# Malwarebytes log help



## pjoseph

I ran Malwarebytes yesterday and it found 6 items, next i read the sticky in this forum and downloaded AdwCleaner and ran that.  I unchecked everything except for the three files/ folders it found and pressed clean.
After it restarted I  noticed the windows home button that was on the bottom left is now gone, but in its place is an icon that looks like a blank page.

If i click on it, it says Problem with Shortcut, "hostAppService.exe" has been changed or moved.

So i have two questions?
1) how do i get the home button back?
2) Is there anything else i need to do as far as removing adware or any other unwanted things that may be on my laptop.

Both logs are posted below, thanks.

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2015.06.03.01

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.17801
Joseph24$ :: LENOVO-PC [administrator]

Protection: Enabled

6/2/2015 10:27:58 PM
mbam-log-2015-06-02 (22-27-58).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 624130
Time elapsed: 59 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://www.safeshopgate.com/r?s=121000600&g=F0BD31DB-46D5-2071-0393-A9D7B7C811F6 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy|AppPath (PUP.Optional.Astromenda.C) -> Data: C:\Program Files (x86)\WSE_Astromenda\\ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Joseph24$\Documents\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\Joseph24$\AppData\Local\Temp\Framed Display (PUP.Optional.FramedDisplay.A) -> Quarantined and deleted successfully.

Files Detected: 1
C:\Users\Joseph24$\Documents\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.

(end)

================================================

# AdwCleaner v4.206 - Logfile created 05/06/2015 at 21:35:16
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Joseph24$ - LENOVO-PC
# Running from : C:\Users\Pete\Desktop\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\Joseph24$\AppData\Local\pokki
Folder Found : C:\Users\Joseph24$\AppData\Roaming\UpdaterEX
Folder Found : C:\Users\Pete\AppData\Local\pokki

***** [ Scheduled tasks ] *****

Task Found : UpdaterEX

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKCU\Software\Classes\pokki
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Pokki
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v43.0.2357.81

[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Default_Search_Provider_Data] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=

*************************

AdwCleaner[R0].txt - [7848 bytes] - [05/06/2015 19:33:24]
AdwCleaner[R1].txt - [7965 bytes] - [05/06/2015 19:50:40]
AdwCleaner[R2].txt - [7789 bytes] - [05/06/2015 21:35:17]
AdwCleaner[S0].txt - [364 bytes] - [05/06/2015 19:35:18]
AdwCleaner[S1].txt - [364 bytes] - [05/06/2015 19:51:41]

########## EOF - \AdwCleaner\AdwCleaner[R2].txt - [7964 bytes] ##########


----------



## pjoseph

does no replies mean i have nothing to worry about?
Anyone?


----------



## voyagerfan99

I'll send John a PM and direct him your way.

To save John from having to ask, do this as well.

Download *OTL* to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.  Just post the OTL.txt file in your reply.


----------



## pjoseph

Thank you very much, 

Anyway as you requested:

OTL logfile created on: 6/8/2015 9:13:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pete\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17801)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.93 Gb Total Physical Memory | 11.74 Gb Available Physical Memory | 73.73% Memory free
31.93 Gb Paging File | 27.50 Gb Available in Paging File | 86.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.87 Gb Total Space | 764.62 Gb Free Space | 85.73% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.05 Gb Free Space | 92.19% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: Joseph24$ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pete\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\log.dll ()
MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll ()


========== Services (SafeList) ==========

SRV:*64bit:* - (AvastVBoxSvc) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe File not found
SRV:*64bit:* - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)
SRV:*64bit:* - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:*64bit:* - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:*64bit:* - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:*64bit:* - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:*64bit:* - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:*64bit:* - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:*64bit:* - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:*64bit:* - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:*64bit:* - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:*64bit:* - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:*64bit:* - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:*64bit:* - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:*64bit:* - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:*64bit:* - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:*64bit:* - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:*64bit:* - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:*64bit:* - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:*64bit:* - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:*64bit:* - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:*64bit:* - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:*64bit:* - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:*64bit:* - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:*64bit:* - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:*64bit:* - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:*64bit:* - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:*64bit:* - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:*64bit:* - (NitroDriverReadSpool8) -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nitro PDF Software)
SRV:*64bit:* - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:*64bit:* - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:*64bit:* - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (VeriFaceSrv) -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe ()
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (UsbService) -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe ()


========== Driver Services (SafeList) ==========

DRV:*64bit:* - (VBoxAswDrv) -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys File not found
DRV:*64bit:* - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:*64bit:* - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:*64bit:* - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:*64bit:* - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (Avast Software s.r.o.)
DRV:*64bit:* - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:*64bit:* - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:*64bit:* - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:*64bit:* - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:*64bit:* - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:*64bit:* - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:*64bit:* - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:*64bit:* - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:*64bit:* - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:*64bit:* - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:*64bit:* - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:*64bit:* - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:*64bit:* - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:*64bit:* - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:*64bit:* - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:*64bit:* - (ReFS) -- C:\windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:*64bit:* - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:*64bit:* - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:*64bit:* - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:*64bit:* - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:*64bit:* - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:*64bit:* - (Wof) -- C:\windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:*64bit:* - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:*64bit:* - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:*64bit:* - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:*64bit:* - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:*64bit:* - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:*64bit:* - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:*64bit:* - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:*64bit:* - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:*64bit:* - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:*64bit:* - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:*64bit:* - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:*64bit:* - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:*64bit:* - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:*64bit:* - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:*64bit:* - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:*64bit:* - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:*64bit:* - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:*64bit:* - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:*64bit:* - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:*64bit:* - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:*64bit:* - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:*64bit:* - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:*64bit:* - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:*64bit:* - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:*64bit:* - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:*64bit:* - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:*64bit:* - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:*64bit:* - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:*64bit:* - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:*64bit:* - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:*64bit:* - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:*64bit:* - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:*64bit:* - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:*64bit:* - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:*64bit:* - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:*64bit:* - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:*64bit:* - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:*64bit:* - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:*64bit:* - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:*64bit:* - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:*64bit:* - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:*64bit:* - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:*64bit:* - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:*64bit:* - (athr) -- C:\Windows\SysNative\drivers\athwbx.sys (Qualcomm Atheros Communications, Inc.)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:*64bit:* - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:*64bit:* - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:*64bit:* - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:*64bit:* - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:*64bit:* - (NETwNe64) -- C:\Windows\SysNative\drivers\NETwew00.sys (Intel Corporation)
DRV:*64bit:* - (IntelHSWPcc) -- C:\Windows\SysNative\drivers\IntelPcc.sys (Intel Corporation)
DRV:*64bit:* - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:*64bit:* - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation)
DRV:*64bit:* - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:*64bit:* - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys ("CyberLink)
DRV:*64bit:* - (PcaSp60) -- C:\Windows\SysNative\drivers\PcaSp60.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:*64bit:* - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:*64bit:* - (vuhub) -- C:\Windows\SysNative\drivers\vuhub.sys ()
DRV - (PcaSp60) -- C:\Windows\SysWOW64\drivers\PcaSp60.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
IE:*64bit:* - HKLM\..\SearchScopes\{5B5618EC-4F4F-4595-9EEE-F3BDC47CB55C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5B5618EC-4F4F-4595-9EEE-F3BDC47CB55C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/06/03 18:51:04 | 000,000,000 | ---D | M]


