Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My Internet is working but has Pop Up Ads, and doesn't let me clic

Started by Jenna Rich , Mar 27 2014 02:02 PM

This topic is locked

#1
Jenna Rich

Posted 27 March 2014 - 02:02 PM

New Member

Member
2 posts

Good Day,

My name in chat is Jenna204. I am having some internet issues.

Sometimes, when I click on something usually when I click on a "password" box option or something like that, I get a pop up ad that I have to close right away. It doesn't happen all the time, but it does happen and it gets annoying .

I also have a problem when I want to click on something and after I click on it, instead of going to that site it just takes me to the "homepage" and doesn't do anything.

I am also confused to which browser I should be using, I am using "firefox" and "google chrome".

I have AVG as a thing, i don't even know what it is called, lol.

I am using Windows 7 on a laptop.

I would just like my computer / internet to be working well, as it is, it just has some glitches.

Also, I have some ads showing up on a webpage that are advertising "please fix errors" please click here...........sometimes like big flashing ads on the side of a website-sometimes.

Thank you, for reading this, and helping me out

Can't wait for this to be fixed

Have a Great day!.

From Jenna

OTL.txt:

OTL logfile created on: 27/03/2014 3:39:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User1\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 37.93% Memory free
7.86 Gb Paging File | 4.76 Gb Available in Paging File | 60.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.07 Gb Total Space | 170.40 Gb Free Space | 77.08% Space Free | Partition Type: NTFS
Drive D: | 1.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JR | User Name: User1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/27 15:37:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User1\Downloads\OTL.exe
PRC - [2014/03/27 10:38:01 | 007,948,320 | ---- | M] (MicroSmarts LLC.) -- C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe
PRC - [2014/03/26 21:23:14 | 000,348,448 | ---- | M] () -- C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe
PRC - [2014/03/26 20:45:49 | 000,348,448 | ---- | M] () -- C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe
PRC - [2014/03/25 17:40:29 | 000,078,624 | ---- | M] () -- C:\Program Files (x86)\Mega Browse\bin\XTLSApp.exe
PRC - [2014/03/21 14:29:10 | 000,355,328 | ---- | M] () -- C:\Users\User1\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/03/19 21:17:52 | 004,971,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/03/17 15:35:04 | 000,807,800 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2014/03/14 20:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/12 03:47:21 | 000,262,968 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\nav.exe
PRC - [2014/03/12 00:22:11 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
PRC - [2014/03/11 16:44:58 | 000,130,104 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\nst.exe
PRC - [2014/03/08 19:14:33 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/03/03 09:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/03 09:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/02/23 21:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/02/10 19:33:12 | 000,055,440 | ---- | M] (GenTechnologies Apps, LLC) -- C:\ProgramData\MovieMode\MovieModeService.exe
PRC - [2014/02/10 19:32:54 | 000,151,184 | ---- | M] (GenTechnologies Apps, LLC) -- C:\ProgramData\MovieMode\MovieMode.exe
PRC - [2014/01/28 16:13:54 | 000,418,808 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2014/01/28 16:13:52 | 001,177,592 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2014/01/25 22:57:26 | 005,761,368 | ---- | M] (SafeApp Software, LLC) -- C:\Program Files (x86)\Registry Helper\RegistryHelper.exe
PRC - [2013/11/01 17:26:18 | 000,921,680 | ---- | M] () -- C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/18 21:49:35 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 06:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/31 17:57:08 | 001,646,216 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2013/03/28 16:58:07 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe
PRC - [2013/03/28 16:58:07 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
PRC - [2009/11/20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/09 16:20:08 | 001,519,743 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/11/01 19:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2014/03/25 17:40:29 | 000,078,624 | ---- | M] () -- C:\Program Files (x86)\Mega Browse\bin\XTLSApp.exe
MOD - [2014/03/14 20:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/14 20:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/14 20:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/14 20:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/14 20:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/14 20:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/14 20:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/03/12 00:22:10 | 016,276,872 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2014/03/08 19:14:33 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/03/05 15:22:42 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/03/05 15:20:41 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/03/05 15:20:33 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/03/05 15:20:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/03/05 15:19:59 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/10 19:32:54 | 001,152,656 | ---- | M] () -- C:\Windows\SysWOW64\MovieMode.48CA2AEFA22D.dll
MOD - [2014/01/23 17:40:18 | 000,268,968 | ---- | M] () -- C:\Windows\SysWOW64\sqlite3.dll
MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/11/20 15:34:08 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/10/08 18:49:18 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
MOD - [2009/10/07 12:13:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
MOD - [2009/09/23 18:27:04 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/03/01 00:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/09/30 14:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/03/26 21:23:14 | 000,348,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe -- (Update Mega Browse)
SRV - [2014/03/26 20:45:49 | 000,348,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe -- (Util Mega Browse)
SRV - [2014/03/21 14:29:10 | 000,355,328 | ---- | M] () [Auto | Running] -- C:\Users\User1\AppData\Roaming\VOPackage\VOsrv.exe -- (vosr)
SRV - [2014/03/17 15:35:04 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2014/03/12 03:47:21 | 000,262,968 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\NAV.exe -- (NAV)
SRV - [2014/03/12 00:22:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/03/11 16:44:58 | 000,130,104 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\NST.exe -- (NCO)
SRV - [2014/03/08 19:14:33 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/04 11:16:02 | 002,503,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2014/03/03 09:53:02 | 001,363,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/03 09:52:32 | 001,748,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/02/23 21:22:30 | 003,782,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/02/10 19:33:12 | 000,055,440 | ---- | M] (GenTechnologies Apps, LLC) [Auto | Running] -- C:\ProgramData\MovieMode\MovieModeService.exe -- (MovieMode)
SRV - [2014/01/25 22:57:28 | 000,084,328 | ---- | M] (SafeApp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\Registry Helper\RegistryHelperService.exe -- (Registry Helper Service)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/11/01 17:26:18 | 000,921,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SpeedItup Free\spdfrmon.exe -- (spdfrmon)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/16 06:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/28 16:58:07 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/28 15:28:58 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/04/29 15:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/03/24 23:31:09 | 000,061,120 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wStLibG64.sys -- (wStLibG64)
DRV:64bit: - [2014/03/04 00:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 21:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 21:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/11/25 21:47:22 | 000,196,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/11/25 21:47:20 | 000,243,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/11/25 21:47:20 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/27 15:23:26 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DE07000.02B\ccsetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2013/09/20 23:16:42 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/07/31 23:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\symds64.sys -- (SymDS)
DRV:64bit: - [2013/07/31 00:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/07/30 23:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/06 01:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/21 15:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/18 00:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/08/11 16:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/10 10:45:12 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/06/20 07:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 22:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/04 20:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/04/29 15:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/13 02:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/13 02:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/13 02:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/18 10:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2014/03/25 20:26:43 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\IPSDefs\20140324.002\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/18 21:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\BASHDefs\20140319.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/08 12:12:42 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140325.009\ex64.sys -- (NAVEX15)
DRV - [2014/03/08 12:12:42 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton AntiVirus\NortonData\21.0.1.3\Definitions\VirusDefs\20140325.009\eng64.sys -- (NAVENG)
DRV - [2014/01/31 07:08:11 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/20 22:50:13 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/11/23 14:49:16 | 000,038,392 | ---- | M] (IObit Information Technology) [File_System | Auto | Running] -- C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys -- (PfFilter)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=155209078&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=155209078&ir=
IE - HKLM\..\URLSearchHook: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=18/06/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...g0z125a4911u529
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=155209078&ir=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {829A36F4-5481-4EEF-B541-5D2FE41D32E8}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=18/06/2013
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{50376C7B-CEC8-4CBE-B542-1A5F78DB3DFF}: "URL" = http://websearch.ask...8E-DFC272282F07
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{829A36F4-5481-4EEF-B541-5D2FE41D32E8}: "URL" = http://start.mysearc...=1196453428&ir=
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{B387A2B6-7004-497A-A06E-A2A981FC3DA8}: "URL" = http://start.mysearc...r=155209078&ir=
IE - HKCU\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = http://ca.amazon.sma...y={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51483;https=127.0.0.1:51483

