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15922 octets] - [28/01/2014 09:07:35]
AdwCleaner[S0].txt - [15635 octets] - [28/01/2014 09:08:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15696 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Pastor on Tue 01/28/2014 at 9:19:13.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{29ED762D-37CD-44EE-A7F5-89E499CBA562}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{324893A9-EAC8-427E-826A-2FEBD944A052}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{49701041-AC27-471A-98C5-40AC63C27026}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{4F12D436-069E-4D34-B99C-445DE33AB87E}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{5FB09012-5BF6-4277-A137-331D7872A468}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{79E004D6-5A2D-49EB-9FD1-FAA196C8142F}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{8D1B00B0-39E8-4EC2-AB26-5041661946A4}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{93FA2611-735E-4BAD-A62E-65397DB3674D}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{94AB7BAA-48AD-4144-B810-69B6A70474E8}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{AA400BF8-75DE-40F2-B238-01F214A44E92}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{AB5D6E91-9820-4303-B4EB-EB2B7C46FC86}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{BCD435C7-73CF-430F-84BD-5B8D1C419573}
Successfully deleted: [Empty Folder] C:\Users\Pastor\appdata\local\{F0EF8908-8578-4A8F-AE6B-6887B05E0C1E}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
Crowbar
Posted 28 January 2014 - 09:40 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi pastorchuck,
So you say computer is no better?

Have the popups ceased?

Let's look a little deeper --


Step 1
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 2
Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

Posted Image

  • Put a checkmark beside loaded modules.

Posted Image

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
Posted Image

  • Click the Start Scan button.
Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
Posted Image
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

In your next reply I would like to see:
  • Roguekiller log file
  • TDSSkiller log file
  • Are the popups still bombarding your computer?

  • 0

#5
pastorchuck
Posted 31 January 2014 - 10:34 AM

pastorchuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Crowbar,

Here are the logs; The TDSSkiller had three logs. The first two short. The last over 200 pages. I wasn't sure you would want me to post such a long one so here are the Rogue Killer log and the two shorter logs for the TDSSkiller. Thank you so much for your help. Let me know if you want me to post the other one. Thanks again!! Chuck

RogueKiller V8.8.4 [Jan 27 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Pastor [Admin rights]
Mode : Scan -- Date : 01/31/2014 09:14:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] AVG-Secure-Search-Update-1213b.exe -- C:\ProgramData\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG_SYS_TASK.job : C:\ProgramData\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe - --TASK_START_SYS --CMPID=1213b [7] -> FOUND
[V1][SUSP PATH] AVG_SYS_TASK_DELETE.job : C:\ProgramData\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND
[V2][SUSP PATH] AVG_SYS_TASK : C:\ProgramData\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe - --TASK_START_SYS --CMPID=1213b [7] -> FOUND
[V2][SUSP PATH] AVG_SYS_TASK_DELETE : C:\ProgramData\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe - /DELETE_FROM_SYSTEM=1 [7] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST9500325AS +++++
--- User ---
[MBR] b6672afb696c878f9941a650cb3af695
[BSP] b05757a65174253f82f37df6c71a7c76 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_01312014_091447.txt >>
RKreport[0]_D_01282014_123746.txt;RKreport[0]_S_01282014_123449.txt

09:22:55.0674 0x0fd4 TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
09:23:04.0603 0x0fd4 ============================================================
09:23:04.0603 0x0fd4 Current date / time: 2014/01/31 09:23:04.0603
09:23:04.0603 0x0fd4 SystemInfo:
09:23:04.0603 0x0fd4
09:23:04.0603 0x0fd4 OS Version: 6.1.7600 ServicePack: 0.0
09:23:04.0603 0x0fd4 Product type: Workstation
09:23:04.0604 0x0fd4 ComputerName: PASTOR-PC
09:23:04.0604 0x0fd4 UserName: Pastor
09:23:04.0604 0x0fd4 Windows directory: C:\Windows
09:23:04.0604 0x0fd4 System windows directory: C:\Windows
09:23:04.0604 0x0fd4 Running under WOW64
09:23:04.0604 0x0fd4 Processor architecture: Intel x64
09:23:04.0604 0x0fd4 Number of processors: 4
09:23:04.0604 0x0fd4 Page size: 0x1000
09:23:04.0604 0x0fd4 Boot type: Normal boot
09:23:04.0604 0x0fd4 ============================================================
09:23:05.0207 0x0fd4 KLMD registered as C:\Windows\system32\drivers\30261420.sys
09:23:05.0428 0x0fd4 System UUID: {5B58D434-66C9-B214-26E5-DFB8797C4CC3}
09:23:05.0981 0x0fd4 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:23:05.0988 0x0fd4 ============================================================
09:23:05.0988 0x0fd4 \Device\Harddisk0\DR0:
09:23:05.0989 0x0fd4 MBR partitions:
09:23:05.0989 0x0fd4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
09:23:05.0989 0x0fd4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
09:23:05.0989 0x0fd4 ============================================================
09:23:06.0028 0x0fd4 C: <-> \Device\Harddisk0\DR0\Partition2
09:23:06.0028 0x0fd4 ============================================================
09:23:06.0029 0x0fd4 Initialize success
09:23:06.0029 0x0fd4 ============================================================
09:23:37.0423 0x1bd8 KLMD registered as C:\Windows\system32\drivers\11965193.sys
09:23:38.0331 0x1bd8 Deinitialize success