========== Chrome  ==========

CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited)
O4:*64bit:* - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo(beijing) Limited)
O4:*64bit:* - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4:*64bit:* - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:*64bit:* - HKLM..\Run: [RtsFT] C:\windows\RTFTrack.exe (Realtek semiconductor)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [Lenovo App Shop] C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Pokki] C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform File not found
O4:*64bit:* - HKLM..\RunOnce: [*WerKernelReporting] C:\windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found
O4:*64bit:* - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found
O4:*64bit:* - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found
O4:*64bit:* - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:*64bit:* - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:*64bit:* - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found
O4 - HKLM..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\f6538863-8545-45c1-ad66-dd66c9e4134e.exe (AVAST Software)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S2].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74283C68-AE3F-44CB-9B51-2C767A8C54C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B5AB6B3-97EE-477D-854D-39D2DEB2A800}: DhcpNameServer = 192.168.1.1
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/06/06 10:58:53 | 000,000,000 | ---D | C] -- C:\Users\Joseph24$\AppData\Local\GWX
[2015/06/05 19:33:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/06/03 18:59:47 | 000,000,000 | ---D | C] -- C:\windows\%LOCALAPPDATA%
[2015/06/03 18:51:05 | 000,364,472 | ---- | C] (Avast Software s.r.o.) -- C:\windows\SysNative\aswBoot.exe
[2015/06/03 18:51:02 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\windows\avastSS.scr
[2015/05/19 19:37:41 | 000,000,000 | ---D | C] -- C:\windows\Migration

========== Files - Modified Within 30 Days ==========

[2015/06/08 21:11:00 | 000,000,926 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/06/08 20:36:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/06/08 19:30:56 | 000,067,584 | -HS- | M] () -- C:\windows\bootstat.dat
[2015/06/07 18:11:00 | 000,000,922 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/06/06 00:14:34 | 000,865,408 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/06/06 00:14:34 | 000,732,688 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/06/06 00:14:34 | 000,136,262 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/06/05 21:47:51 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2015/06/05 21:47:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/06/05 21:47:29 | 795,467,773 | -HS- | M] () -- C:\hiberfil.sys
[2015/06/05 21:47:05 | 000,023,040 | ---- | M] () -- C:\windows\SysNative\VfService.trf
[2015/06/03 18:51:03 | 000,442,264 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/06/03 18:51:03 | 000,364,472 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\aswBoot.exe
[2015/06/03 18:51:03 | 000,272,248 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/06/03 18:51:03 | 000,137,288 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/06/03 18:51:03 | 000,093,528 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/06/03 18:51:03 | 000,089,944 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2015/06/03 18:51:03 | 000,065,736 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/06/03 18:51:03 | 000,029,168 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/06/03 18:51:02 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\windows\avastSS.scr
[2015/06/03 18:51:00 | 001,047,320 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswSnx.sys
[2015/05/27 16:58:18 | 824,505,699 | ---- | M] () -- C:\windows\MEMORY.DMP
[2015/05/26 13:12:39 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/05/14 07:55:19 | 005,038,040 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2015/06/06 11:29:06 | 000,410,336 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2015/02/06 15:54:25 | 000,107,008 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2015/02/06 15:53:59 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2015/01/05 20:04:23 | 000,007,628 | ---- | C] () -- C:\Users\Joseph24$\AppData\Local\Resmon.ResmonCfg
[2014/10/03 18:36:30 | 000,186,368 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/10/03 18:36:28 | 016,810,624 | ---- | C] () -- C:\windows\SysWow64\igd11dxva32.dll
[2014/04/29 14:20:16 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini
[2014/03/23 20:11:26 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2013/12/05 05:19:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/05 05:17:57 | 000,881,814 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | -HS- | C] () -- C:\windows\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2014/06/06 18:54:20 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 10:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 10:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 18:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 17:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 18:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/13 14:44:15 | 000,000,000 | ---D | M] -- C:\Users\Joseph24$\AppData\Roaming\AVAST Software
[2014/09/06 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\Joseph24$\AppData\Roaming\Samsung

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >


----------



## pjoseph

OTL Extras logfile created on: 6/8/2015 9:13:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pete\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17801)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.93 Gb Total Physical Memory | 11.74 Gb Available Physical Memory | 73.73% Memory free
31.93 Gb Paging File | 27.50 Gb Available in Paging File | 86.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.87 Gb Total Space | 764.62 Gb Free Space | 85.73% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.05 Gb Free Space | 92.19% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: Joseph24$ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2AEBF198-B1E3-421A-8993-14B1035093F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2D6B88D7-4F2E-45B2-947D-2D33703624DF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{67DE75C2-82C4-4D84-B777-56F9C15EA5E6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{78737543-384F-4949-9114-455477E88356}" = lport=137 | protocol=17 | dir=in | app=system | 
"{794E4192-F5AD-4EC1-BB47-64F664187B28}" = rport=138 | protocol=17 | dir=out | app=system | 
"{81CF2A59-D05B-4585-BF67-98CEAB0EF7D4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8C096498-F96F-48E9-A5FF-7DCBBDA977E2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CA3AB164-852D-4536-949E-39B70BC32C0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF4DEDF2-E7D5-4365-A8B1-07B5FE02466D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E672CE82-0504-4235-A905-9B6430502278}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6CFCC91-3C34-4915-99F5-661862F33B7B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{EC2C24F7-4454-4321-8646-4B07A4756056}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EE51AD2F-24E7-4E35-9FBD-98A6F19706E0}" = lport=138 | protocol=17 | dir=in | app=system | 

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037D34F3-9560-4902-955A-6DE501213963}" = dir=out | name=red karaoke for lenovo | 
"{097FAC1B-B5F4-461E-9972-967AB91BD6C0}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n66r wireless router utilities\rescue.exe | 
"{0ED3C000-5B01-4C25-B644-EB147F3C4BBE}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\printer utilities\usbservice64.exe | 
"{1581C4F3-3E71-4AEE-A50D-1D1DB414D44C}" = dir=out | name=powerdvd for lenovo idea | 
"{1977E1D9-9231-445D-9709-54AAD4BAA5C6}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{1BEB7C2B-EC5D-4F50-B95A-5EEFFF2DAAE7}" = dir=in | name=evernote touch | 
"{1C038A25-60D6-4A8F-8F91-2DE861FAB9D4}" = dir=out | name=@{microsoft.bingnews_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{1C485C7D-4CDE-4476-9E9C-B85118F6A1AF}" = dir=in | app=c:\program files (x86)\lenovo\lenovoappshop\bin\ismloader.exe | 
"{1F1DDE23-5606-4DDB-9F33-F8C84D3A5BAD}" = dir=out | name=camera man | 
"{217F80AE-25A9-426D-8913-86B6822629D4}" = dir=out | name=mcafee® central for lenovo | 
"{2474B36E-0F1D-415A-9F45-67ABC2E40E96}" = dir=out | name=@{microsoft.bingfinance_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{2A93ABDC-9A02-4454-BB26-CAB5BD07F5D7}" = dir=in | name=skype | 
"{2C5C2C8C-60E8-47DE-B915-90CAA9E24586}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{32E15006-7653-4ABD-B5FA-57F9FC361445}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{34FDC4EB-DF41-4FD4-B2E6-9D59480A314A}" = protocol=17 | dir=in | app=c:\users\pete\appdata\local\temp\pft4922.tmp\printer.exe | 
"{3605F051-A73B-40A0-A43A-639AC8AF6581}" = dir=out | name=yousendit for lenovo | 
"{36F869E0-EAC7-4DD1-B007-8E098EB550A4}" = dir=out | name=kindle | 
"{3F81A34A-5D5A-4667-B213-63D8E4900511}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{42CD1345-3935-4ABD-B922-30953A137227}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n66r wireless router utilities\discovery.exe | 
"{45B45EDA-67EF-414A-B5ED-CB973FC9704B}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | 
"{4F63ABFF-0B57-46D9-B0DC-FD95F3304963}" = dir=out | name=yousendit for lenovo | 
"{4FA562D7-FE68-47F2-A231-E65A66587092}" = dir=out | name=zinio | 
"{501C8041-B2ED-4119-808E-BE0591502220}" = dir=out | name=kindle | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5A467C75-AD9B-47CC-BB38-7234716B64A8}" = dir=in | name=skype | 
"{5ABBAAE1-EB15-4450-889A-19EB932EDD93}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{5B340B10-BA43-4AEA-88F5-D50EF6621AD8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{5D96AEB3-23A1-47D8-85EA-673C8B624205}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n66r wireless router utilities\discovery.exe | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{61B54647-388A-462E-8B80-BCCF0BB323F1}" = dir=in | name=evernote touch | 
"{648CF7BF-CF57-426E-B6A9-2B62F8A2D098}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{66022DDE-559E-44E2-9344-425A92DB74D5}" = dir=in | name=powerdvd for lenovo idea | 
"{6632235D-AA4B-4733-8EAA-4A1369BC46D6}" = dir=out | name=evernote touch | 
"{678BFEAC-F6F3-48E6-B87C-84D0B16BF93D}" = protocol=17 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{6D1E609B-19B0-486A-9235-1082C37E191B}" = dir=out | name=lenovo support | 
"{6F753D18-67F6-4B98-83A3-0F83483FCD4E}" = dir=out | name=ebay | 
"{71B7E8C4-8D98-48CA-A1AA-0A0F5AECFC77}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{74688010-EA81-4E99-BB7C-060F44751F62}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{77175CCC-03F3-4666-BB08-6508E02101C2}" = dir=out | name=lenovo support | 
"{7BFED4B6-A2EE-41CE-B781-289BDCA4ADF3}" = dir=in | name=rara music with lenovo | 
"{7C732E51-4DE5-47C8-A62C-E94BFA773B5E}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{7E0DA912-F06E-431C-BDE4-E04CB44AD624}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe | 
"{7E7C5717-C466-43F9-B814-E9F4ADB90E19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{80A17DD4-4859-4443-B3E9-54192B43C3CA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{82CFD631-2EF6-4999-84BE-59CCE0F9E4DE}" = dir=out | name=evernote touch | 
"{84B6E353-7111-4ED7-81C8-4AD4E483E64E}" = dir=out | name=@{microsoft.bingmaps_2.1.2922.2139_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{86EA52E6-A40B-43D1-B739-45CD63823CF3}" = dir=out | name=windows_ie_ac_001 | 
"{875E2CD7-9551-4CA3-A299-2C6B17F13961}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\rt-n66r wireless router utilities\qiswizard.exe | 
"{878158E0-357C-4C61-813D-C185105AB05C}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{8816F6F6-DC13-4926-BA03-A81141B61867}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n66r wireless router utilities\rescue.exe | 
"{8C23E4E0-0928-44C7-A33A-ABCE5EF990AF}" = dir=in | name=evernote touch | 
"{8FB56196-DC97-4B58-B235-C2DC7571A673}" = dir=out | name=rara music with lenovo | 
"{93875C29-1845-4087-AA2C-BFFD3B3A9714}" = dir=out | name=skype | 
"{938AD8AB-3484-4DC7-9E81-6188762D8B20}" = dir=out | name=companion | 
"{9B672F72-5013-4766-B174-EC98225E4579}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{9D6D60C0-93CA-479D-9506-B8DE0E9E9F98}" = protocol=6 | dir=in | app=c:\program files\avast software\avast\ng\vbox\aswfe.exe | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9F2A9866-8F05-43E2-A24F-D3C39E4B556F}" = dir=out | name=@{microsoft.zunemusic_2.2.903.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{9F803490-114E-4802-AB7B-4A2716503567}" = dir=out | name=zinio | 
"{A2621C0F-FBB2-48B3-90C1-BBBB6D14E5C5}" = dir=in | name=rara music with lenovo | 
"{A6A78C3B-74CB-48FF-BD8A-07580B59B466}" = dir=out | name=evernote touch | 
"{AFD5B319-5629-41F6-AF19-ED0385102F01}" = dir=in | app=c:\program files (x86)\lenovo\lenovoappshop\bin\ismagent.exe | 
"{B2551312-5C6B-419C-8B25-4B0DBB7B75F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{B539AEE8-BC97-4149-9BF9-7A60F4D357F9}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | 