========== FireFox ==========

FF - prefs.js..CT3297951.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3298580.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V44 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: abb%40amazon.com:3.0.20121130
FF - prefs.js..extensions.enabledAddons: speeddial%40instair.net:1.4.2
FF - prefs.js..extensions.enabledAddons: %7B10ea107a-1e21-48af-be43-9e461589fa89%7D:1.157
FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.94.192
FF - prefs.js..extensions.enabledAddons: %7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: 46bccaaa-4500-481e-8908-9384802e175a%4089a8fdd1-d807-4096-8025-a41093fce600.com:0.94.20
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://ca.search.yah...ype=A111CA0&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.FromDocToPDF_65.com/Plugin: C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll (FromDocToPDF)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\User1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2013/11/03 22:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User1\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/13 21:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/06/18 18:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/06/18 18:03:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ [2014/03/27 15:19:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.0.1.3\IPSFF [2013/10/14 20:19:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User1\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/13 21:24:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{10ea107a-1e21-48af-be43-9e461589fa89}: C:\Program Files (x86)\Re-markit-soft\157.xpi [2014/03/24 16:16:22 | 000,011,030 | ---- | M] ()

[2013/05/13 21:24:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\Extensions
[2013/05/13 21:24:17 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\User1\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/03/27 13:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions
[2013/12/29 22:43:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/06/18 19:21:47 | 000,000,000 | ---D | M] (DealPly Shopping) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{d4a5fd5b-2243-4a66-9f96-9e488a2a4147}
[2013/12/12 14:46:33 | 000,000,000 | ---D | M] (WiseConvert B2) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{da7a20cf-bef4-4342-ad78-0240fdf87055}
[2014/03/08 22:11:28 | 000,000,000 | ---D | M] ("weDownload Manager") -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com
[2014/03/24 16:17:37 | 000,000,000 | ---D | M] ("free ven") -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com
[2013/09/19 22:25:11 | 000,000,000 | ---D | M] ("Amazon Browser Bar") -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/26 21:32:31 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/26 21:32:26 | 000,000,000 | ---D | M] (WinDealist) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/09 14:44:34 | 000,000,000 | ---D | M] (AD Block) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/09 14:43:41 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2013/06/21 14:32:03 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/24 19:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData
[2014/03/24 19:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\plugins
[2014/03/24 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\userCode
[2014/03/24 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com\extensionData
[2014/03/24 19:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com\extensionData\plugins
[2014/03/24 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com\extensionData\userCode
[2014/03/24 23:31:25 | 000,010,776 | ---- | M] () (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi
[2014/03/27 13:21:24 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2013/09/19 22:25:57 | 000,002,339 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\amazon.xml
[2013/06/21 14:32:03 | 000,002,308 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\askcom.xml
[2014/03/26 21:30:02 | 000,001,233 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\Mysearchdial.xml
[2013/07/19 07:31:22 | 000,002,440 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\Web Search.xml
[2013/09/20 21:54:39 | 000,001,102 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\wiseconvert-b2-customized-web-search.xml
[2014/03/23 19:49:30 | 000,008,061 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\yahoo_ff.xml
[2014/03/23 20:53:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/08 19:14:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/03/24 16:16:22 | 000,011,030 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\RE-MARKIT-SOFT\157.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://start.mysearc...r=155209078&ir=
CHR - plugin: Error reading preferences file
CHR - Extension: Ask Toolbar = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\
CHR - Extension: Re-markit = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpfhaghaadpjpgocojgnlhjcieeooel\1.157.0.0_0\
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.1_1\
CHR - Extension: Domain Error Assistant = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\
CHR - Extension: RealDownloader = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_1\
CHR - Extension: AccelerateTab = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjafhkemfjfgdmjcmhofijphjmaanak\1.2.8_0\
CHR - Extension: free ven = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjdjfkkmlgacmnenfhafmkldaogiglb\1.26.20_0\crossrider
CHR - Extension: free ven = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjdjfkkmlgacmnenfhafmkldaogiglb\1.26.20_0\
CHR - Extension: AD Block = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgjbmhakaffflkjecineeaadpidgikb\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Slick Savings = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.4_1\
CHR - Extension: Google Wallet = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2014.7.0.43_0\
CHR - Extension: Amazon 1Button App for Chrome = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\4.2014.304.0_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\User1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110311431144} - No CLSID value found.
O2:64bit: - BHO: (free ven) - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\free ven\free ven-bho64.dll (freeven)
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (free ven) - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\free ven\free ven-bho.dll (freeven)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (Mega Browse) - {4e6cd411-ce62-4584-97ff-6afbcf6900af} - C:\Program Files (x86)\Mega Browse\MegaBrowseBHO.dll (Mega Browse)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (no name) - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coieplg.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (WinDealist BHO) - {B8F10001-9552-4F40-8F61-6765CD22DD9E} - C:\Program Files (x86)\windealist\Internet Explorer\windealist.dll ()
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
O3:64bit: - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE64.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.0.43\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Registry Helper] C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe (SafeApp Software, LLC)
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [VideoDownloadConverter_4z Browser Plugin Loader] C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [ContentExplorer] C:\Users\User1\AppData\Roaming\ContentExplorer\ContentExplorer.exe (ContentExplorer)
O4 - HKCU..\Run: [Facebook Update] C:\Users\User1\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [fastclean] "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe" File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\Run: [SpeedItupFree] C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90524F76-9EC9-4F2D-ABD9-9AE682CC41E9}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/11 17:57:54 | 000,000,000 | ---D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2007/09/11 17:57:21 | 000,000,063 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{e0a7669a-8b28-11e2-a46d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e0a7669a-8b28-11e2-a46d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun/AutoRun.bat -- [2007/09/11 17:57:23 | 000,000,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/27 14:32:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2014/03/27 11:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2014/03/27 10:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
[2014/03/27 10:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2014/03/26 21:34:58 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Optimizer Pro
[2014/03/26 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[2014/03/26 21:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\windealist
[2014/03/26 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Registry Helper
[2014/03/26 21:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper
[2014/03/26 21:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Helper
[2014/03/26 21:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/03/26 21:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/03/26 21:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014/03/26 21:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/03/26 21:27:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/03/26 19:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedItup Free
[2014/03/26 19:46:53 | 000,000,000 | ---D | C] -- C:\Windows\SpeedItup Free
[2014/03/26 19:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedItup Free
[2014/03/26 00:51:24 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014/03/25 22:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014/03/25 22:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014/03/25 21:52:01 | 000,000,000 | ---D | C] -- C:\Quarantine
[2014/03/25 21:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2014/03/25 15:13:13 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\ContentExplorer
[2014/03/24 23:31:09 | 000,061,120 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/03/24 18:39:29 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Local\IsolatedStorage
[2014/03/24 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastClean PRO
[2014/03/24 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Local\MovieMode
[2014/03/24 18:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Browse
[2014/03/24 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MovieMode
[2014/03/24 18:35:24 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\mysearchdial
[2014/03/24 18:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial
[2014/03/24 18:35:15 | 001,172,720 | ---- | C] (AnyProtect.com) -- C:\Users\User1\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/24 16:18:02 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/03/24 16:18:00 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\VOPackage
[2014/03/24 16:17:50 | 000,000,000 | ---D | C] -- C:\Users\User1\Documents\Optimizer Pro
[2014/03/24 16:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\free ven
[2014/03/24 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Activeris
[2014/03/24 16:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Re-markit-soft
[2014/03/20 20:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2014/03/18 15:09:09 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Local\Skype
[2014/03/18 15:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/03/17 11:23:33 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Unity
[2014/03/17 11:18:28 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Local\Unity
[2014/03/08 19:14:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/08 18:38:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco Systems
[2014/03/08 18:37:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Cisco Systems
[2013/09/19 20:37:37 | 000,656,048 | ---- | C] (WildTangent, Inc.) -- C:\ProgramData\uninstall2257486.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\User1\AppData\Local\*.tmp files -> C:\Users\User1\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/27 15:47:56 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/27 15:34:06 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2014/03/27 15:30:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/03/27 15:26:59 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 15:26:59 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 15:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/27 15:21:51 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Re-markit Update.job
[2014/03/27 15:21:00 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2014/03/27 15:19:52 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_User1.job
[2014/03/27 15:18:46 | 000,002,244 | ---- | M] () -- C:\Windows\tasks\free ven-firefoxinstaller.job
[2014/03/27 15:18:45 | 000,003,080 | ---- | M] () -- C:\Windows\tasks\free ven-chromeinstaller.job
[2014/03/27 15:18:45 | 000,001,490 | ---- | M] () -- C:\Windows\tasks\free ven-updater.job
[2014/03/27 15:18:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/27 15:18:38 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/27 15:18:37 | 000,001,344 | ---- | M] () -- C:\Windows\tasks\free ven-enabler.job
[2014/03/27 15:18:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/27 15:18:23 | 3165,331,456 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/27 15:09:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3596653074-3977160660-3817571296-1000UA.job
[2014/03/27 13:04:48 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2014/03/27 13:04:48 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
[2014/03/27 13:04:48 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 Scan.job
[2014/03/27 10:38:35 | 000,000,929 | ---- | M] () -- C:\Users\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2014/03/27 10:38:35 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2014/03/26 21:53:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/03/26 21:37:51 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/03/26 21:37:51 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/03/26 21:33:40 | 000,001,160 | ---- | M] () -- C:\Users\User1\AppData\Roaming\aps.scan.quick.results
[2014/03/26 21:33:40 | 000,000,318 | ---- | M] () -- C:\Users\User1\AppData\Roaming\aps.uninstall.scan.results
[2014/03/26 21:33:21 | 000,000,000 | ---- | M] () -- C:\Users\User1\AppData\Roaming\aps.scan.results
[2014/03/26 21:33:02 | 000,001,016 | ---- | M] () -- C:\Users\User1\Desktop\AnyProtect.lnk
[2014/03/26 21:32:01 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Registry Helper.lnk
[2014/03/26 21:30:45 | 000,000,084 | ---- | M] () -- C:\Users\User1\AppData\Roaming\WB.CFG
[2014/03/26 21:29:40 | 000,001,033 | ---- | M] () -- C:\Users\User1\Desktop\Optimizer Pro.lnk
[2014/03/26 21:29:13 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/26 21:09:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3596653074-3977160660-3817571296-1000Core.job
[2014/03/26 19:57:04 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_User1.job
[2014/03/26 19:47:13 | 000,001,969 | ---- | M] () -- C:\Users\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2014/03/26 19:47:10 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\SpeedItup Free.lnk
[2014/03/26 16:42:18 | 001,172,720 | ---- | M] (AnyProtect.com) -- C:\Users\User1\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/25 22:59:28 | 000,009,728 | ---- | M] () -- C:\Users\User1\Desktop\Cough Symptom Relief.wps
[2014/03/25 22:59:28 | 000,001,054 | ---- | M] () -- C:\Users\User1\AppData\Roaming\wklnhst.dat
[2014/03/25 22:39:33 | 001,720,411 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\Cat.DB
[2014/03/25 22:28:53 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_User1.job
[2014/03/25 13:20:29 | 000,002,364 | ---- | M] () -- C:\Users\Public\Desktop\Norton AntiVirus.lnk
[2014/03/25 13:18:56 | 000,030,281 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\VT20140319.007
[2014/03/24 23:31:09 | 000,061,120 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\wStLibG64.sys
[2014/03/24 16:16:22 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/19 23:43:36 | 000,000,721 | ---- | M] () -- C:\Users\User1\Documents\New IR Ad.rtf
[2014/03/18 15:08:54 | 000,002,697 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/15 12:04:06 | 000,002,150 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/13 10:28:42 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/12 12:45:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/12 12:45:24 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/12 12:45:24 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/12 03:46:27 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\isolate.ini
[2014/03/11 16:44:49 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DE07000.02B\isolate.ini
[2014/03/04 00:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\symefa64.sys
[2014/03/04 00:18:12 | 000,030,068 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\symvtcer.dat
[2014/03/04 00:18:12 | 000,008,194 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\symefa64.cat
[2014/03/04 00:18:12 | 000,003,433 | ---- | M] () -- C:\Windows\SysNative\drivers\NAVx64\1502000.026\symefa.inf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\User1\AppData\Local\*.tmp files -> C:\Users\User1\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/27 11:08:40 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 Scan.job
[2014/03/27 11:08:36 | 000,000,438 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2014/03/27 11:08:36 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
[2014/03/27 11:08:35 | 000,000,414 | ---- | C] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2014/03/27 10:38:35 | 000,000,929 | ---- | C] () -- C:\Users\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2014/03/27 10:38:34 | 000,000,905 | ---- | C] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2014/03/26 21:33:21 | 000,001,160 | ---- | C] () -- C:\Users\User1\AppData\Roaming\aps.scan.quick.results
[2014/03/26 21:33:21 | 000,000,000 | ---- | C] () -- C:\Users\User1\AppData\Roaming\aps.scan.results
[2014/03/26 21:33:02 | 000,001,016 | ---- | C] () -- C:\Users\User1\Desktop\AnyProtect.lnk
[2014/03/26 21:32:01 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Registry Helper.lnk
[2014/03/26 21:29:38 | 000,001,033 | ---- | C] () -- C:\Users\User1\Desktop\Optimizer Pro.lnk
[2014/03/26 21:29:13 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/03/26 19:47:16 | 000,001,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedItup Free.lnk
[2014/03/26 19:47:10 | 000,001,969 | ---- | C] () -- C:\Users\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2014/03/26 19:47:08 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\SpeedItup Free.lnk
[2014/03/25 19:56:53 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_User1.job
[2014/03/25 19:56:34 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/03/25 19:56:32 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_User1.job
[2014/03/25 19:56:22 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/03/25 19:56:20 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_User1.job
[2014/03/24 18:35:46 | 000,000,084 | ---- | C] () -- C:\Users\User1\AppData\Roaming\WB.CFG
[2014/03/24 18:35:39 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2014/03/24 16:19:39 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/03/24 16:19:19 | 000,000,318 | ---- | C] () -- C:\Users\User1\AppData\Roaming\aps.uninstall.scan.results
[2014/03/24 16:18:10 | 000,001,490 | ---- | C] () -- C:\Windows\tasks\free ven-updater.job
[2014/03/24 16:18:06 | 000,001,344 | ---- | C] () -- C:\Windows\tasks\free ven-enabler.job
[2014/03/24 16:17:34 | 000,002,244 | ---- | C] () -- C:\Windows\tasks\free ven-firefoxinstaller.job
[2014/03/24 16:17:18 | 000,003,080 | ---- | C] () -- C:\Windows\tasks\free ven-chromeinstaller.job
[2014/03/24 16:16:27 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\Re-markit Update.job
[2014/03/24 16:16:23 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/24 16:16:22 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/19 23:43:36 | 000,000,721 | ---- | C] () -- C:\Users\User1\Documents\New IR Ad.rtf
[2014/03/18 15:08:54 | 000,002,697 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/12 16:58:18 | 000,009,728 | ---- | C] () -- C:\Users\User1\Desktop\Cough Symptom Relief.wps
[2014/03/08 18:38:31 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Connect.lnk
[2014/02/10 19:32:54 | 001,152,656 | ---- | C] () -- C:\Windows\SysWow64\MovieMode.48CA2AEFA22D.dll
[2013/09/19 22:26:05 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/03/20 03:52:22 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/03/18 19:14:08 | 001,332,295 | ---- | C] () -- C:\Users\User1\AppData\Roaming\UserTile.png
[2013/03/18 18:52:51 | 000,001,054 | ---- | C] () -- C:\Users\User1\AppData\Roaming\wklnhst.dat
[2013/03/12 15:09:18 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2013/03/12 15:08:55 | 000,001,590 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2013/03/12 11:40:13 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2013/03/12 11:40:13 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/03/25 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Activeris
[2013/09/19 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\AVG2014
[2014/03/25 15:13:15 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\ContentExplorer
[2013/09/19 11:02:41 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\DriverCure
[2014/03/25 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\IObit
[2014/03/24 18:35:38 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\mysearchdial
[2014/03/26 21:34:58 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Optimizer Pro
[2013/04/30 02:04:48 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Paltalk
[2013/09/19 11:02:32 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\PC VITALWARE
[2013/05/31 09:12:25 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\PerformerSoft
[2014/03/26 00:42:30 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Systweak
[2013/03/23 14:29:03 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Template
[2013/06/18 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\TuneUp Software
[2014/03/17 11:23:33 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Unity
[2014/03/27 13:51:42 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\VOPackage
[2013/09/19 20:38:19 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\WildTangent
[2013/07/20 16:51:54 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\WildTangentv1002
[2013/05/24 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

Attached Files

OTL.Txt 156.27KB 110 downloads

#2
Phel

Posted 27 March 2014 - 02:41 PM

Trusted Helper

Malware Removal
1,386 posts

Hello, Jenna Rich and welcome to GeeksToGo!

You can call me Phel and this time I will try to help you with your trouble.

Please, spend some time to read these instructions carefully before we start. They contain very useful information.

Please, stay with us until the end. I know, Malware Removal isn't very fast procedure, it usually has multiple steps, but you should stay here till your computer will be absolutely clean from malware. If your main problem is solved, that doesn't mean that another malware isn't left in your computer. Your patience will be rewarded with absolutely clean computer.
Please, let me know, if you don't understand something. It is really important to understand every instruction. If you are in doubt, how to follow one or another instruction - feel free to ask me, how to do that. I am always glad to help you with that.
Please, don't fix anything by yourself. Please, don't run any tools unless they are required. Trying multiple tools in hope that one of them will help can lead to unrecoverable consequences. Sometimes malware removal tools, used without supervision, can harm your computer more than malware itself.
Please, feel free to notify me about changes in your PC's behavior. It's really interesting for me to know, how your computer is running after each portion of fixes.
Finally, let's go!

Please, post logs directly into topic, do not attach them.

Before we start, I need you to post another one log.

In C:\Users\User1\Downloads folder should be file called Extras.txt. Please, post contents of this log in your next message.

#3
Jenna Rich

Posted 27 March 2014 - 06:44 PM

New Member

Topic Starter
Member
2 posts

OTL Extras logfile created on: 27/03/2014 3:39:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User1\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16521)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 37.93% Memory free

7.86 Gb Paging File | 4.76 Gb Available in Paging File | 60.51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 221.07 Gb Total Space | 170.40 Gb Free Space | 77.08% Space Free | Partition Type: NTFS

Drive D: | 1.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JR | User Name: User1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03A9D5F8-418B-462E-9910-DA74B2DD4F5F}" = lport=139 | protocol=6 | dir=in | app=system |

"{135DA0F1-172F-4BBE-A141-62D66EF91102}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{1C269A16-03B4-4504-A9B6-EEAB080DCAD9}" = rport=138 | protocol=17 | dir=out | app=system |

"{301A98E0-6CCD-4410-9A3A-B68D710F8C8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{5930D728-6DEE-4470-B14E-EEB41FE588E2}" = rport=445 | protocol=6 | dir=out | app=system |

"{61EF8766-E330-4A55-B60F-205AE41DFA0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{887F130E-C7CD-41D2-8DF6-5ACE0727ECD0}" = rport=137 | protocol=17 | dir=out | app=system |

"{8EFAD2FE-9A7A-43DD-8E37-835700948A11}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{903C2E81-BB3B-4B97-AC67-D0AA8B433364}" = lport=138 | protocol=17 | dir=in | app=system |

"{A1E7E9C5-FC4C-4ACD-9450-C7333E1B0FD6}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A26BC276-35A7-4F13-B4F7-FA2789C5BBFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A3E7DEEC-CF95-4B98-AAB7-032F0A9E3BCD}" = lport=137 | protocol=17 | dir=in | app=system |

"{B2BF000B-F7D7-4DDD-98E4-0FF0E9D6E6A7}" = rport=139 | protocol=6 | dir=out | app=system |

"{CD84AFFC-1011-4CC6-9791-09ED5D64F77B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{F0DA88F7-17C7-4334-83B1-36AF99D55EAF}" = lport=445 | protocol=6 | dir=in | app=system |

"{FAE5F75D-AF28-49E9-A7B5-6BD316258F2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{07A0E88E-678B-42C6-A7E8-4596DD62B469}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{09B607C7-C4CC-4C09-84C4-FB6F89C477DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{10F4EC2C-FDE8-4BA9-8E01-281954E7B68C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{1B21D547-29B5-44B6-88AE-F79F9B292549}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{2BFF646A-F83C-4998-8275-2CA1A9E57FB4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |

"{31FBC5D6-AF69-49DD-9441-8BB73707522C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{41FF689B-F95C-4D37-8716-488A1C88EB20}" = dir=in | app=c:\users\user1\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{45A50A3B-5AF6-4760-BDD3-BCBE4CA38DD3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{49FDA4CA-5CD3-4127-80BB-88AAC4090563}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{540BABD2-4167-4209-B4B5-9A3C94F9750E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{55BEB552-3533-4E47-86C2-0BE320C2C0FC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |

"{56C92CE6-8650-4AA1-AC01-23E082568A9D}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{575BFEC6-E6B1-4D0D-BEE6-9CEF6531B0A2}" = protocol=58 | dir=out | [email protected],-28546 |

"{6C0DE24A-9E5A-46BD-BC42-C9A980A0AF15}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{7567AD04-4A82-4AD3-9398-B7A54134148E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{77A29133-3319-420C-82E9-2A73CB02B650}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |

"{783A72F7-3E0F-46ED-81AC-AC3E98CEDF39}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{7DC7FCBC-7978-480F-9F45-DF3865389497}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |

"{820E2371-5AE8-4526-9A78-2D15A8E96795}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{89D7DBBF-B457-42EA-B81D-54951C50F237}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |

"{95577E89-61C3-4FFF-9B08-B8AD1E76193D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9C0B4E02-29E0-4D27-B016-1722C1467950}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |

"{9C43C155-808E-4BF2-A418-FDC545AFD24A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{9DC50EF1-EE1A-4B51-8414-B531FE392A2E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A5B74D53-761F-4816-A901-B7AFAB3BDC15}" = dir=in | app=c:\users\user1\appdata\local\microsoft\skydrive\skydrive.exe |

"{A914056E-1518-4154-B507-9F3AEA6DD4A9}" = protocol=1 | dir=out | [email protected],-28544 |

"{AA244F8F-CFCE-4EED-B98F-C4C542A67006}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{AAA59787-66D2-4AB8-94F7-8612E6D89805}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |

"{B13DEAE2-13FB-4907-94E8-F1090A3B80B4}" = protocol=1 | dir=in | [email protected],-28543 |

"{BFAD6AF2-10C9-44A7-8247-DD37FB806064}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C220AEA2-1AB6-4162-AD17-889B32EDBB55}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

"{D4E36A8A-CE90-4E7D-9BFF-899ED9A15FA9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |

"{E0727AA0-55C3-4EDE-BD54-F9791BADEE8D}" = protocol=58 | dir=in | [email protected],-28545 |

"{E2D4E97E-9C2D-47C0-ABBF-93F3B28C5B32}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{E8AB88CF-1D06-42B3-ADEA-BAEF9153B2A9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{ECD82A8C-C7D8-49B9-ADAF-C4BEA8D56406}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{EED3651D-E395-427A-930B-DAD362B839E4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{FD4BCAA7-822A-4211-BC8F-CA0316A08EBC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |

"{FE8C2739-B376-40A9-A9A9-534155891946}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety

"{4507D686-CA94-4EF8-A2CA-89FF9828AE4F}" = AVG 2014

"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant

"{DFB2D93E-DEAE-4DF5-8863-CE2AB8F0B6AB}" = AVG 2014

"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Amazon Browser Bar" = Amazon Browser Bar

"AVG" = AVG 2014

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"HDMI" = Intel® Graphics Media Accelerator Driver

"Mega Browse" = Mega Browse

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"PC Optimizer Pro" = PC Optimizer Pro

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform

"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery

"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management

"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader

"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker

"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer

"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials

"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE

"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14

"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail

"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables

"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer

"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime

"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger

"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker

"{B8F10001-9552-4F40-8F61-6765CD22DD9E}" = WinDealist

"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call

"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail

"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{EC18A70E-95F5-4FB5-9233-2E91F774426A}" = Snap.Do

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater

"{EE68B04B-ABF4-4E83-87FF-42AF4C3F1D5B}" = IObit Apps Toolbar v8.9

"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform

"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update

"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Hard Evidence

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin

"AnyProtect" = AnyProtect

"c4309e0d-8b6c-444d-bce2-9785297de764" = Re-markit

"Connect" = Connect

"ContentExplorer" = ContentExplorer

"free ven" = free ven

"Gateway InfoCentre" = Gateway InfoCentre

"Gateway Registration" = Gateway Registration

"Gateway Screensaver" = Gateway ScreenSaver

"Gateway Welcome Center" = Welcome Center

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Identity Card" = Identity Card

