Crazy

JODY · December 7, 2013

I think i'M finally here

!!!! My computer is really being stupid. I'm getting a lot of pop ups & it is running very slow again. I'm really sure what is going on.

flashh4 · December 7, 2013

Yep good job ! Now give me a sec & i will have some programs for you to run & then post the logs !

Chuck

flashh4 · December 7, 2013

Hi Jody, sorry to see you back with the pop-ups, lets see what we can do about them !!

======================

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

===================================

These programs will produce logs when they are threw running so DO NOT CLOSE them out until you have, copied & pasted them into your topic !!

AdwCleaner

Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......

    This time, click on the Clean button.

    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

NEXT

    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

NEXT

MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

    * Then click Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.

Please don't attach the scans / logs, use "copy/paste".

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log
Thanks
Chuck

JODY · December 7, 2013

AdwCleaner v3.014 - Report created 07/12/2013 at 13:00:20

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Bud - BUD-PC

# Running from : C:\Users\Bud\Downloads\adwcleaner (3).exe

# Option : Clean

***** [ Services ] *****

Service Deleted : 24x7HelpSvc

Service Deleted : 70e6ca8c

Service Deleted : BackupStack

[#] Service Deleted : bonanzadealslive

[#] Service Deleted : bonanzadealslivem

[#] Service Deleted : FastFreeConverterUpdt

[#] Service Deleted : Update BatBrowse

[#] Service Deleted : Util BatBrowse

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar

[!] Folder Deleted : C:\ProgramData\BonanzaDealsLive

Folder Deleted : C:\ProgramData\PC Optimizer Pro

Folder Deleted : C:\ProgramData\PCFixSpeed

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro

Folder Deleted : C:\Program Files (x86)\24x7Help

Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files (x86)\BatBrowse

Folder Deleted : C:\Program Files (x86)\Better-Surf

Folder Deleted : C:\Program Files (x86)\BonanzaDeals

[!] Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive

Folder Deleted : C:\Program Files (x86)\Fast Free Converter

Folder Deleted : C:\Program Files (x86)\File Type Helper

Folder Deleted : C:\Program Files (x86)\MyPC Backup

Folder Deleted : C:\Program Files (x86)\Mysearchdial

Folder Deleted : C:\Program Files (x86)\optimizer pro

Folder Deleted : C:\Program Files (x86)\PCFixSpeed

Folder Deleted : C:\Program Files (x86)\Playbryte

Folder Deleted : C:\Program Files\PC Optimizer Pro

Folder Deleted : C:\Users\Bud\AppData\Local\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Bud\AppData\Local\BonanzaDealsLive

Folder Deleted : C:\Users\Bud\AppData\Local\filetypeassistant

Folder Deleted : C:\Users\Bud\AppData\Local\Smartbar

Folder Deleted : C:\Users\Bud\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\Bud\AppData\Local\Temp\Smartbar

Folder Deleted : C:\Users\Bud\AppData\LocalLow\AVG SafeGuard toolbar

Folder Deleted : C:\Users\Bud\AppData\LocalLow\Fast Free Converter

Folder Deleted : C:\Users\Bud\AppData\LocalLow\Mysearchdial

Folder Deleted : C:\Users\Bud\AppData\LocalLow\Smartbar

Folder Deleted : C:\Users\Bud\AppData\Roaming\24x7 help

Folder Deleted : C:\Users\Bud\AppData\Roaming\Mysearchdial

Folder Deleted : C:\Users\Bud\AppData\Roaming\PCFixSpeed

Folder Deleted : C:\Users\Bud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals

Folder Deleted : C:\Users\Bud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

Folder Deleted : C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}

Folder Deleted : C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}

Folder Deleted : C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\Extensions\[email protected]

Folder Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Folder Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff

Folder Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj

Folder Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

Folder Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Folder Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco

File Deleted : C:\END

File Deleted : C:\Users\Public\Desktop\24x7 help.lnk

File Deleted : C:\Users\Public\Desktop\PC Optimizer Pro.lnk

File Deleted : C:\Users\Bud\AppData\Local\mysearchdial-speeddial.crx

File Deleted : C:\Users\Bud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

File Deleted : C:\Users\Bud\Desktop\MyPC Backup.lnk

File Deleted : C:\Users\Bud\Desktop\MySearchDial.url

File Deleted : C:\Users\Bud\Desktop\Optimizer Pro.lnk

File Deleted : C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\searchplugins\bingp.xml

File Deleted : C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\searchplugins\Mysearchdial.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\user.js

File Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage

File Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage

File Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

File Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage

File Deleted : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-search.com_0.localstorage-journal

File Deleted : C:\windows\System32\Tasks\Advanced System Protector

File Deleted : C:\windows\System32\Tasks\Advanced System Protector_startup

File Deleted : C:\windows\Tasks\AmiUpdXp.job

File Deleted : C:\windows\System32\Tasks\AmiUpdXp

File Deleted : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job

File Deleted : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore

File Deleted : C:\windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job

File Deleted : C:\windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA

File Deleted : C:\windows\System32\Tasks\BonanzaDealsUpdate

File Deleted : C:\windows\System32\Tasks\LaunchApp

File Deleted : C:\windows\Tasks\MySearchDial.job

File Deleted : C:\windows\System32\Tasks\MySearchDial

File Deleted : C:\windows\Tasks\PC Optimizer Pro Updates.job

File Deleted : C:\windows\System32\Tasks\PC Optimizer Pro Updates

File Deleted : C:\windows\Tasks\PC Optimizer Pro64 Scan.job

File Deleted : C:\windows\System32\Tasks\PC Optimizer Pro64 Scan

File Deleted : C:\windows\System32\Tasks\RegClean Pro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ccncljhbalbbkkfgopogabimepmfkmff

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam

Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [browser Infrastructure Helper]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc

Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\d

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject

Key Deleted : HKLM\SOFTWARE\Classes\Facebook.ScriptHostObject.1

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.bho

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Key Deleted : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore

Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1

Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd

Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr

Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd

Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PCFixSpeed]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{008F6853-9CB4-41C5-A950-39D55E5E06BA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7A4141A0-3851-4758-AEBD-B52BCBC21BC3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8D03FA45-4B8C-4427-BE67-EE8885147151}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A0F21154-8751-468A-A40C-92E8324AB8F2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E09BA1E2-D479-46B1-A0AF-AE88238C3DFC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88CCA982-C030-4B27-8FBC-201189970FDE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D03FA45-4B8C-4427-BE67-EE8885147151}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03F38765-173F-4344-B4D6-78500A46CACE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D5A3D96-8BE2-45F6-A365-D7B9FAE581EF}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{60C6F3A9-36D9-4FF7-A074-53C73455B2F2}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7828DB55-A8EE-42C0-8D72-738CA9B3E48F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{867457A9-DA67-450A-964A-EA9185A09395}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B67B3DBB-C1C9-49D2-B016-2748B0B5017E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88CCA982-C030-4B27-8FBC-201189970FDE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Key Deleted : HKCU\Software\24x7help

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\BatBrowse

Key Deleted : HKCU\Software\BonanzaDealsLive

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\mysearchdial

Key Deleted : HKCU\Software\mysearchdial.com

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\pc optimizer pro

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\smartbarbackup

Key Deleted : HKCU\Software\smartbarlog

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\Software\24x7help

Key Deleted : HKLM\Software\AVG SafeGuard toolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\BatBrowse

Key Deleted : HKLM\Software\BonanzaDealsLive

Key Deleted : HKLM\Software\Fast Free Converter

Key Deleted : HKLM\Software\InstallCore

Key Deleted : HKLM\Software\Playbryte

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fast Free Converter

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte

Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BatBrowse

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\pc optimizer pro

Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

Line Deleted : user_pref("browser.search.order.1", "Mysearchdial");

Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");

Line Deleted : user_pref("extensions.enabledAddons", "%7Bf9d03c26-0575-497e-821d-f7956d23e0ca%7D:3.0,firefox%40batbrowse.com:1.0.0,playbryte_ext%40playbryte.com:1.1,%7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:9.5.3,f[...]

Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);

Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Line Deleted : user_pref("extensions.helperbar.Visibility", false);

Line Deleted : user_pref("extensions.helperbar.countryiso", "us");

Line Deleted : user_pref("extensions.helperbar.downloadprovider", "ob_111");

Line Deleted : user_pref("extensions.helperbar.installationid", "7bdd2f66-8e76-41ec-9628-8685d42a25b5");

Line Deleted : user_pref("extensions.helperbar.installdate", "06/11/2013");

Line Deleted : user_pref("extensions.helperbar.publisher", "quickobrw");

Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd103");

Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutC0CyCyDzy0D0DtBzyzz0E0FzzyB0A0AtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA");

Line Deleted : user_pref("extensions.mysearchdial.cntry", "US");

Line Deleted : user_pref("extensions.mysearchdial.cr", "1534466828");

Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");

Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);

Line Deleted : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]

Line Deleted : user_pref("extensions.mysearchdial.dspFFXOld", "Bing ");

Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);

Line Deleted : user_pref("extensions.mysearchdial.hdrMd5", "C7BB1C191BC1F86B01A954AD2093706C");

Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial.id", "1C659DD298EF87AA");

Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16014");

Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");

Line Deleted : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.018:26:1");

Line Deleted : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"85\",\"lastVrsn\":\"85\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");

Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.sg", "none");

Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");

Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);

Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.018:26:1");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [40254 octets] - [15/09/2013 15:31:35]

AdwCleaner[R1].txt - [8306 octets] - [19/09/2013 18:46:23]

AdwCleaner[R2].txt - [38871 octets] - [07/12/2013 12:48:30]

AdwCleaner[s0].txt - [39809 octets] - [15/09/2013 15:41:06]

AdwCleaner[s1].txt - [7752 octets] - [19/09/2013 18:49:11]

AdwCleaner[s2].txt - [37867 octets] - [07/12/2013 13:00:20]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [37928 octets] ##########

flashh4 · December 7, 2013

Jody, thats a great start ! Now on to the next program i posted above !

Chuck

JODY · December 7, 2013

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x64

Ran by Bud on Sat 12/07/2013 at 13:41:00.96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bonanzadeals

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pc optimizer pro

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3E323855-1566-EEE8-9BA4-7BA4AD0A2F9A}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc optimizer pro"

Successfully deleted: [Folder] "C:\Users\Bud\appdata\local\filetypeassistant"

Failed to delete: [Folder] "C:\Program Files (x86)\speeditup free"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc fix speed"

Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc optimizer pro"

~~~ FireFox

Successfully deleted the following from C:\Users\Bud\AppData\Roaming\mozilla\firefox\profiles\sq3uye7o.default\prefs.js

user_pref("playbryte.defaultsearchprocessed", true);

Emptied folder: C:\Users\Bud\AppData\Roaming\mozilla\firefox\profiles\sq3uye7o.default\minidumps [2 files]

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Bud\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl

Successfully deleted: [Folder] C:\Users\Bud\appdata\local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 12/07/2013 at 14:42:55.83

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

flashh4 · December 7, 2013

Jody, Let's see the malwarebytes log next ! Looks like we are getting rid of a bunch of junk !

I want you to look in add/remove uninstall & see if pc optimizer is there, if so please remove it !!

Thanks

Chuck

JODY · December 7, 2013

That pc optimizer has been here but I can't find it to remove it.

flashh4 · December 7, 2013

Jody see if this tool finds it, then get rid of it >>> pc optimizer <<< Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of the previous uninstall. If that is the case simply stop and let me know.

   * Please download and install Revo Uninstaller Free >>> http://www.revouninstaller.com/start_freeware_download.html
   * Double click Revo Uninstaller to run it.
   * From the list of programs double click on the listed program(s), or anything similar, to remove it !! !!

Let me know if this finds it ??

Thanks

Chuck

JODY · December 7, 2013

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.12.07.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Bud :: BUD-PC [administrator]

12/7/2013 3:10:42 PM

mbam-log-2013-12-07 (15-10-42).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 220463

Time elapsed: 19 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 8

HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> No action taken.

HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> No action taken.

HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> No action taken.

HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> No action taken.

HKCR\CLSID\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> No action taken.

Registry Values Detected: 2

HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 2

C:\Program Files\PC Optimizer Pro (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\Languages (PUP.Optional.PcOptimizerPro.A) -> No action taken.

Files Detected: 28

C:\Users\Bud\AppData\Local\Temp\SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> No action taken.

C:\Users\Bud\AppData\Local\Temp\is1852162411\205560303_stp.EXE (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Users\Bud\AppData\Local\Temp\is1852162411\129554751_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> No action taken.

C:\Users\Bud\AppData\Local\Temp\is1852162411\205560260_stp\BatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> No action taken.

C:\Users\Bud\AppData\Local\Temp\is1852162411\465905707_stp\setup.exe (PUP.Optional.FastFreeConverter.A) -> No action taken.

C:\Users\Bud\AppData\Local\Temp\QS\Installer.exe (PUP.Optional.Linkury.A) -> No action taken.

C:\Users\Bud\Downloads\Chrome_Setup (1).exe (PUP.Optional.iBryte) -> No action taken.

C:\Users\Bud\Downloads\Chrome_Setup.exe (PUP.Optional.iBryte) -> No action taken.

C:\Users\Bud\Downloads\Updater_Setup.exe (PUP.Optional.ExpressInstall.A) -> No action taken.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\1RNT2CAQ\QuickShare1_20131101[1].exe (PUP.Optional.QuickShare.A) -> No action taken.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\1RNT2CAQ\Setup[1].exe (PUP.Optional.BatBrowse.A) -> No action taken.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\TBQO7E8C\Launcher[1].exe (PUP.Optional.InstallMonetizer) -> No action taken.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\TBQO7E8C\PCOptimizerPro64MIBS[1].zip (PUP.Optional.OpenCandy) -> No action taken.

C:\Windows\Installer\1ed14263.msi (PUP.Optional.SmartBar.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\PCOptProTrays.exe (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\data.xml (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe.manifest (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\StartApps.exe (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\uninst.exe (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\UpdatesDll.dll (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\Languages\DE.xml (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\Languages\EN.xml (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\Languages\ES.xml (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\Languages\FR.xml (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Program Files\PC Optimizer Pro\Languages\IT.xml (PUP.Optional.PcOptimizerPro.A) -> No action taken.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\FK44B4LA\installer.ptn.playbryte-fa[1].exe (Backdoor.MSIL.PGen) -> Quarantined and deleted successfully.

(end)

JODY · December 7, 2013

all I could find after that was PC cleanup

flashh4 · December 7, 2013

Jody ..... open up Malwarebytes & run another Quick Scan and place a check in the boxes on the left beside everything it finds then click Remove Selected !

Then post that log !

Chuck

flashh4 · December 7, 2013

Go ahead & remove PC Cleanup, delete it !!

Chuck

flashh4 · December 7, 2013

Jody, i have to leave for a bit but i want you to run OTL for me !!

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr

If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !

Be back in an hour to read the OTL log & write you a fix !

Thanks

Chuck

JODY · December 7, 2013

I found PC Optimizer Pro on my desktop. But I can't delete it for some reason.

JODY · December 7, 2013

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.12.07.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16428

Bud :: BUD-PC [administrator]

12/7/2013 4:13:54 PM

mbam-log-2013-12-07 (16-13-54).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 221021

Time elapsed: 18 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 8

HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

HKCU\Software\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.

HKCR\CLSID\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3E50543-BC36-4C80-8070-38A97E02DEB2} (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 2

C:\Program Files\PC Optimizer Pro (PUP.Optional.PcOptimizerPro.A) -> Delete on reboot.

C:\Program Files\PC Optimizer Pro\Languages (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

Files Detected: 27

C:\Users\Bud\AppData\Local\Temp\SoftwareUpdateSetup.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

C:\Users\Bud\AppData\Local\Temp\is1852162411\205560303_stp.EXE (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

C:\Users\Bud\AppData\Local\Temp\is1852162411\129554751_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Quarantined and deleted successfully.

C:\Users\Bud\AppData\Local\Temp\is1852162411\205560260_stp\BatBrowseSetup.exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.

C:\Users\Bud\AppData\Local\Temp\is1852162411\465905707_stp\setup.exe (PUP.Optional.FastFreeConverter.A) -> Quarantined and deleted successfully.

C:\Users\Bud\AppData\Local\Temp\QS\Installer.exe (PUP.Optional.Linkury.A) -> Quarantined and deleted successfully.

C:\Users\Bud\Downloads\Chrome_Setup (1).exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

C:\Users\Bud\Downloads\Chrome_Setup.exe (PUP.Optional.iBryte) -> Quarantined and deleted successfully.

C:\Users\Bud\Downloads\Updater_Setup.exe (PUP.Optional.ExpressInstall.A) -> Quarantined and deleted successfully.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\1RNT2CAQ\QuickShare1_20131101[1].exe (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\1RNT2CAQ\Setup[1].exe (PUP.Optional.BatBrowse.A) -> Quarantined and deleted successfully.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\TBQO7E8C\Launcher[1].exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.

C:\Users\Bud\Local Settings\Temporary Internet Files\Content.IE5\TBQO7E8C\PCOptimizerPro64MIBS[1].zip (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

C:\Windows\Installer\1ed14263.msi (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\PCOptProTrays.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\data.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe.manifest (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll (PUP.Optional.PcOptimizerPro.A) -> Delete on reboot.