"{B5747EAE-BE7C-4D4C-A505-6FDC6C985F12}" = dir=out | name=@{microsoft.bingtravel_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{B59EA14D-C213-4DD0-859D-E3ADEA798A8F}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.315_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{B96EDBA5-4321-4B26-B976-3B66B53AC7B1}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{BAFB047B-27EE-44D3-81C3-847DF44A418C}" = dir=out | name=accuweather for windows 8 | 
"{BFA4D7A9-CF8B-439C-9A19-F88F4B337A48}" = dir=out | name=accuweather for windows 8 | 
"{C28504B1-166F-438D-A926-5322B0864B12}" = dir=out | name=camera man | 
"{C3B7BF44-90EC-4784-9B53-783DEF51A548}" = dir=out | name=@{microsoft.bingtravel_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{C4086A53-BE2C-4DA6-BB15-7A045AF1436F}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{C9996A3F-7D30-4EE0-A745-76B27B8CA58C}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | 
"{C9C757CD-EA11-4BA4-99A1-634474EB77DC}" = dir=out | name=@{microsoft.zunevideo_2.2.902.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{CF0232C3-AF37-454A-BDB6-5248DC06EC61}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.313_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{CF8ACFA8-7D14-4FE1-B039-55BC3F7D4390}" = dir=in | name=mcafee® central for lenovo | 
"{D334431B-BA9D-43ED-8390-1239B6161607}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{D53A5779-F03E-4134-B805-C720DCECECCC}" = dir=in | name=powerdvd for lenovo idea | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D9B3F30F-9181-45E3-BF3A-20701D687EC3}" = dir=out | name=skype | 
"{DB0F7960-E928-4129-8478-77558896E433}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DF4B7C79-B1A5-4E8B-8426-030ABF4685C0}" = dir=out | name=powerdvd for lenovo idea | 
"{E6E650B8-4412-4EBB-AD0D-D6208BE84C72}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | 
"{E6F84B02-A0A6-48B6-AF32-067E5BD5BF46}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{E79E322A-25C1-43C2-9F74-34B15E8ADAF8}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\printer utilities\usbservice64.exe | 
"{E8FCBE45-A424-4F98-B1B7-E14A1646D24B}" = dir=in | name=evernote touch | 
"{EA632C53-61EA-43D4-ACED-9280DB83CC06}" = dir=out | name=red karaoke for lenovo | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EFA8C2B4-96BA-4153-84D2-CF2593CE6C48}" = protocol=6 | dir=in | app=c:\users\pete\appdata\local\temp\pft4922.tmp\printer.exe | 
"{F3D0A139-B6B4-4EC1-9611-4187F7EA4B57}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\rt-n66r wireless router utilities\qiswizard.exe | 
"{F3E33329-3C17-4616-9F37-EB99B069AD9B}" = dir=in | name=accuweather for windows 8 | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6BC94DA-EA9A-4B13-94AB-FE55FD05EAF9}" = dir=in | name=zinio | 
"{F6DCC118-C898-4753-8068-CC40F322A432}" = dir=out | name=rara music with lenovo | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{F94E671C-499D-4767-9E32-68D9FD21A8AC}" = dir=out | name=lenovo companion | 
"{FA1FFF76-3DB0-4104-B6C0-68D5C28CC8D1}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.115_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/whitelabel/app-name} | 
"{FB9E323E-DA80-495F-9B9F-3CE615B0022B}" = dir=out | name=@{microsoft.bingsports_3.0.2.258_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{FBDD95AD-7600-47DB-A07B-66DB0314A290}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FC99189E-F5ED-432B-B731-A3E69EC6054E}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{FD0F8C82-AE74-4E58-AA18-ECF4FF675A7A}" = dir=out | name=ebay | 
"{FDFE5884-8C5F-42AE-AB5E-DBBDD74552F7}" = dir=in | name=zinio | 
"{FE5D5647-2685-47BD-A2CA-AFBBC3E45741}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{32A578ED-E607-4435-BE37-838326ADA6C4}C:\users\pete\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\pete\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{3F9B190E-93FC-4F32-B448-5FB412E13A3D}C:\users\pete\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\pete\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{BEED8C4C-2F31-43F1-BA8D-8154672F06BB}C:\users\pete\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\pete\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{F8526A68-ECD9-4AC6-8FBC-EDD67CE31A70}C:\users\pete\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\pete\appdata\roaming\spotify\spotify.exe | 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}" = WD SmartWare
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E7DFD3E-2E89-4F35-B4F2-D3301A4AD190}" = Nitro Pro 8
"{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}" = Dolby Digital Plus Home Theater
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{F997E60E-E4CF-49B3-B01B-048297416AC1}" = Intel(R) Rapid Storage Technology
"35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E" = Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776)
"6BCA401E9CBEED970D75F55FA5320F60D11984E9" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288)
"GIMP-2_is1" = GIMP 2.8.10
"Lenovo VeriFace" = Lenovo VeriFace
"LenovoExperienceImprovement" = Lenovo Experience Improvement
"StageLight" = StageLight version 1.0.0.3508
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}" = Lenovo Reach
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2B58AB2C-D980-47FD-8633-E360314BA662}" = WD Security
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DC436D-02B4-48F5-AF30-01EDED35168F}" = Alcor Micro USB Card Reader
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C767081-9DB1-4C02-AB02-0E692CFEDA41}" = ASUS RT-N66R Wireless Router Utilities
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}" = WD Drive Utilities
"0E7DAF70-FB54-4B91-B192-7E771C25AEEB" = Intel Collaborative Processor Performance Control
"Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI
"AmUStor" = Alcor Micro USB Card Reader
"Avast" = Avast Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}" = Energy Manager
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo App Shop 45246" = Lenovo App Shop
"Lenovo Photos" = Lenovo Photos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pokki" = Start Menu