"LManager" = Launch Manager

"MixiDJ_V44 Toolbar" = MixiDJ V44 Toolbar

"MovieMode" = Movie Mode

"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"mysearchdial" = Mysearchdial

"NAV" = Norton AntiVirus

"NST" = Norton Identity Safe

"Optimizer Pro_is1" = Optimizer Pro v3.2

"Protected Folder_is1" = Protected Folder

"Registry Helper" = Registry Helper

"SpeeditupFree" = SpeeditupFree

"VDC_is1" = Video Download Converter version 1.0.0.0

"VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar

"VOPackage" = VO Package

"weDownload Manager" = weDownload Manager

"WildTangent gateway Master Uninstall" = Gateway Games

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{3d525f35-36d4-442f-bf69-47535f9e1790}" = Snap.Do Engine

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

"SkyDriveSetup.exe" = Microsoft SkyDrive

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 27/03/2014 9:50:42 AM | Computer Name = JR | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/03/2014 10:32:18 AM | Computer Name = JR | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/03/2014 10:37:40 AM | Computer Name = JR | Source = Application Error | ID = 1000

Description = Faulting application name: rndlresolversvc.exe, version: 0.0.0.0,

time stamp: 0x516d22c9 Faulting module name: rndlresolversvc.exe, version: 0.0.0.0,

time stamp: 0x516d22c9 Exception code: 0xc0000005 Fault offset: 0x00003035 Faulting

process id: 0x998 Faulting application start time: 0x01cf49ca0bae8e0c Faulting application

path: C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe Faulting

module path: C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

Report

Id: 58eaff9a-b5bd-11e3-aa9d-00262d7501b3

Error - 27/03/2014 10:38:06 AM | Computer Name = JR | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/03/2014 10:38:10 AM | Computer Name = JR | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/03/2014 1:06:21 PM | Computer Name = JR | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/03/2014 1:21:24 PM | Computer Name = JR | Source = Application Error | ID = 1000

Description = Faulting application name: firefox.exe, version: 27.0.1.5156, time

stamp: 0x52fc0faa Faulting module name: xul.dll, version: 27.0.1.5156, time stamp:

0x52fc0f79 Exception code: 0xc0000005 Fault offset: 0x001560c7 Faulting process id:

0x160c Faulting application start time: 0x01cf49def14f568d Faulting application path:

C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program

Files (x86)\Mozilla Firefox\xul.dll Report Id: 387ab4f0-b5d4-11e3-999d-00262d7501b3

Error - 27/03/2014 1:24:01 PM | Computer Name = JR | Source = Application Error | ID = 1000

Description = Faulting application name: McSACore.exe, version: 3.6.5.103, time

stamp: 0x52e03bfb Faulting module name: ntdll.dll, version: 6.1.7601.18247, time

stamp: 0x521eaf24 Exception code: 0xc0000374 Fault offset: 0x00000000000c4102 Faulting

process id: 0xbcc Faulting application start time: 0x01cf49deb349767d Faulting application

path: c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report

Id: 95ae5760-b5d4-11e3-999d-00262d7501b3

Error - 27/03/2014 1:29:10 PM | Computer Name = JR | Source = Customer Experience Improvement Program | ID = 1008

Description =

Error - 27/03/2014 2:37:06 PM | Computer Name = JR | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 27/03/2014 3:19:54 PM | Computer Name = JR | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]

Error - 04/09/2013 11:31:26 AM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 11:31:14 AM - Error connecting to the internet. 11:31:14 AM - Unable

to contact server..

Error - 07/09/2013 10:14:49 AM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 10:14:48 AM - Error connecting to the internet. 10:14:48 AM - Unable

to contact server..

Error - 07/09/2013 10:15:04 AM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 10:14:54 AM - Error connecting to the internet. 10:14:54 AM - Unable

to contact server..

Error - 08/09/2013 1:18:07 PM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 1:18:07 PM - Error connecting to the internet. 1:18:07 PM - Unable

to contact server..

Error - 08/09/2013 1:18:30 PM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 1:18:13 PM - Error connecting to the internet. 1:18:13 PM - Unable

to contact server..

Error - 10/09/2013 12:38:49 AM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 12:38:49 AM - Error connecting to the internet. 12:38:49 AM - Unable

to contact server..

Error - 10/09/2013 12:39:02 AM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 12:38:55 AM - Error connecting to the internet. 12:38:55 AM - Unable

to contact server..

Error - 10/09/2013 7:15:42 PM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 7:15:36 PM - Error connecting to the internet. 7:15:36 PM - Unable

to contact server..

Error - 12/09/2013 11:01:07 AM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 11:01:07 AM - Error connecting to the internet. 11:01:07 AM - Unable

to contact server..

Error - 12/09/2013 11:01:35 AM | Computer Name = User1-PC | Source = MCUpdate | ID = 0

Description = 11:01:13 AM - Error connecting to the internet. 11:01:13 AM - Unable

to contact server..

[ System Events ]

Error - 27/03/2014 2:37:00 PM | Computer Name = JR | Source = Service Control Manager | ID = 7000

Description = The Registry Helper Service service failed to start due to the following

error: %%1053

Error - 27/03/2014 2:37:02 PM | Computer Name = JR | Source = Service Control Manager | ID = 7000

Description = The vToolbarUpdater15.2.0 service failed to start due to the following

error: %%2

Error - 27/03/2014 2:37:04 PM | Computer Name = JR | Source = Service Control Manager | ID = 7034

Description = The LiveUpdate service terminated unexpectedly. It has done this

1 time(s).

Error - 27/03/2014 2:39:56 PM | Computer Name = JR | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Registry

Helper Service service to connect.

Error - 27/03/2014 2:39:56 PM | Computer Name = JR | Source = Service Control Manager | ID = 7000

Description = The Registry Helper Service service failed to start due to the following

error: %%1053

Error - 27/03/2014 3:16:57 PM | Computer Name = JR | Source = DCOM | ID = 10010

Description =

Error - 27/03/2014 3:19:46 PM | Computer Name = JR | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Registry

Helper Service service to connect.

Error - 27/03/2014 3:19:46 PM | Computer Name = JR | Source = Service Control Manager | ID = 7000

Description = The Registry Helper Service service failed to start due to the following

error: %%1053

Error - 27/03/2014 3:19:51 PM | Computer Name = JR | Source = Service Control Manager | ID = 7000

Description = The vToolbarUpdater15.2.0 service failed to start due to the following

error: %%2

Error - 27/03/2014 3:19:52 PM | Computer Name = JR | Source = Service Control Manager | ID = 7034

Description = The LiveUpdate service terminated unexpectedly. It has done this

1 time(s).

< End of report >

#4
emeraldnzl

Posted 27 March 2014 - 07:09 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello Jenna and Phel,

I have merged these topics.

Jenna I think you opened a new topic by mistake. Phel just wanted you to post the Extras topic back here.

#5
Phel

Posted 28 March 2014 - 06:17 PM

Trusted Helper

Malware Removal
1,386 posts

Thank you, emeraldnzl.

--------------------------------------------------------

Jenna, let's start adware removal procedure.

Step 1. Uninstalling programs.

Open Start menu.
Click on Control Panel.
Click on Programs and Features. New window should appear.
Uninstall these programs one by one, selecting each program and clicking Uninstall button.

Programs to uninstall:

Mega Browse
PC Optimizer Pro
WinDealist
Snap.Do
IObit Apps Toolbar v8.9
AnyProtect
Re-markit
free ven
MixiDJ V44 Toolbar
Movie Mode
Mysearchdial
Optimizer Pro v3.2
Registry Helper
SpeeditupFree
VideoDownloadConverter Toolbar
VO Package
weDownload Manager
Snap.Do Engine

Step 2. OTL fix.

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:Commands
[CREATERESTOREPOINT]

:OTL
SRV:64bit: - [2009/07/13 21:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (70e6ca8c)
SRV - [2014/03/26 21:23:14 | 000,348,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe -- (Update Mega Browse)
SRV - [2014/03/26 20:45:49 | 000,348,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mega Browse\bin\utilMegaBrowse.exe -- (Util Mega Browse)
SRV - [2014/03/21 14:29:10 | 000,355,328 | ---- | M] () [Auto | Running] -- C:\Users\User1\AppData\Roaming\VOPackage\VOsrv.exe -- (vosr)
SRV - [2014/03/17 15:35:04 | 000,807,800 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2014/03/04 11:16:02 | 002,503,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Secure Speed Dial\IE\SecureUpdate.exe -- (SecureUpdateSvc)
SRV - [2014/02/10 19:33:12 | 000,055,440 | ---- | M] (GenTechnologies Apps, LLC) [Auto | Running] -- C:\ProgramData\MovieMode\MovieModeService.exe -- (MovieMode)
SRV - [2014/01/25 22:57:28 | 000,084,328 | ---- | M] (SafeApp Software, LLC) [Auto | Stopped] -- C:\Program Files (x86)\Registry Helper\RegistryHelperService.exe -- (Registry Helper Service)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=155209078&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=155209078&ir=
IE - HKLM\..\URLSearchHook: {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - No CLSID value found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...r=155209078&ir=
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=18/06/2013
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
IE - HKCU\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes\{50376C7B-CEC8-4CBE-B542-1A5F78DB3DFF}: "URL" = http://websearch.ask...8E-DFC272282F07
IE - HKCU\..\SearchScopes\{829A36F4-5481-4EEF-B541-5D2FE41D32E8}: "URL" = http://start.mysearc...=1196453428&ir=
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869
IE - HKCU\..\SearchScopes\{B387A2B6-7004-497A-A06E-A2A981FC3DA8}: "URL" = http://start.mysearc...r=155209078&ir=
IE - HKCU\..\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}: "URL" = http://ca.amazon.sma...y={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V44 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..extensions.enabledAddons: speeddial%40instair.net:1.4.2
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..extensions.enabledAddons: %7B10ea107a-1e21-48af-be43-9e461589fa89%7D:1.157
FF - prefs.js..extensions.enabledAddons: 0c3e9649-324d-4df0-a61e-7ac31aead042%402612bb82-5f8a-49b2-a299-348e707310fc.com:0.94.192
FF - prefs.js..extensions.enabledAddons: %7B29b136c9-938d-4d3d-8df8-d649d9b74d02%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: 46bccaaa-4500-481e-8908-9384802e175a%4089a8fdd1-d807-4096-8025-a41093fce600.com:0.94.20
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User1\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/13 21:24:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{10ea107a-1e21-48af-be43-9e461589fa89}: C:\Program Files (x86)\Re-markit-soft\157.xpi [2014/03/24 16:16:22 | 000,011,030 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4zffxtbr@VideoDownloadConverter_4z.com: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin [2013/11/03 22:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\User1\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/05/13 21:24:17 | 000,000,000 | ---D | M]
[2013/05/13 21:24:17 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\User1\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/06/18 19:21:47 | 000,000,000 | ---D | M] (DealPly  Shopping) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{d4a5fd5b-2243-4a66-9f96-9e488a2a4147}
[2013/12/12 14:46:33 | 000,000,000 | ---D | M] (WiseConvert B2) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{da7a20cf-bef4-4342-ad78-0240fdf87055}
[2014/03/08 22:11:28 | 000,000,000 | ---D | M] ("weDownload Manager") -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com
[2014/03/24 16:17:37 | 000,000,000 | ---D | M] ("free ven") -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com
[2014/03/26 21:32:31 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/26 21:32:26 | 000,000,000 | ---D | M] (WinDealist) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/09 14:44:34 | 000,000,000 | ---D | M] (AD Block) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected]
[2014/03/09 14:43:41 | 000,000,000 | ---D | M] (AccelerateTab) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\[email protected] 
[2014/03/24 19:07:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData
[2014/03/24 19:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\plugins
[2014/03/24 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com\extensionData\userCode
[2014/03/24 19:07:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com\extensionData
[2014/03/24 19:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com\extensionData\plugins
[2014/03/24 19:07:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\46bccaaa-4500-481e-8908-9384802e175a@89a8fdd1-d807-4096-8025-a41093fce600.com\extensionData\userCode
[2014/03/24 23:31:25 | 000,010,776 | ---- | M] () (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi
[2014/03/27 13:21:24 | 000,353,958 | ---- | M] () (No name found) -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
[2014/03/26 21:30:02 | 000,001,233 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\Mysearchdial.xml
[2013/07/19 07:31:22 | 000,002,440 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\Web Search.xml
[2013/09/20 21:54:39 | 000,001,102 | ---- | M] () -- C:\Users\User1\AppData\Roaming\mozilla\firefox\Profiles\358d6jl7.default\searchplugins\wiseconvert-b2-customized-web-search.xml
[2014/03/24 16:16:22 | 000,011,030 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\RE-MARKIT-SOFT\157.XPI
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll File not found
O2:64bit: - BHO: (no name) - {11111111-1111-1111-1111-110311431144} - No CLSID value found.
O2:64bit: - BHO: (free ven) - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\free ven\free ven-bho64.dll (freeven)
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (free ven) - {11111111-1111-1111-1111-110511161178} - C:\Program Files (x86)\free ven\free ven-bho.dll (freeven)
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (Mega Browse) - {4e6cd411-ce62-4584-97ff-6afbcf6900af} - C:\Program Files (x86)\Mega Browse\MegaBrowseBHO.dll (Mega Browse)
O2 - BHO: (no name) - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - No CLSID value found.
O2 - BHO: (WinDealist BHO) - {B8F10001-9552-4F40-8F61-6765CD22DD9E} - C:\Program Files (x86)\windealist\Internet Explorer\windealist.dll ()
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
O3:64bit: - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE64.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\8.9\iobitappsToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files (x86)\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O4 - HKLM..\Run: [Registry Helper] C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe (SafeApp Software, LLC)
O4 - HKLM..\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" File not found
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O4 - HKCU..\Run: [SpeedItupFree] C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe (MicroSmarts LLC.)
[2014/03/27 11:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2014/03/27 10:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
[2014/03/27 10:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2014/03/26 21:34:58 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Optimizer Pro
[2014/03/26 21:32:56 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
[2014/03/26 21:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\windealist
[2014/03/26 21:32:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Registry Helper
[2014/03/26 21:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Helper
[2014/03/26 21:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Helper
[2014/03/26 21:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/03/26 21:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/03/26 21:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyProtectEx
[2014/03/26 19:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedItup Free
[2014/03/26 19:46:53 | 000,000,000 | ---D | C] -- C:\Windows\SpeedItup Free
[2014/03/26 19:46:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedItup Free
[2014/03/24 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastClean PRO
[2014/03/24 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Local\MovieMode
[2014/03/24 18:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Browse
[2014/03/24 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MovieMode
[2014/03/24 18:35:24 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\mysearchdial
[2014/03/24 18:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial
[2014/03/24 18:35:15 | 001,172,720 | ---- | C] (AnyProtect.com) -- C:\Users\User1\AppData\Local\AnyProtectScannerSetup.exe
[2014/03/24 16:18:02 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/03/24 16:18:00 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\VOPackage
[2014/03/24 16:17:50 | 000,000,000 | ---D | C] -- C:\Users\User1\Documents\Optimizer Pro
[2014/03/24 16:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\free ven
[2014/03/24 16:17:15 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\Activeris
[2014/03/24 16:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Re-markit-soft
[2014/03/20 20:41:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2014/03/24 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastClean PRO
[2014/03/24 18:36:47 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Local\MovieMode
[2014/03/24 18:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Browse
[2014/03/24 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MovieMode
[2014/03/24 18:35:24 | 000,000,000 | ---D | C] -- C:\Users\User1\AppData\Roaming\mysearchdial
[2014/03/24 18:35:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mysearchdial
[2014/03/27 15:34:06 | 000,000,414 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2014/03/27 15:30:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/03/27 15:21:51 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\Re-markit Update.job
[2014/03/27 15:21:00 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2014/03/27 15:18:46 | 000,002,244 | ---- | M] () -- C:\Windows\tasks\free ven-firefoxinstaller.job
[2014/03/27 15:18:45 | 000,003,080 | ---- | M] () -- C:\Windows\tasks\free ven-chromeinstaller.job
[2014/03/27 15:18:45 | 000,001,490 | ---- | M] () -- C:\Windows\tasks\free ven-updater.job
[2014/03/27 15:18:38 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\Re-markit_wd.job
[2014/03/27 15:18:37 | 000,001,344 | ---- | M] () -- C:\Windows\tasks\free ven-enabler.job
[2014/03/27 13:04:48 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Updates.job
[2014/03/27 13:04:48 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro Idle.job
[2014/03/27 13:04:48 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 Scan.job
[2014/03/27 10:38:35 | 000,000,929 | ---- | M] () -- C:\Users\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2014/03/27 10:38:35 | 000,000,905 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2014/03/26 21:53:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP1.job
[2014/03/26 21:37:51 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP3.job
[2014/03/26 21:37:51 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\APSnotifierPP2.job
[2014/03/26 21:33:40 | 000,001,160 | ---- | M] () -- C:\Users\User1\AppData\Roaming\aps.scan.quick.results
[2014/03/26 21:33:40 | 000,000,318 | ---- | M] () -- C:\Users\User1\AppData\Roaming\aps.uninstall.scan.results
[2014/03/26 21:33:21 | 000,000,000 | ---- | M] () -- C:\Users\User1\AppData\Roaming\aps.scan.results
[2014/03/26 21:33:02 | 000,001,016 | ---- | M] () -- C:\Users\User1\Desktop\AnyProtect.lnk
[2014/03/26 21:32:01 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Registry Helper.lnk
[2014/03/26 21:29:40 | 000,001,033 | ---- | M] () -- C:\Users\User1\Desktop\Optimizer Pro.lnk
[2014/03/26 19:47:13 | 000,001,969 | ---- | M] () -- C:\Users\User1\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedItup Free.lnk
[2014/03/26 19:47:10 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\SpeedItup Free.lnk
[2014/03/26 16:42:18 | 001,172,720 | ---- | M] (AnyProtect.com) -- C:\Users\User1\AppData\Local\AnyProtectScannerSetup.exe
[2013/05/31 09:12:25 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\PerformerSoft
[2014/03/25 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\User1\AppData\Roaming\Activeris
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