9:20:59.0099 1516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:21:21.0000 1516 Perform update action was selected
09:21:21.0015 5796 Deinitialize success

Thanks again!
Chuck
  • 0

#6
Crowbar
Posted 01 February 2014 - 07:57 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi pastorchuck,
One important question: Have the popups ceased?

I would like to see whatever TDSSkiller has produced,
there should be a log file or files in the root directory which is the c:\ drive in your case.
you can attach these files instead of pasting them into the topic.

Please look at the bottom of the area where you type when posting, you will see a section called Attachments.
Click on the browse button and navigate to the c:\ drive and look for any files that start with TDSSkiller. I would like to see any and all of them please.
  • 0

#7
pastorchuck
Posted 02 February 2014 - 08:09 AM

pastorchuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Crowbar,

Yes, the pop-ups have ceased. I had the TDSKiller included in the other post, I am attaching the LONG one. Hope the file is attached correctly. Thanks again!

Chuck
  • 0

#8
Crowbar
Posted 02 February 2014 - 08:49 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts

Crowbar,

Yes, the pop-ups have ceased. I had the TDSKiller included in the other post, I am attaching the LONG one. Hope the file is attached correctly. Thanks again!

Chuck


Hi Chuck,
Nothing is attached. After you browse for the file, you have to click on the Attach This File button, just below the Browse... button.
  • 0

#9
pastorchuck
Posted 02 February 2014 - 01:16 PM

pastorchuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Crowbar,

Sorry, I thought it was attached. I hope I can send that tomorrow. I am not in the office now and won't go back in until the morning. Thanks. I thought it was attached. I will reply again in the morning. If you watch football, I hope you will be enjoying the Super Bowl.

Thanks again,

Chuck
  • 0

#10
pastorchuck
Posted 03 February 2014 - 10:08 AM

pastorchuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Crowbar,

The file was too large to attach, so I tried cutting and pasting. That didn't work... I lost part of it during the cut and paste process. Should I run the TDSSKiller again and post what comes up. It may still have that 200+ page file or should we just let it go? It does seem as if my computer is running fine and no pop-ups are showing up. Let me know what to do.

Thanks for your patience!!

Chuck
  • 0

Advertisements

#11
Crowbar
Posted 03 February 2014 - 10:18 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi Chuck,
If you say the popups have ceased, I think we can skip the TDSSkiller log.


I would like to sweep for any remnants that could re-infect you at this point, and please let me know if your computer starts acting up again.

Step 1
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • Malwarebytes log file
  • ESET online scan results - careful, this one is easy to miss.

  • 0

#12
pastorchuck
Posted 03 February 2014 - 03:03 PM

pastorchuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Crowbar,

Here are the log entries!




Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org



Database version: v2014.02.03.05



Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Pastor :: PASTOR-PC [administrator]



2/3/2014 1:08:26 PM

mbam-log-2014-02-03 (13-08-26).txt



Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | FileSystem | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209887

Time elapsed: 5 minute(s), 33 second(s)



Memory Processes Detected: 0

(No malicious items detected)



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 0

(No malicious items detected)



(end)

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org




Database version: v2012.02.26.07




Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Pastor :: PASTOR-PC [administrator]




2/26/2012 7:06:04 PM

mbam-log-2012-02-26 (19-06-04).txt




Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 190887

Time elapsed: 7 minute(s), 58 second(s)




Memory Processes Detected: 0

(No malicious items detected)




Memory Modules Detected: 0

(No malicious items detected)




Registry Keys Detected: 0

(No malicious items detected)




Registry Values Detected: 0

(No malicious items detected)




Registry Data Items Detected: 0

(No malicious items detected)




Folders Detected: 0

(No malicious items detected)




Files Detected: 0

(No malicious items detected)




(end)



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.23.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Pastor :: PASTOR-PC [administrator]