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/27/2015 8:54:23 PM | Computer Name = Lenovo-PC | Source = Application Error | ID = 1000
Description = Faulting application name: splwow64.exe, version: 6.3.9600.17480, 
time stamp: 0x545871c1  Faulting module name: GDI32.dll, version: 6.3.9600.17415, 
time stamp: 0x545043cd  Exception code: 0xc0000005  Fault offset: 0x000000000006cae3
Faulting
 process id: 0x2a80  Faulting application start time: 0x01d068f1b5a62d91  Faulting application
 path: C:\windows\splwow64.exe  Faulting module path: C:\windows\system32\GDI32.dll
Report
 Id: f9522e76-d4e4-11e4-83b5-0c54a52b0ba4  Faulting package full name:   Faulting package-relative
 application ID: 

Error - 4/1/2015 3:43:17 PM | Computer Name = Lenovo-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 

Error - 4/1/2015 5:16:50 PM | Computer Name = Lenovo-PC | Source = Perflib | ID = 1008
Description = 

Error - 4/1/2015 5:16:55 PM | Computer Name = Lenovo-PC | Source = Perflib | ID = 1023
Description = 

Error - 4/3/2015 12:12:44 AM | Computer Name = Lenovo-PC | Source = Perflib | ID = 1023
Description = 

Error - 4/4/2015 2:27:42 AM | Computer Name = Lenovo-PC | Source = Perflib | ID = 1008
Description = 

Error - 4/4/2015 2:27:44 AM | Computer Name = Lenovo-PC | Source = Perflib | ID = 1023
Description = 

Error - 4/5/2015 1:59:26 AM | Computer Name = Lenovo-PC | Source = Desktop Window Manager | ID = 9020
Description = The Desktop Window Manager has encountered a fatal error (0x8898008d)

Error - 4/5/2015 1:07:58 PM | Computer Name = Lenovo-PC | Source = Perflib | ID = 1023
Description = 

Error - 4/8/2015 3:31:03 PM | Computer Name = Lenovo-PC | Source = Perflib | ID = 1023
Description = 

[ System Events ]
Error - 5/27/2015 7:58:21 PM | Computer Name = Lenovo-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:10:32 AM on ?5/?27/?2015 was unexpected.

Error - 5/27/2015 7:58:26 PM | Computer Name = LENOVO-PC | Source = BugCheck | ID = 1001
Description = 

Error - 5/27/2015 10:25:41 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 

Error - 5/27/2015 10:35:55 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 

Error - 5/28/2015 7:24:05 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 

Error - 5/28/2015 7:24:35 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 

Error - 5/29/2015 2:44:06 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 

Error - 5/29/2015 2:44:45 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 

Error - 5/30/2015 3:59:34 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 

Error - 5/31/2015 1:24:32 PM | Computer Name = Lenovo-PC | Source = DCOM | ID = 10010
Description = 


< End of report >


----------



## johnb35

pjoseph said:


> I ran Malwarebytes yesterday and it found 6 items, next i read the sticky in this forum and downloaded AdwCleaner and ran that.  I unchecked everything except for the three files/ folders it found and pressed clean.



What do you mean you unchecked everything but the 3 files/folders it found?  

You need to let adwcleaner remove whatever it finds. 

Please rerun adwcleaner and post the new results after making sure everything is checked and click on clean.  Then also post a new OTL log.


----------



## pjoseph

The reason why is because if i left everything checked and pressed clean it would freeze up the computer.  
So i figured i would try a few at a time instead of all at once, which is why I only selected the 3 files/folders but after the restart I noticed my home button was missing so i stopped there.

I will wait for your reply before running it again.

Thanks again for the help appreciate it.


----------



## johnb35

Try running it in safe mode, i've had luck with safe mode when it would freeze in regular mode.


----------



## pjoseph

ok thanks, ran it in safe mode

# AdwCleaner v4.206 - Logfile created 10/06/2015 at 12:41:14
# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Joseph24$ - LENOVO-PC
# Running from : C:\Users\Pete\Desktop\Downloads\AdwCleaner (1).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v43.0.2357.81

[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://astromenda.com/?f=7&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=
[C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtD0A0FtAyD0EyDzytByC0EtN0D0Tzu0StCtDtCzztN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDtCtB0F0BtC0C0AtGtByB0EyCtGyE0DtCyCtGtDtDyD0EtGtDyBzy0FtB0C0Ezz0DtCtCyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByDzztByEyB0C0CtG0CyDzyyDtGyEyEzy0EtGzyzzyE0AtG0CtC0E0F0A0AyCyC0FyEtB0F2Q&cr=1106265637&ir=

*************************

AdwCleaner[R0].txt - [7848 bytes] - [05/06/2015 19:33:24]
AdwCleaner[R1].txt - [7965 bytes] - [05/06/2015 19:50:40]
AdwCleaner[R2].txt - [8077 bytes] - [05/06/2015 21:35:17]
AdwCleaner[R3].txt - [8009 bytes] - [10/06/2015 12:40:04]
AdwCleaner[S0].txt - [364 bytes] - [05/06/2015 19:35:18]
AdwCleaner[S1].txt - [364 bytes] - [05/06/2015 19:51:41]
AdwCleaner[S2].txt - [3699 bytes] - [05/06/2015 21:46:17]
AdwCleaner[S3].txt - [7577 bytes] - [10/06/2015 12:41:14]

########## EOF - \AdwCleaner\AdwCleaner[S3].txt - [7636  bytes] ##########


----------



## pjoseph

OTL logfile created on: 6/10/2015 12:51:30 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pete\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17842)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.93 Gb Total Physical Memory | 13.55 Gb Available Physical Memory | 85.10% Memory free
31.93 Gb Paging File | 29.49 Gb Available in Paging File | 92.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 891.87 Gb Total Space | 762.32 Gb Free Space | 85.47% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 23.05 Gb Free Space | 92.19% Space Free | Partition Type: NTFS

Computer Name: LENOVO-PC | User Name: Joseph24$ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pete\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2launcher.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\log.dll ()
MOD - C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll ()


========== Services (SafeList) ==========

SRV:*64bit:* - (AvastVBoxSvc) -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe File not found
SRV:*64bit:* - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Avast Software s.r.o.)
SRV:*64bit:* - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:*64bit:* - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:*64bit:* - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:*64bit:* - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:*64bit:* - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:*64bit:* - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:*64bit:* - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:*64bit:* - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:*64bit:* - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:*64bit:* - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:*64bit:* - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:*64bit:* - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:*64bit:* - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:*64bit:* - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:*64bit:* - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:*64bit:* - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:*64bit:* - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:*64bit:* - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:*64bit:* - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:*64bit:* - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:*64bit:* - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:*64bit:* - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:*64bit:* - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:*64bit:* - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:*64bit:* - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:*64bit:* - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:*64bit:* - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:*64bit:* - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:*64bit:* - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:*64bit:* - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:*64bit:* - (NitroDriverReadSpool8) -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nitro PDF Software)
SRV:*64bit:* - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV:*64bit:* - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:*64bit:* - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (PrintNotify) -- C:\windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (VeriFaceSrv) -- C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe ()
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Windows (R) Win 7 DDK provider)
SRV - (ZAtheros Bt and Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital Technologies, Inc.)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital Technologies, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (UsbService) -- C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe ()