C:\Program Files\PC Optimizer Pro\StartApps.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\uninst.exe (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\UpdatesDll.dll (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\Languages\DE.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\Languages\EN.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\Languages\ES.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\Languages\FR.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

C:\Program Files\PC Optimizer Pro\Languages\IT.xml (PUP.Optional.PcOptimizerPro.A) -> Quarantined and deleted successfully.

(end)

JODY · December 8, 2013

OTL logfile created on: 12/7/2013 4:38:25 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bud\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 40.79% Memory free

5.20 Gb Paging File | 3.17 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.90 Gb Total Space | 149.24 Gb Free Space | 67.56% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: BUD-PC | User Name: Bud | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/07 16:35:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bud\Downloads\OTL.com

PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/11/01 15:26:18 | 000,921,680 | ---- | M] () -- C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe

PRC - [2013/10/20 20:12:26 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

PRC - [2013/10/15 01:37:02 | 000,735,936 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2013/10/03 15:20:24 | 029,767,928 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bud\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2013/04/04 13:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2013/01/29 11:42:20 | 000,119,672 | ---- | M] () -- C:\Users\Bud\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe

PRC - [2010/11/02 13:01:58 | 002,475,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

========== Modules (No Company Name) ==========

MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 19:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 19:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll

MOD - [2013/12/03 19:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll

MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/10/15 01:37:02 | 000,735,936 | ---- | M] () -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe

MOD - [2013/10/03 15:09:00 | 003,558,400 | ---- | M] () -- C:\Users\Bud\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll

MOD - [2013/07/12 09:19:54 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2013/03/13 13:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Bud\AppData\Roaming\Dropbox\bin\libcef.dll

MOD - [2013/01/29 11:42:20 | 000,119,672 | ---- | M] () -- C:\Users\Bud\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

MOD - [2013/01/29 11:42:10 | 000,049,528 | ---- | M] () -- C:\Users\Bud\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/27 07:56:18 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/11/09 22:55:50 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/10/20 15:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/28 13:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2013/11/15 20:28:32 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/11/01 15:26:18 | 000,921,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe -- (spdfrmon)

SRV - [2013/10/20 20:12:26 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2013/10/09 11:05:57 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)

SRV - [2010/07/28 14:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/07/01 11:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/24 15:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/09 06:40:13 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/18 05:38:10 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/04/20 18:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/26 22:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/11 13:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/11/09 23:34:04 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/11/09 22:18:54 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/10/21 15:37:46 | 001,306,240 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2010/10/08 12:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/09/27 16:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/07/23 10:43:52 | 001,088,616 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)

DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)

DRV:64bit: - [2009/06/22 18:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2011/03/05 00:31:34 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110326.002\EX64.SYS -- (NAVEX15)

DRV - [2011/03/05 00:31:34 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/03/05 00:31:34 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/03/05 00:31:34 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110326.002\ENG64.SYS -- (NAVENG)

DRV - [2011/02/25 22:04:56 | 001,124,472 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010/11/08 17:50:27 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110325.001\IDSviA64.sys -- (IDSVia64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {16D652B0-1CAD-0B00-2F85-3A0DF53664D3}

IE:64bit: - HKLM\..\SearchScopes\{16D652B0-1CAD-0B00-2F85-3A0DF53664D3}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0DtBzyzz0E0FzzyB0A0AtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1534466828&ir=

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{EE3A044A-170D-4A88-9B67-725E37447868}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP97&ocid=UP97DHP

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes\58933C5418CA454986CAEE119AB3D61B: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0DtBzyzz0E0FzzyB0A0AtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1534466828&ir=

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "

FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20130205,6902,0,54,0"

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..extensions.enabledAddons: playbryte_ext%40playbryte.com:1.1

FF - prefs.js..extensions.enabledAddons: %7B7bdd2f66-8e76-41ec-9628-8685d42a25b5%7D:1.1

FF - prefs.js..extensions.enabledAddons: links%40playtopus.com:1.0.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1

FF - prefs.js..extensions.netassistant.keyword.url: "http://syndaneta.net/?Programid=132&Elementname=Keyword&Applicationid={4D0B52B5-C788-44AF-B48E-2B5F880976E8}&Version=3.6.5&Vintage=20130205&Defaultbrowserid=54&Productid=2748&Vendorid=6944&Offerid=6894&searchterm="

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP97DF&PC=UP97&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/06/28 08:18:31 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2013/12/07 15:55:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\extension@Fast_Free_Converter.com: C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\extension@Fast_Free_Converter.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Better-Surf\ff

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/25 07:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Extensions

[2013/12/07 15:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions

[2013/11/06 08:32:23 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\{7bdd2f66-8e76-41ec-9628-8685d42a25b5}

[2013/11/15 19:21:31 | 000,000,000 | ---D | M] (Playtopus) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]

[2013/11/06 08:22:46 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]

[2013/12/07 15:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\staged

[2013/10/22 12:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected]

[2013/09/15 19:18:48 | 000,002,324 | ---- | M] () -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\searchplugins\amazon.xml

[2013/11/15 20:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/11/15 20:28:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/11/15 20:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/11/15 20:28:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/11/15 20:28:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}

CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97,

CHR - homepage: http://www.msn.com/?pc=UP97&ocid=UP97DHP

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: MyFunCards = C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmhblacicdebfadfgnnmoegfflgbhlkf\4.94.1.36326_0\

CHR - Extension: PlayBryte = C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobpdofngfngemnilndjifaalokkjgef\1.1_0\