1/23/2014 5:15:35 PM
mbam-log-2014-01-23 (17-15-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208536
Time elapsed: 5 minute(s), 47 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> 2140 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 55
HKCR\CLSID\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044444479} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055445579} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.BHO.1 (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EA3802D2-C00A-4478-9319-34075A31C28F} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\Interface\{483F56D2-1D67-44A5-A4C5-67DBB724F7A0} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.Optional.CrossFire.SA) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKCR\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\bbylnApp.appCore.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\bbylnApp.appCore (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Babylon.dskBnd.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Babylon.dskBnd (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\bbylntlbr.bbylntlbrHlpr.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\bbylntlbr.bbylntlbrHlpr (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0O1O1Q1B1T1M1MtG1ZtB -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.Optional.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\hlsvc|DisplayName (PUP.Optional.Highlightly) -> Data: Highlightly Client Service -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{98889811-442D-49DD-99D7-DC866BE87DBC} (PUP.Optional.BabylonToolBar.A) -> Data: Babylon Toolbar -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Program Files (x86)\Giant Savings (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly (PUP.Optional.Highlightly) -> Delete on reboot.
C:\Program Files (x86)\Highlightly\3rd Party Licenses (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Chrome (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\IE (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service (PUP.Optional.Highlightly) -> Delete on reboot.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.

Files Detected: 25
C:\Program Files (x86)\Giant Savings\Giant Savings.dll (PUP.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Pastor\Downloads\Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Giant Savings.ico (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Giant Savings.exe (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Giant Savings.ini (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Giant SavingsGui.exe (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Giant SavingsInstaller.log (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Giant Savings\Uninstall.exe (PUP.Optional.GiantSavings.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\terms-of-service.rtf (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Uninstall.exe (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\buildcrx-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\Info-ZIP-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\nsJSON-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\SimpleSC-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\3rd Party Licenses\UAC-license.txt (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Chrome\cmclajginlihohopoeofghddnhpplhom.crx (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Highlightly\Service\hlsvc.exe (PUP.Optional.Highlightly) -> Delete on reboot.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.

(end)
Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org




Database version: v2014.02.03.05




Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Pastor :: PASTOR-PC [administrator]




2/3/2014 1:08:26 PM

mbam-log-2014-02-03 (13-08-26).txt




Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209887

Time elapsed: 5 minute(s), 33 second(s)




Memory Processes Detected: 0

(No malicious items detected)




Memory Modules Detected: 0

(No malicious items detected)




Registry Keys Detected: 0

(No malicious items detected)




Registry Values Detected: 0

(No malicious items detected)




Registry Data Items Detected: 0

(No malicious items detected)




Folders Detected: 0

(No malicious items detected)




Files Detected: 0

(No malicious items detected)




(end)



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.03.05

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Pastor :: PASTOR-PC [administrator]

2/3/2014 1:16:01 PM
mbam-log-2014-02-03 (13-16-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357145
Time elapsed: 1 hour(s), 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PDF Reader (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\PDFReader\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)
C:\AdwCleaner\Quarantine\C\Users\Pastor\AppData\LocalLow\AskToolbar\setup.exe.vir Win32/Bundled.Toolbar.Ask application

C:\Windows\Installer\10af94.msi multiple threats

C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx a variant of Win32/Toolbar.Babylon.Q application

C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application

C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application

C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application

C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application




Thanks!!!

Chuck


  • 0

#13
Crowbar
Posted 03 February 2014 - 05:51 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi Chuck.
You posted several MBAM logs, but I see which one is the most recent.

I think you have pasted in the ESET log at the very end, and I only see one file there that should be removed.
I will post an OTL fix for you to run now, but can you see if the entire ESET log still exists.
I might want to have you remove more files when I see that.

:thumbsup:

Step 1
Open up Notepad and go to File, then click on Open.
Navigate your way to C:\Program Files\ESET\ESET Online Scanner
and open the log.txt file. Please paste, or attach that file to your next response.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :files
    C:\Windows\Installer\10af94.msi
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

  • 0

#14
pastorchuck
Posted 03 February 2014 - 07:44 PM

pastorchuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Crowbar,

Here they are. Thanks!!

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Windows\Installer\10af94.msi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pastor
->Temp folder emptied: 62769396 bytes
->Temporary Internet Files folder emptied: 24826314 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 388360752 bytes
->Flash cache emptied: 804 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3546583 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 1351799 bytes

Total Files Cleaned = 459.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02032014_203552

Files\Folders moved on Reboot...
C:\Users\Pastor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


C:\AdwCleaner\Quarantine\C\Users\Pastor\AppData\LocalLow\AskToolbar\setup.exe.vir Win32/Bundled.Toolbar.Ask application
C:\Windows\Installer\10af94.msi multiple threats
C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx a variant of Win32/Toolbar.Babylon.Q application
C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application
C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application
C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application
C:\_OTL\MovedFiles\01272014_120527\C_Users\Pastor\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll a variant of Win32/Toolbar.Babylon.P application
  • 0

#15
Crowbar
Posted 04 February 2014 - 06:18 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
That all looks great -
if you are happy with the computer, I will clean up my tools and give some recommendations -

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
If there are any of my tools left on your desktop, you can just delete them now.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version



SPRING CLEAN

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
CryptoPrevent
Please intstall this program to ensure that the crypto ransomware malware does not take hold of your system.
Posted Image



Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP