:Commands
[CreateRestorePoint]

:OTL
PRC - [2014/07/14 10:08:54 | 000,861,672 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
DRV:64bit: - [2014/08/06 16:29:08 | 000,061,584 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys -- ({55dce8ba-9dec-4013-937e-adbf9317d990}w64)
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=828474337&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://astromenda.co...r=828474337&ir=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://astromenda.co...r=828474337&ir=
[2014/08/27 07:42:54 | 000,000,000 | ---D | M] (saviinshop) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\extensions\0-aieaee@ayuyen-.com
[2014/02/17 17:34:07 | 000,002,541 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\searchplugins\ask-search.xml
[2014/08/06 12:24:27 | 000,002,815 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\jyilqp0h.default\searchplugins\Astromenda.xml
CHR - homepage: http://astromenda.co...r=828474337&ir=
O2 - BHO: (tPerfeictcoupOOnu) - {3DC14D9B-955B-8224-6689-C360753795A6} - C:\ProgramData\tPerfeictcoupOOnu\ASr_l6q7G_.dll ()
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O13[b]64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
[2014/08/27 07:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\tPerfeictcoupOOnu
[2014/08/26 13:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avg_Update_0814tb
[2014/08/06 12:29:17 | 000,000,000 | ---D | C] -- C:\Users\administrator\Documents\Optimizer Pro
[2014/08/06 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\Optimizer Pro
[2014/08/06 12:24:34 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\WSE_Astromenda
[2014/08/06 12:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deal Keeper
[2014/08/06 12:24:10 | 000,000,000 | ---D | C] -- C:\Users\administrator\AppData\Roaming\Astromenda
[2014/08/06 12:24:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2014/08/06 12:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/08/06 12:23:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/08/28 19:17:11 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\0814tbUpdateInfo.job
[2014/08/06 12:24:00 | 000,001,062 | ---- | M] () -- C:\Users\administrator\Desktop\Optimizer Pro.lnk
[2014/08/07 15:26:37 | 000,020,328 | ---- | C] () -- C:\Windows\SysNative\roboot64.exe
[2014/08/08 13:56:26 | 000,000,000 | ---D | M] -- C:\Users\administrator\AppData\Roaming\Systweak

:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\70e6ca8c]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinDefend]
"Start" = DWORD:4

:Commands
[emptytemp]