========== Driver Services (SafeList) ==========

DRV:*64bit:* - (VBoxAswDrv) -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys File not found
DRV:*64bit:* - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:*64bit:* - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (Avast Software s.r.o.)
DRV:*64bit:* - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:*64bit:* - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:*64bit:* - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (Avast Software s.r.o.)
DRV:*64bit:* - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:*64bit:* - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:*64bit:* - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:*64bit:* - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:*64bit:* - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:*64bit:* - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:*64bit:* - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:*64bit:* - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:*64bit:* - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:*64bit:* - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:*64bit:* - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:*64bit:* - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:*64bit:* - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:*64bit:* - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:*64bit:* - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:*64bit:* - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:*64bit:* - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:*64bit:* - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:*64bit:* - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:*64bit:* - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:*64bit:* - (ReFS) -- C:\windows\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:*64bit:* - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:*64bit:* - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:*64bit:* - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:*64bit:* - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:*64bit:* - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:*64bit:* - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:*64bit:* - (Wof) -- C:\windows\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:*64bit:* - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:*64bit:* - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:*64bit:* - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:*64bit:* - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:*64bit:* - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:*64bit:* - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation)
DRV:*64bit:* - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:*64bit:* - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:*64bit:* - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:*64bit:* - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:*64bit:* - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:*64bit:* - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Qualcomm Atheros)
DRV:*64bit:* - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Qualcomm Atheros)
DRV:*64bit:* - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Qualcomm Atheros)
DRV:*64bit:* - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Qualcomm Atheros)
DRV:*64bit:* - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:*64bit:* - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:*64bit:* - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:*64bit:* - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:*64bit:* - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:*64bit:* - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:*64bit:* - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:*64bit:* - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:*64bit:* - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:*64bit:* - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:*64bit:* - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:*64bit:* - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:*64bit:* - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:*64bit:* - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:*64bit:* - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:*64bit:* - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:*64bit:* - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:*64bit:* - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:*64bit:* - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:*64bit:* - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:*64bit:* - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:*64bit:* - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:*64bit:* - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:*64bit:* - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:*64bit:* - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:*64bit:* - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:*64bit:* - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:*64bit:* - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:*64bit:* - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:*64bit:* - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:*64bit:* - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:*64bit:* - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:*64bit:* - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:*64bit:* - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:*64bit:* - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:*64bit:* - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:*64bit:* - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:*64bit:* - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:*64bit:* - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:*64bit:* - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:*64bit:* - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:*64bit:* - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:*64bit:* - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:*64bit:* - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:*64bit:* - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:*64bit:* - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:*64bit:* - (athr) -- C:\Windows\SysNative\drivers\athwbx.sys (Qualcomm Atheros Communications, Inc.)
DRV:*64bit:* - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:*64bit:* - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:*64bit:* - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:*64bit:* - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:*64bit:* - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:*64bit:* - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:*64bit:* - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:*64bit:* - (L1C) -- C:\Windows\SysNative\drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:*64bit:* - (NETwNe64) -- C:\Windows\SysNative\drivers\NETwew00.sys (Intel Corporation)
DRV:*64bit:* - (IntelHSWPcc) -- C:\Windows\SysNative\drivers\IntelPcc.sys (Intel Corporation)
DRV:*64bit:* - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:*64bit:* - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation)
DRV:*64bit:* - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:*64bit:* - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys ("CyberLink)
DRV:*64bit:* - (PcaSp60) -- C:\Windows\SysNative\drivers\PcaSp60.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:*64bit:* - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:*64bit:* - (vuhub) -- C:\Windows\SysNative\drivers\vuhub.sys ()
DRV - (PcaSp60) -- C:\Windows\SysWOW64\drivers\PcaSp60.sys (Printing Communications Assoc., Inc. (PCAUSA))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:*64bit:* - HKLM\..\SearchScopes\{5B5618EC-4F4F-4595-9EEE-F3BDC47CB55C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5B5618EC-4F4F-4595-9EEE-F3BDC47CB55C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/06/03 18:51:04 | 000,000,000 | ---D | M]