CHR - Extension: Skype Click to Call = C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\

CHR - Extension: Playtopus = C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncogfefdmipecdllelajldgkjnjcadfi\

CHR - Extension: Google Wallet = C:\Users\Bud\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2013/09/22 10:08:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O3:64bit: - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe ()

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)

O4 - HKLM..\Run: [shopAtHomeWatcher] C:\Users\Bud\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1542719066-136312105-2333243138-1000..\Run: [speedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found

O4 - HKU\S-1-5-21-1542719066-136312105-2333243138-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - Startup: C:\Users\Bud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bud\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <ä¼šç¤¾å>)

O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <ä¼šç¤¾å>)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22CA2019-5760-4F8E-8C83-0820298A5231}: DhcpNameServer = 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA2E789D-BA6E-4018-91B0-E40D13A9111D}: DhcpNameServer = 192.168.0.1 205.171.2.25

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/07 15:42:41 | 000,000,000 | ---D | C] -- C:\Users\Bud\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/12/07 15:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013/12/07 14:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro

[2013/12/07 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\Bud\AppData\Local\FileTypeAssistant

[2013/12/07 13:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro

[2013/11/27 08:03:44 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE

[2013/11/27 07:56:33 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2013/11/27 07:56:33 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll

[2013/11/27 07:56:20 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2013/11/27 07:56:20 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2013/11/27 07:56:20 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll

[2013/11/27 07:56:20 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat

[2013/11/27 07:56:20 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/11/27 07:56:20 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec

[2013/11/27 07:56:20 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll

[2013/11/27 07:56:20 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2013/11/27 07:56:20 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2013/11/27 07:56:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe

[2013/11/27 07:56:20 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx

[2013/11/27 07:56:20 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll

[2013/11/27 07:56:19 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2013/11/27 07:56:19 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll

[2013/11/27 07:56:19 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll

[2013/11/27 07:56:19 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

[2013/11/27 07:56:19 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/11/27 07:56:19 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/11/27 07:56:19 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

[2013/11/27 07:56:19 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll

[2013/11/27 07:56:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2013/11/27 07:56:19 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe

[2013/11/27 07:56:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe

[2013/11/27 07:56:19 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll

[2013/11/27 07:56:19 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll

[2013/11/27 07:56:19 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll

[2013/11/27 07:56:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2013/11/27 07:56:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll

[2013/11/27 07:56:19 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll

[2013/11/27 07:56:19 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe

[2013/11/27 07:56:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe

[2013/11/27 07:56:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll

[2013/11/27 07:56:19 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll

[2013/11/27 07:56:19 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe

[2013/11/27 07:56:19 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2013/11/27 07:56:19 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll

[2013/11/27 07:56:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll

[2013/11/27 07:56:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2013/11/27 07:56:19 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll

[2013/11/27 07:56:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

[2013/11/27 07:56:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll

[2013/11/27 07:56:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll

[2013/11/27 07:56:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2013/11/27 07:56:19 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll

[2013/11/27 07:56:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe

[2013/11/27 07:56:19 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe

[2013/11/27 07:56:18 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2013/11/27 07:56:18 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll

[2013/11/27 07:56:18 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2013/11/27 07:56:18 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/11/27 07:56:18 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/11/27 07:56:18 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat

[2013/11/27 07:56:18 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2013/11/27 07:56:18 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll

[2013/11/27 07:56:18 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec

[2013/11/27 07:56:18 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll

[2013/11/27 07:56:18 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2013/11/27 07:56:18 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2013/11/27 07:56:18 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe

[2013/11/27 07:56:18 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll

[2013/11/27 07:56:18 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe

[2013/11/27 07:56:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2013/11/27 07:56:18 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll

[2013/11/27 07:56:18 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

[2013/11/27 07:56:18 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll

[2013/11/27 07:56:18 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2013/11/27 07:56:18 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll

[2013/11/27 07:56:18 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll

[2013/11/27 07:56:18 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx

[2013/11/27 07:56:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2013/11/27 07:56:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll

[2013/11/27 07:56:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

[2013/11/27 07:56:18 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll

[2013/11/27 07:56:18 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll

[2013/11/27 07:56:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2013/11/27 07:56:18 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll

[2013/11/27 07:56:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe

[2013/11/27 07:56:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

[2013/11/15 20:28:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/11/14 08:16:31 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2013/11/14 08:16:06 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll

[2013/11/14 08:16:05 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll

[2013/11/14 08:16:05 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll

[2013/11/14 08:16:05 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll

[2013/11/14 08:16:05 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll

[2013/11/14 08:15:49 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll

[2013/11/14 08:15:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll

[2013/11/14 08:15:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll

[2013/11/14 08:15:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll

[2013/11/14 08:15:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll

[2013/11/14 08:15:09 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll

[2013/11/14 08:15:06 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll

[2013/11/14 08:15:06 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll

[2013/11/14 08:15:06 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL

[2013/11/14 08:15:06 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL

[2013/09/15 14:38:16 | 005,402,832 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe

========== Files - Modified Within 30 Days ==========

[2013/12/07 16:37:11 | 000,000,342 | ---- | M] () -- C:\windows\tasks\Playtopus Updater.job

[2013/12/07 16:34:48 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/12/07 16:34:19 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/12/07 16:05:44 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/12/07 16:05:44 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/12/07 15:57:17 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2013/12/07 15:56:07 | 000,000,410 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job

[2013/12/07 15:56:03 | 000,000,470 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3 Startup Task.job

[2013/12/07 15:56:03 | 000,000,406 | ---- | M] () -- C:\windows\tasks\Final Media Player Update Checker.job

[2013/12/07 15:55:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/12/07 15:54:52 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys

[2013/12/07 15:42:42 | 000,001,275 | ---- | M] () -- C:\Users\Bud\Desktop\Revo Uninstaller.lnk

[2013/12/07 14:53:50 | 000,000,434 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job

[2013/12/07 14:53:50 | 000,000,402 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job

[2013/12/07 13:13:45 | 000,000,933 | ---- | M] () -- C:\Users\Bud\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk

[2013/12/07 13:13:44 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk

[2013/12/07 08:49:01 | 008,252,470 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/12/07 08:49:01 | 002,784,536 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/12/07 08:49:01 | 000,006,502 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/12/06 18:52:46 | 000,000,460 | ---- | M] () -- C:\windows\tasks\SparkTrust Registration3.job

[2013/12/06 10:00:21 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/12/02 08:50:11 | 000,000,418 | ---- | M] () -- C:\windows\tasks\SparkTrust Update Version3.job

[2013/11/27 07:56:33 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe

[2013/11/27 07:56:33 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll

[2013/11/27 07:56:20 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2013/11/27 07:56:20 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll

[2013/11/27 07:56:20 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll

[2013/11/27 07:56:20 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat

[2013/11/27 07:56:20 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/11/27 07:56:20 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec

[2013/11/27 07:56:20 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll

[2013/11/27 07:56:20 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2013/11/27 07:56:20 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2013/11/27 07:56:20 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe

[2013/11/27 07:56:20 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll

[2013/11/27 07:56:20 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx

[2013/11/27 07:56:20 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll

[2013/11/27 07:56:19 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2013/11/27 07:56:19 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll

[2013/11/27 07:56:19 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll

[2013/11/27 07:56:19 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll

[2013/11/27 07:56:19 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/11/27 07:56:19 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/11/27 07:56:19 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll

[2013/11/27 07:56:19 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll

[2013/11/27 07:56:19 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2013/11/27 07:56:19 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe

[2013/11/27 07:56:19 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe

[2013/11/27 07:56:19 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll

[2013/11/27 07:56:19 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll

[2013/11/27 07:56:19 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll

[2013/11/27 07:56:19 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2013/11/27 07:56:19 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll

[2013/11/27 07:56:19 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll

[2013/11/27 07:56:19 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe

[2013/11/27 07:56:19 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe

[2013/11/27 07:56:19 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll

[2013/11/27 07:56:19 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll

[2013/11/27 07:56:19 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe

[2013/11/27 07:56:19 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2013/11/27 07:56:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll

[2013/11/27 07:56:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2013/11/27 07:56:19 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll

[2013/11/27 07:56:19 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll

[2013/11/27 07:56:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll

[2013/11/27 07:56:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll

[2013/11/27 07:56:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2013/11/27 07:56:19 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll

[2013/11/27 07:56:19 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf

[2013/11/27 07:56:19 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe

[2013/11/27 07:56:19 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe

[2013/11/27 07:56:18 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2013/11/27 07:56:18 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll

[2013/11/27 07:56:18 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll

[2013/11/27 07:56:18 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/11/27 07:56:18 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/11/27 07:56:18 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat

[2013/11/27 07:56:18 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2013/11/27 07:56:18 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll

[2013/11/27 07:56:18 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec

[2013/11/27 07:56:18 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll

[2013/11/27 07:56:18 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2013/11/27 07:56:18 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2013/11/27 07:56:18 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe

[2013/11/27 07:56:18 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll

[2013/11/27 07:56:18 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe

[2013/11/27 07:56:18 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2013/11/27 07:56:18 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll

[2013/11/27 07:56:18 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe

[2013/11/27 07:56:18 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll

[2013/11/27 07:56:18 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2013/11/27 07:56:18 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll

[2013/11/27 07:56:18 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll

[2013/11/27 07:56:18 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx

[2013/11/27 07:56:18 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2013/11/27 07:56:18 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll

[2013/11/27 07:56:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll

[2013/11/27 07:56:18 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll

[2013/11/27 07:56:18 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll

[2013/11/27 07:56:18 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2013/11/27 07:56:18 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll

[2013/11/27 07:56:18 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf

[2013/11/27 07:56:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe

[2013/11/27 07:56:18 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll

========== Files Created - No Company Name ==========

[2013/12/07 15:36:49 | 000,001,275 | ---- | C] () -- C:\Users\Bud\Desktop\Revo Uninstaller.lnk

[2013/12/07 13:44:11 | 000,000,402 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job

[2013/12/07 13:43:51 | 000,000,434 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro Updates.job

[2013/12/07 13:13:42 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk

[2013/11/27 07:56:19 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf

[2013/11/27 07:56:18 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf

[2013/05/22 21:15:14 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat

[2012/08/23 17:02:22 | 000,796,420 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========

< End of report >

flashh4 · December 8, 2013

Jody can you delete Pc Optimizer Pro or is it still being stubborn ! Make sure it's not in your add/remove program. We need that gone !

Did you try REVO tool i posted above ? Is it still on your desk top ?? Try & delete it !!

let me know before we go any further !!

Thanks

Chuck

JODY · December 8, 2013

Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2BA9C50B-E5A6-4D9B-A86B-CA6B8A99A8B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2F2D6D8F-87F6-443C-AE6A-8331D945EAA1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{3C8FFC80-A6D1-4B8F-8850-F63969B39652}" = lport=10243 | protocol=6 | dir=in | app=system |

"{4C1954CA-5479-477B-B632-8CEDB7702FF4}" = lport=138 | protocol=17 | dir=in | app=system |

"{5A8ED6F1-7DD6-41A0-A415-151A3012E006}" = lport=137 | protocol=17 | dir=in | app=system |

"{5F4DE8AF-9C4F-41E7-BD28-25CF593DE1A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{621D5D37-857B-43EC-B304-CDDC2962F2F7}" = lport=139 | protocol=6 | dir=in | app=system |

"{74639BE1-E771-4E16-9929-D6F72A5008F3}" = rport=137 | protocol=17 | dir=out | app=system |

"{74D1F1F1-2F8C-40CD-ACAA-0748AE72BB4E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{77ABC695-5DB9-4024-92F4-A14BDEAC5C6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{7DAB8F99-D060-4BC2-BF8B-9D2CAEB26ABA}" = rport=10243 | protocol=6 | dir=out | app=system |

"{7F0212B6-CD84-4486-8C27-822786766772}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8AEA42F4-FB2E-4237-8342-0DA165F89BAA}" = rport=138 | protocol=17 | dir=out | app=system |

"{9A6A6C9F-131F-4FD0-B798-D101FDEBDBC6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A88DA7A9-1215-459E-B40D-8CE4DC1CBA77}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{AC2D706F-6003-415B-8874-620373EB56C5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D62056CF-172E-4165-8AC6-2C8851006503}" = rport=139 | protocol=6 | dir=out | app=system |

"{D9475300-9503-4B85-B2BA-CA0E28073D65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E4D63B11-4581-4582-BBD3-4DC1A91E4D0A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EC959195-F9F6-4D01-8449-2E7EFFF5DAA5}" = lport=445 | protocol=6 | dir=in | app=system |

"{ECFF6100-9095-4AAD-9093-1C3BECC21F7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F63A0194-CD07-4C77-AB56-2136FCC9C60B}" = rport=445 | protocol=6 | dir=out | app=system |

"{FA474EDC-ADBE-4569-9FB4-F535C8542797}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F87F1DB-4A37-44D4-9CE8-6ABAE0E7B28F}" = protocol=58 | dir=out | [email protected],-28546 |

"{10088AEE-5EEE-4CE8-8CDE-C4084BFD63AE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{11235347-E041-4617-B53C-0B38CEE01FF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{11E258EA-FA8C-4575-9639-586FE2305B15}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |

"{190B6AC2-85C2-4B42-9588-CE0254704016}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{1C741969-887A-4F6C-B8C7-63F3CEF04FB7}" = protocol=6 | dir=in | app=c:\users\bud\appdata\roaming\dropbox\bin\dropbox.exe |

"{2517E918-2D1A-4EEE-A2A1-C8C1B33A5DF7}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{2E6256CF-91A4-420B-9BDA-BDBAE9512F79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2F72A063-4C91-4796-87D6-EC7464531448}" = protocol=1 | dir=out | [email protected],-28544 |

"{38B0F33F-C2DA-4F14-AA40-AA119CED46A5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{45CD30AE-15C8-4668-958E-4E82C6D1C951}" = protocol=1 | dir=in | [email protected],-28543 |

"{4DCD193F-18EC-4FA0-99CD-587DF7ED025F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{53A3EBE2-9761-47EC-8D1B-6F615B436167}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{57DBAD68-711A-4771-A384-56A54011BF93}" = protocol=58 | dir=in | [email protected],-28545 |

"{5C9E9B2F-225F-4A8C-B1A3-945EF88A6848}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{69FF9C60-602D-4E11-80E2-9A5A9E9ED281}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6E850FA3-23E3-4BB2-A667-7B5A1D257B60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{70BFAF0C-E7A7-4E10-BE42-04A7AE90CE9E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{984A921C-2C05-46D4-ADF6-3DDB874F6D9E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{BB8E041E-5743-413A-9740-2F67806A55F3}" = protocol=6 | dir=out | app=system |

"{D09C4520-57A5-4A6D-A4CF-8CA7E3C77FFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{D14AE1E6-1AB3-42B1-BFBF-4C4497F7E1FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F76802A8-52B5-4FBB-85A1-286BF9B39443}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F76A59B7-22F7-44FE-A105-8E4BEF3A04E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F84F4A98-DAD1-4467-88E6-21AB39AF1E27}" = protocol=17 | dir=in | app=c:\users\bud\appdata\roaming\dropbox\bin\dropbox.exe |

"{F9257AF6-E547-4B5F-A924-296D922EAE42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FA0DF2CB-C19A-49ED-98E6-0740A65FB0B9}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |

"TCP Query User{070DA267-5744-4C9C-8C7E-982659F0DBF3}C:\users\bud\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\bud\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{5C8D6E54-3831-4D1C-941B-6C8C9F1A97EE}C:\users\bud\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\bud\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{07717286-5B65-DB40-FC03-4C5DD8B8DB20}" = WMV9/VC-1 Video Playback

"{1A096498-9B17-44AD-CA91-C59D6A71FD3F}" = ccc-utility64

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EA90572A-D706-112F-F821-D49F337B9A7B}" = ATI Catalyst Install Manager

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"PC Optimizer Pro" = PC Optimizer Pro

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{190A9F41-85D0-CDB3-AA2D-A076D30953C9}" = Catalyst Control Center Graphics Previews Common

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1CC59E4A-A43D-FA88-E26E-568632554FDC}" = CCC Help Thai

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{268D11DC-41C8-02BC-A2F7-A127A7BB5CE3}" = Catalyst Control Center Localization All

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug

"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005

"{30B5D9AB-BBEF-204C-3358-3F9D975E59A7}" = CCC Help Dutch

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links

"{32316F59-00E5-FEED-D70C-7A5BA05E5608}" = ccc-core-static

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus

"{3EE9FFB6-F2FD-3A11-27E7-6A86A5A08EC0}" = CCC Help Spanish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A38D588-649B-1EB1-6A57-75B45C33B7F3}" = CCC Help French

"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.4

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.10

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{63DEFBAD-3265-AD54-E29E-9D2862F2A549}" = CCC Help Chinese Traditional

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73833816-D0FB-A4A0-1E8D-26B1ABE12836}" = CCC Help Portuguese

"{75396B8A-2911-D9A1-A608-B4EB3A2CD37C}" = CCC Help Danish

"{76078303-BAA2-4FBF-BA13-D1065195E696}" = Toshiba Book Place

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81230599-8908-7D96-2B59-91B13738CC0D}" = CCC Help Finnish

"{8328BF7C-818B-9D36-BA79-0D5BE45620F0}" = CCC Help Chinese Standard

"{8932E88F-DD0E-9AD4-1C7F-B3A570A02EB6}" = CCC Help Korean

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8C7D5970-4345-91BA-1581-167DEB552F65}" = CCC Help German

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E95E884-5F00-3046-02CA-ABC28C6BBD44}" = CCC Help Greek

"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup

"{8FD03154-3788-0AB2-9BE7-3F62A860F38F}" = CCC Help Japanese

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9B76FA03-3D4A-81A1-1868-10E00020260F}" = CCC Help Hungarian

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A0DB4A2B-5AD0-310D-FFA3-50E749FF8305}" = CCC Help Norwegian

"{A3BB948E-71DF-F10D-2441-16BC8A61E225}" = CCC Help English

"{A5E85D15-785C-518C-B32C-EE2F70AFF121}" = CCC Help Italian

"{A6558E2A-FAF9-4570-AA49-6328D0354517}" = SavetheChildren Reminder by We-Care.com v4.1.21.4

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)

"{B3CBABCC-5027-F2AD-B26F-3CA1500DAEE2}" = CCC Help Polish

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8B57F0F-1582-CA83-A51D-26B5A542623A}" = CCC Help Russian

"{C98C1CA9-FF57-CA5F-84A8-F2F270F3735B}" = CCC Help Swedish

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D52D6149-26AE-13D4-8ED8-BE6913136D77}" = Catalyst Control Center InstallProxy

"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0BACABE-F496-5F33-6E36-80D7A9FC2FE6}" = CCC Help Czech

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}" = QuickShare

"{F7B34B38-02A6-44D5-B8CC-06EB3B8ACFC9}_is1" = PC Fix Speed 1.2.0.25

"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Aleks 3.18" = Aleks 3.18

"FinalMediaPlayer_is1" = Final Media Player 2012

"Google Chrome" = Google Chrome

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mobogenie" = Mobogenie

"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NIS" = Norton Internet Security

"Norton PC Checkup_is1" = Norton PC Checkup

"NortonPCCheckup" = Toshiba Laptop Checkup

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Revo Uninstaller" = Revo Uninstaller 1.95

"SpeeditupFree" = SpeeditupFree

"TOSHIBA Game Console" = WildTangent ORB Game Console

"Trusted Software Assistant_is1" = File Type Assistant

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WT088682" = Bejeweled 2 Deluxe

"WT088696" = Chuzzle Deluxe

"WT088750" = Jewel Quest - Heritage

"WT088759" = Polar Bowler

"WT089366" = Cake Mania - Lights, Camera, Action!

"WT089368" = FATE - The Traitor Soul

"WT089379" = Mystery P.I. - The London Caper

"WT089381" = Slingo Supreme

"WT089386" = Governor of Poker 2 Premium Edition

"WT089395" = Plants vs. Zombies - Game of the Year

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1542719066-136312105-2333243138-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Reader Free Download Packages" = Adobe Reader Free Download Packages

"Dropbox" = Dropbox

"Firefox Free Download Packages" = Firefox Free Download Packages

"Mozilla Firefox Free Download Packages" = Mozilla Firefox Free Download Packages

"Playtopus" = Playtopus

"Skype Free Download Packages" = Skype Free Download Packages

"Video Converter" = Video Converter

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/7/2013 5:55:42 PM | Computer Name = Bud-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Weather.exe, version: 6.8.0.9, time stamp:

0x50aa5b59 Faulting module name: urlmon.dll, version: 11.0.9600.16428, time stamp:

0x525b67fe Exception code: 0xc0000005 Fault offset: 0x0001c062 Faulting process id:

0xc80 Faulting application start time: 0x01cef396ebccca0d Faulting application path:

C:\Program Files (x86)\AWS\WeatherBug\Weather.exe Faulting module path: C:\windows\syswow64\urlmon.dll

Report

Id: 5093af90-5f8a-11e3-b97e-9ff322d79913

Error - 12/7/2013 6:57:41 PM | Computer Name = Bud-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Weather.exe, version: 6.8.0.9, time stamp:

0x50aa5b59 Faulting module name: ieframe.dll, version: 11.0.9600.16428, time stamp:

0x525b74ca Exception code: 0xc0000005 Fault offset: 0x0004039f Faulting process id:

0xed8 Faulting application start time: 0x01cef39f92eb97e5 Faulting application path:

C:\Program Files (x86)\AWS\WeatherBug\Weather.exe Faulting module path: C:\Windows\SysWOW64\ieframe.dll

Report

Id: f91cd8c3-5f92-11e3-b570-dfa349672714

[ System Events ]

Error - 12/7/2013 5:54:07 PM | Computer Name = Bud-PC | Source = Service Control Manager | ID = 7024

Description = The Common Client Job Manager Service service terminated with service-specific

error %%-1.

Error - 12/7/2013 5:54:09 PM | Computer Name = Bud-PC | Source = Service Control Manager | ID = 7000

Description = The vToolbarUpdater15.5.0 service failed to start due to the following

error: %%2

Error - 12/7/2013 6:55:53 PM | Computer Name = Bud-PC | Source = Service Control Manager | ID = 7024

Description = The Common Client Job Manager Service service terminated with service-specific

error %%-1.

Error - 12/7/2013 6:55:55 PM | Computer Name = Bud-PC | Source = Service Control Manager | ID = 7000

Description = The vToolbarUpdater15.5.0 service failed to start due to the following

error: %%2

< End of report >

flashh4 · December 8, 2013

Read my post above regarding Pc Optimizer Pro please.

Thanks

Chuck

JODY · December 8, 2013

I WAS ABLE YO DELETE IT OFF MY DESK TOP. I DID RUN THAT OTHER PROGRAM TOO. I'M GOING TO HAVE TO FINISH THIS TOMORROW NOW. THANK YOU FOR YOUR TIME.

flashh4 · December 8, 2013

Jody, thats good news that it's gone, it's real bad so glad it's gone ! Ok, not much more to go !!

We need to Run an OTL fix !!

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

* Double-click OTL.exe to start the program.
* Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {16D652B0-1CAD-0B00-2F85-3A0DF53664D3}IE:64bit: - HKLM\..\SearchScopes\{16D652B0-1CAD-0B00-2F85-3A0DF53664D3}: "URL" = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0DtBzyzz0E0FzzyB0A0AtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1534466828&ir=IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{EE3A044A-170D-4A88-9B67-725E37447868}: "URL" = http://www.google.co...sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNFIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...97DF&PC=UP97&q={searchTerms}&src=IE-SearchBoxIE - HKU\S-1-5-21-1542719066-136312105-2333243138-1000\..\SearchScopes\58933C5418CA454986CAEE119AB3D61B: "URL" = http://start.mysearc...ults.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0DtBzyzz0E0FzzyB0A0AtN0D0Tzu0CyCyByDtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA&cr=1534466828&ir=FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found[2013/09/25 07:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Extensions[2013/12/07 15:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions[2013/12/07 15:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\staged[2013/10/22 12:29:14 | 000,007,817 | ---- | M] () (No name found) -- C:\Users\Bud\AppData\Roaming\Mozilla\Firefox\Profiles\sq3uye7o.default\extensions\[email protected][2013/11/15 20:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2013/11/15 20:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensionsO4 - HKU\S-1-5-21-1542719066-136312105-2333243138-1000..\Run: [SpeedItupFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not foundO1364bit: - gopher Prefix: missingO18:64bit: - Protocol\Handler\skype4com - No CLSID value found[2013/12/07 14:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro[2013/12/07 13:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro[2013/12/07 15:56:07 | 000,000,410 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job[2013/12/07 14:53:50 | 000,000,434 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job[2013/12/07 14:53:50 | 000,000,402 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job[2013/12/07 13:13:45 | 000,000,933 | ---- | M] () -- C:\Users\Bud\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk[2013/12/07 13:13:44 | 000,000,909 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk[2013/12/07 13:44:11 | 000,000,402 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job[2013/12/07 13:43:51 | 000,000,434 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro Updates.job[2013/12/07 13:13:42 | 000,000,909 | ---- | C] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post the OTL fix log next !!

Thanks

Chuck

JODY · December 8, 2013

oOPS Did I mess everything up. I copy & paste the OTL & push run scan. I was suppose to run fix. Did I make a mess. I'm still getting pop up videos that r going on while I'm even doing this.

flashh4 · December 8, 2013

Hi Jody, no you didn't mess things up, just run the OTL FIX again !!

JODY · December 8, 2013

OTL logfile created on: 12/8/2013 9:55:38 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bud\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 32.60% Memory free

5.20 Gb Paging File | 2.89 Gb Available in Paging File | 55.65% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 220.90 Gb Total Space | 148.90 Gb Free Space | 67.40% Space Free | Partition Type: NTFS

Unable to calculate disk information.

Computer Name: BUD-PC | User Name: Bud | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2013/12/08 09:54:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bud\Downloads\OTL (4).com