:Commands
[RESETHOSTS]
[REBOOT]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.

Step 3. AdwCleaner scan.

Please, download AdwCleaner from here to your Desktop.
Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
Adwcleaner window should appear.
Click on Scan button. Scan could take some time to proceed.
Click on the Clean button.
Click on OK.
Computer will be rebooted automatically, when program will finish it's job.
After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 4. Changing Chrome homepage.

Your current Chrome homepage is malicious.

Please, follow this instruction and set your homepage to www.google.com or to something else, what you want.

Step 5. Uninstall Chrome extension.

Launch your Google Chrome browser.
In the address bar type the following:

chrome:extensions
Extension list will appear.
Find there following extensions:
- Re-markit
- Ebay Shopping Assistant by Spigot
- Domain Error Assistant
- AccelerateTab
- free ven
- AD Block
- Slick Savings
Click on the recycle bin icon near them (uninstall them).
Restart Google Chrome.

Step 6. OTL scan.

Run OTL.
Click on Scan All Users checkbox, which is located near Quick Scan button.
Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
Under the Custom Scans/Fixes box at the bottom, paste in the following:
```
BASESERVICES
set /c
```
Then click the Run Scan button at the top.
Let the program run unhindered.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

So, please, don't forget to post in your next message:

OTL.txt
Extras.txt
AdwCleaner's log

#6
Phel

Posted 03 April 2014 - 01:27 PM

Trusted Helper

Malware Removal
1,386 posts

Hello, Jenna,

Do you still need help?

#7
Phel

Posted 09 April 2014 - 01:48 PM

Trusted Helper

Malware Removal
1,386 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.