========== Chrome  ==========

CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Joseph24$\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (Avast Software s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [Energy Manager] C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe (Lenovo(beijing) Limited)
O4:*64bit:* - HKLM..\Run: [Lenovo Utility] C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe (Lenovo(beijing) Limited)
O4:*64bit:* - HKLM..\Run: [Onboard] C:\Program Files\Western Digital\WD SmartWare\BackupTask.exe /Onboard "C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe" File not found
O4:*64bit:* - HKLM..\Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:*64bit:* - HKLM..\Run: [RtsFT] C:\windows\RTFTrack.exe (Realtek semiconductor)
O4:*64bit:* - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [Lenovo App Shop] C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4:*64bit:* - HKLM..\RunOnce: [*WerKernelReporting] C:\windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found
O4:*64bit:* - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found
O4:*64bit:* - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found
O4:*64bit:* - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:*64bit:* - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.Interface.Install File not found
O4:*64bit:* - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install File not found
O4 - HKLM..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\f6538863-8545-45c1-ad66-dd66c9e4134e.exe (AVAST Software)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S3].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm®Atheros®)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74283C68-AE3F-44CB-9B51-2C767A8C54C1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B5AB6B3-97EE-477D-854D-39D2DEB2A800}: DhcpNameServer = 192.168.1.1
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/06/10 12:37:51 | 000,000,000 | ---D | C] -- C:\windows\pss
[2015/06/10 12:33:49 | 000,178,168 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/06/10 12:33:48 | 000,792,568 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/06/09 20:29:21 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\comctl32.dll
[2015/06/09 20:29:17 | 006,026,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2015/06/09 20:29:14 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2015/06/09 20:29:14 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2015/06/09 20:29:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2015/06/09 20:29:14 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2015/06/09 20:29:14 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2015/06/09 20:29:14 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2015/06/09 20:29:14 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2015/06/09 20:29:14 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2015/06/09 20:29:14 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2015/06/09 20:29:13 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2015/06/09 20:29:13 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2015/06/09 20:29:13 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2015/06/09 20:29:13 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2015/06/09 20:29:13 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2015/06/09 20:29:13 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2015/06/09 20:29:13 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2015/06/09 20:29:13 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2015/06/09 20:29:13 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2015/06/09 20:29:13 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2015/06/06 11:29:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rascfg.dll
[2015/06/06 11:29:09 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rascfg.dll
[2015/06/06 11:29:04 | 002,223,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2015/06/06 11:29:04 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2015/06/06 11:29:04 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2015/06/06 11:29:04 | 000,408,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2015/06/06 11:29:04 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2015/06/06 11:29:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2015/06/06 11:29:04 | 000,133,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2015/06/06 11:29:04 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2015/06/06 11:29:04 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2015/06/06 11:29:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2015/06/06 11:29:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2015/06/06 11:29:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2015/06/06 11:29:04 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2015/06/06 11:29:04 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2015/06/06 11:29:03 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\localspl.dll
[2015/06/06 11:29:03 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\puiobj.dll
[2015/06/06 11:29:03 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\puiobj.dll
[2015/06/06 11:29:03 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\compstui.dll
[2015/06/06 11:29:03 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rastapi.dll
[2015/06/06 11:29:03 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rastapi.dll
[2015/06/06 11:28:36 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msftedit.dll
[2015/06/06 11:28:36 | 002,483,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msftedit.dll
[2015/06/06 11:28:36 | 001,430,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\diagtrack.dll
[2015/06/06 11:28:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rgb9rast.dll
[2015/06/06 11:28:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UtcResources.dll
[2015/06/06 11:28:25 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authz.dll
[2015/06/06 11:28:24 | 003,633,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2015/06/06 11:28:24 | 002,749,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2015/06/06 11:28:24 | 002,551,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssrch.dll
[2015/06/06 11:28:24 | 001,920,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssrch.dll
[2015/06/06 11:28:24 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAutomationCore.dll
[2015/06/06 11:28:24 | 001,018,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAutomationCore.dll
[2015/06/06 11:28:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssvp.dll
[2015/06/06 11:28:24 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssvp.dll
[2015/06/06 11:28:24 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssph.dll
[2015/06/06 11:28:24 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mssph.dll
[2015/06/06 11:28:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SearchProtocolHost.exe
[2015/06/06 11:28:24 | 000,325,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBXHCI.SYS
[2015/06/06 11:28:24 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssphtb.dll
[2015/06/06 10:58:53 | 000,000,000 | ---D | C] -- C:\Users\Joseph24$\AppData\Local\GWX
[2015/06/05 19:33:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/06/04 18:24:03 | 001,020,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll
[2015/06/04 18:24:02 | 001,119,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2015/06/04 18:24:02 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll
[2015/06/04 18:24:02 | 000,700,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2015/06/04 18:24:02 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll
[2015/06/04 18:24:01 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll
[2015/06/04 18:24:00 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2015/06/04 18:24:00 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\acmigration.dll
[2015/06/03 18:59:47 | 000,000,000 | ---D | C] -- C:\windows\%LOCALAPPDATA%
[2015/06/03 18:51:05 | 000,364,472 | ---- | C] (Avast Software s.r.o.) -- C:\windows\SysNative\aswBoot.exe
[2015/06/03 18:51:02 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\windows\avastSS.scr
[2015/05/19 19:37:41 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2015/05/12 20:29:32 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2015/05/12 20:29:32 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2015/05/12 13:35:18 | 000,467,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2015/05/12 13:35:17 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\bthhfenum.sys
[2015/05/12 13:35:12 | 002,256,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dwmcore.dll
[2015/05/12 13:35:12 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dwmcore.dll
[2015/05/12 13:34:45 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Input.Inking.dll
[2015/05/12 13:34:45 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Input.Inking.dll
[2015/05/12 13:34:45 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ahcache.sys
[2015/05/12 13:34:44 | 002,819,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingsHandlers.dll
[2015/05/12 13:34:37 | 004,417,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dbgeng.dll
[2015/05/12 13:34:37 | 002,985,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dbgeng.dll
[2015/05/12 13:34:37 | 001,491,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dbghelp.dll
[2015/05/12 13:34:37 | 001,207,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dbghelp.dll
[2015/05/12 13:34:36 | 002,162,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SRH.dll
[2015/05/12 13:34:36 | 001,996,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2015/05/12 13:34:36 | 001,812,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SRH.dll
[2015/05/12 13:34:34 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PhotoMetadataHandler.dll
[2015/05/12 13:34:34 | 000,410,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\services.exe
[2015/05/12 13:34:34 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PhotoMetadataHandler.dll
[2015/05/12 13:34:34 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sdbinst.exe
[2015/05/12 13:34:34 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\sdbinst.exe
[2015/05/12 13:34:32 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpapisrv.dll
[2015/05/12 13:34:30 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2015/05/12 13:34:30 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certcli.dll
[2015/05/12 13:34:30 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certcli.dll
[2015/05/12 13:34:30 | 000,239,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\sdbus.sys
[2015/05/12 13:34:30 | 000,154,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpsd.sys
[2015/05/12 13:34:29 | 002,067,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpdshext.dll
[2015/05/12 13:34:23 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2015/05/12 13:34:21 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll

========== Files - Modified Within 30 Days ==========

[2015/06/10 12:52:23 | 000,865,408 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/06/10 12:52:23 | 000,732,688 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/06/10 12:52:23 | 000,136,262 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2015/06/10 12:47:17 | 000,067,584 | -HS- | M] () -- C:\windows\bootstat.dat
[2015/06/10 12:46:02 | 000,000,922 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/06/10 12:45:47 | 000,008,192 | ---- | M] () -- C:\windows\SysWow64\WDPABKP.dat
[2015/06/10 12:45:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/06/10 12:45:10 | 795,467,773 | -HS- | M] () -- C:\hiberfil.sys
[2015/06/10 12:37:57 | 000,023,040 | ---- | M] () -- C:\windows\SysNative\VfService.trf
[2015/06/10 12:36:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/06/10 12:33:04 | 000,000,926 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/06/10 12:32:54 | 005,038,040 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2015/06/03 18:51:03 | 000,442,264 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswSP.sys
[2015/06/03 18:51:03 | 000,364,472 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\aswBoot.exe
[2015/06/03 18:51:03 | 000,272,248 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2015/06/03 18:51:03 | 000,137,288 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswStm.sys
[2015/06/03 18:51:03 | 000,093,528 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2015/06/03 18:51:03 | 000,089,944 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2015/06/03 18:51:03 | 000,065,736 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2015/06/03 18:51:03 | 000,029,168 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2015/06/03 18:51:02 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\windows\avastSS.scr
[2015/06/03 18:51:00 | 001,047,320 | ---- | M] (Avast Software s.r.o.) -- C:\windows\SysNative\drivers\aswSnx.sys
[2015/06/03 09:18:09 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2015/06/03 09:18:09 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/05/27 16:58:18 | 824,505,699 | ---- | M] () -- C:\windows\MEMORY.DMP
[2015/05/26 13:12:39 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/05/25 06:23:31 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\UtcResources.dll
[2015/05/25 06:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\diagtrack.dll
[2015/05/22 20:14:51 | 000,341,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2015/05/22 20:05:06 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2015/05/22 20:04:50 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2015/05/22 19:48:21 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2015/05/22 19:47:55 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2015/05/22 19:37:45 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2015/05/22 19:14:55 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2015/05/22 12:00:47 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2015/05/22 12:00:25 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2015/05/22 11:52:21 | 006,026,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2015/05/22 11:48:50 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2015/05/22 11:47:12 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2015/05/22 11:47:03 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2015/05/22 11:24:10 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2015/05/22 11:23:45 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2015/05/22 11:21:18 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2015/05/22 11:06:53 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2015/05/22 11:05:06 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2015/05/22 10:49:25 | 002,865,152 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\actxprxy.dll
[2015/05/22 10:26:39 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2015/05/22 06:08:24 | 000,700,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2015/05/21 06:08:13 | 000,756,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll
[2015/05/21 06:08:13 | 000,422,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll
[2015/05/21 06:08:12 | 001,119,232 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2015/05/21 06:08:12 | 001,020,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll
[2015/05/21 06:08:12 | 000,193,536 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll
[2015/05/21 06:08:12 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\acmigration.dll
[2015/05/15 15:01:13 | 000,133,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2015/05/15 14:05:58 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2015/05/15 13:47:48 | 000,355,328 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WinSetupUI.dll
[2015/05/15 13:23:04 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2015/05/15 12:32:03 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2015/05/15 12:31:35 | 000,140,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2015/05/15 12:28:34 | 000,408,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WUSettingsProvider.dll
[2015/05/15 12:28:13 | 002,223,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2015/05/15 12:28:13 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2015/05/15 12:27:13 | 000,891,904 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2015/05/15 12:21:41 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2015/05/15 12:21:19 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2015/05/15 12:19:15 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2015/05/15 12:19:07 | 000,721,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll

========== Files Created - No Company Name ==========

[2015/06/06 11:29:06 | 000,410,336 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2015/02/06 15:54:25 | 000,107,008 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2015/02/06 15:53:59 | 000,046,080 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2015/01/05 20:04:23 | 000,007,628 | ---- | C] () -- C:\Users\Joseph24$\AppData\Local\Resmon.ResmonCfg
[2014/10/03 18:36:30 | 000,186,368 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/10/03 18:36:28 | 016,810,624 | ---- | C] () -- C:\windows\SysWow64\igd11dxva32.dll
[2014/04/29 14:20:16 | 000,002,255 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini
[2014/03/23 20:11:26 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\WDPABKP.dat
[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2013/12/05 05:19:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/12/05 05:17:57 | 000,881,814 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | -HS- | C] () -- C:\windows\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2014/06/06 18:54:20 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/12 10:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/12 10:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 18:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 17:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 18:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >


----------



## johnb35

Host app service belongs to the malware pokki.  How is the system since the cleaning?  I'll create an OTL fix here shortly.


----------



## johnb35

Rerun OTL but this time copy and paste the following into the custom scan/fixes box at the bottom and then click on run fix up top.




		Code:
	

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{5B5618EC-4F4F-4595-9EEE-F3BDC47CB55C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=L CJB
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5B5618EC-4F4F-4595-9EEE-F3BDC47CB55C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=L CJB
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\windows\SysNative\WerFault.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [MSKSSRV] rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSPCLOCK] rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} File not found
O4:64bit: - HKLM..\RunOnce: [MSPQM] rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.CxTransform] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\windows\inf\ksfilter.inf,MSTEE.In terface.Install File not found
O4:64bit: - HKLM..\RunOnce: [MSTEE.Splitter] rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\windows\inf\ksfilter.inf,MSTEE.In terface.Install File not found
O4:64bit: - HKLM..\RunOnce: [WDM_DRMKAUD] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\windows\inf\WDMAUDIO.inf,WDM_DRMK AUD.Interface.Install File not found
O4 - HKLM..\RunOnce: [20150107] C:\Program Files\AVAST Software\Avast\setup\emupdate\f6538863-8545-45c1-ad66-dd66c9e4134e.exe (AVAST Software)
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences


----------



## pjoseph

ok i will rerun OTL following your directions,

Do you happen to know how i can get the home button back?  It used to be at the bottom left side of the screen, it would bring up a menu like the older windows did with the start button.  I believe its called start button but the icon was of a house, now it has changed to a sheet of paper and when i click on it says "HostAppService.exe" that this shortcut refers to has been changed or moved.

thanks again


----------



## pjoseph

ok i ran OTL again following your directions above, did you need me to post anything from that, it did not show a text file after a reboot.


----------



## johnb35

Look in your installed programs and see if you have anything by the name of pokki start menu or anything pokki and uninstall it.  If you want a start menu for windows 8 then use classic shell.


----------



## pjoseph

i have a few things that list pokki as the publisher, see attached.
Just curious, what is the issue with pokki, i thought it came pre installed with the laptop but not sure.

anyway, let me know and i will remove them.

Thanks again for your help, appreciate it!


----------



## pjoseph

not sure why my image is so small, here is the list

Dropbox
Gmail for Pokki
Host App Service 
Hulu
Spotify
Start Menu 
Yahoo!

As i mentioned before all of the above list Pokki as the publisher.


----------



## johnb35

Pokki is considered malware.  I gave you the correct links for the software listed.  Uninstall everything and download from the links I gave you.  Not sure where you are downloading all your apps from but its causing you problems.  

Dropbox - www.dropbox.com
Gmail for Pokki - mail.google.com
Host App Service - uninstall
Hulu - www.hulu.com
Spotify - www.spotify.com
Start Menu - uninstall
Yahoo!-  www.yahoo.com

Use classic shell for your start menu.

http://www.classicshell.net/


----------



## pjoseph

I tried to uninstall each listed below and each one gave me the following message:

"An error occurred while trying to uninstall.  It may have already been uninstalled.
  Would you like to remove Yahoo from the programs and features list?"

not sure if this is an issue or not.

Thanks again


----------



## voyagerfan99

That means malwarebytes took care of them already.


----------



## pjoseph

o ok,

should i remove/delete all the files associated with the above listed programs?  
For example if i right click on the spotify icon and select "open file location" 
the following folders/programs are listed:
-data
-users
-collectionCache.bnk
-inst_ver.dat
-prefs
-spotify.exe
-Spotify_new.exe
-SpotifyLauncher.exe
-watchdog.bnk

Thanks again


----------



## johnb35

Use revouninstaller to completely get rid of those entries.  I'm sure there are a bunch of leftover files and registry entries that need to be removed.


----------

