Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Google Redirect Related, SD Card not working, Youtube (Google

Started by gmcjetpilot , Aug 23 2015 09:01 AM

  • This topic is locked This topic is locked

#1
gmcjetpilot
Posted 23 August 2015 - 09:01 AM

gmcjetpilot

    Member

  • Member
  • PipPip
  • 17 posts

Slow, some times typing text in forum very slow.

 

Google normal EXCEPT, search, select Image, view image, I get REDIRECT NOTICE. (see attached image)

Page has two hyperlinks, one for image, one previous page. I can select link to image and see it. 

 

Youtube is tied to Google+. Now the POST button is greyed out. I checked obvious things

Related? Not sure but SD Card reader stopped working. I have done many scans with different free scanners....

Here are two logs FarBar & HiJackThis. Thanks, sorry if I did not do this correctly, let me know I'll edit and correct it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-08-2015
Ran by George (administrator) on GEORGE-PC (23-08-2015 09:10:18)
Running from C:\Users\George\Desktop\New folder (2)
Loaded Profiles: George (Available Profiles: George)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Users\George\Desktop\New folder (2)\FRST64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-21] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-03-05] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-03-05] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2012-03-05] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2012-03-05] (Lenovo(beijing) Limited)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareTray.exe [9549808 2015-06-24] ()
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-03-05] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-23] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-05] (Google Inc.)
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-08-23] (SUPERAntiSpyware)
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1402640 2015-08-23] (Lavasoft)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-03-05]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RT-Updater.lnk [2015-08-10]
ShortcutTarget: RT-Updater.lnk -> C:\Ross-Tech\VCDS\VCDS.EXE (Ross-Tech, LLC)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-23] (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-03-05] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-2050137-3501644656-3156433736-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2050137-3501644656-3156433736-1000 -> DefaultScope {04655A78-3547-4B5A-BB17-1EEDE5148338} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2050137-3501644656-3156433736-1000 -> {04655A78-3547-4B5A-BB17-1EEDE5148338} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2050137-3501644656-3156433736-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D082315-A60FA26CFB78147A880F&form=CONBDF&conlogo=CT3332038&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2050137-3501644656-3156433736-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS636
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-23] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-23] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-16] (Google Inc.)
Toolbar: HKU\S-1-5-21-2050137-3501644656-3156433736-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-16] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-17] (Microsoft Corporation)
Winsock: Catalog9 01 C:\windows\SysWOW64\LavasoftTcpService.dll [345360 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9 02 C:\windows\SysWOW64\LavasoftTcpService.dll [345360 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9 03 C:\windows\SysWOW64\LavasoftTcpService.dll [345360 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9 04 C:\windows\SysWOW64\LavasoftTcpService.dll [345360 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9 16 C:\windows\SysWOW64\LavasoftTcpService.dll [345360 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-05-03] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\windows\system32\LavasoftTcpService64.dll [425744 2015-05-03] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{357E948A-96F5-4128-9712-1F1CA3017A91}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-23]

Chrome:
=======
CHR Profile: C:\Users\George\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-14]
CHR Extension: (Google Wallet) - C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-23] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [953632 2010-12-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe [716664 2015-06-24] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-08-23] (Lavasoft Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [16656 2015-08-23] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-23] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-23] (AVAST Software)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 RT-USB; C:\Windows\System32\drivers\RT-USB64.SYS [97152 2014-05-12] (Ross-Tech LLC)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-09-27] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SeaPort; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-23 09:09 - 2015-08-23 09:09 - 00003196 _____ C:\windows\System32\Tasks\{67BF96CB-87BD-4CFA-8E66-94D1D4ACF9FF}
2015-08-23 08:17 - 2015-08-23 08:17 - 00000000 ____D C:\Users\George\AppData\Roaming\AVAST Software
2015-08-23 08:14 - 2015-08-23 08:14 - 00003924 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-08-23 08:14 - 2015-08-23 08:14 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-23 08:14 - 2015-08-23 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-23 08:14 - 2015-08-23 08:13 - 00447944 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-08-23 08:14 - 2015-08-23 08:13 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-08-23 08:14 - 2015-08-23 08:13 - 00150672 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-08-23 08:14 - 2015-08-23 08:13 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-08-23 08:14 - 2015-08-23 08:13 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-08-23 08:14 - 2015-08-23 08:13 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-08-23 08:14 - 2015-08-23 08:13 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-08-23 08:13 - 2015-08-23 08:14 - 01048344 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2015-08-23 08:13 - 2015-08-23 08:13 - 01048856 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys.1440335667234
2015-08-23 08:13 - 2015-08-23 08:13 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-08-23 08:13 - 2015-08-23 08:13 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-08-23 08:11 - 2015-08-23 08:11 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-23 08:09 - 2015-08-23 08:10 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-23 00:58 - 2015-08-23 00:58 - 00000000 ____D C:\Users\George\AppData\Local\Lavasoft
2015-08-23 00:57 - 2015-08-23 01:00 - 00002321 _____ C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-08-23 00:57 - 2015-08-23 00:59 - 00000000 ____D C:\Users\George\AppData\Roaming\Lavasoft
2015-08-23 00:57 - 2015-08-23 00:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-08-23 00:56 - 2015-08-23 00:56 - 00000000 ____D C:\Program Files\Lavasoft
2015-08-23 00:55 - 2015-08-23 00:57 - 00000000 ____D C:\ProgramData\Lavasoft
2015-08-23 00:55 - 2015-08-23 00:55 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-08-23 00:48 - 2015-08-23 00:48 - 02009904 _____ C:\Users\George\Downloads\Adaware_Installer (1).exe
2015-08-23 00:46 - 2015-08-23 00:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\George\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 00:45 - 2015-08-23 00:45 - 05481336 _____ (Avast Software s.r.o.) C:\Users\George\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-08-23 00:14 - 2015-08-23 00:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-08-23 00:14 - 2015-08-23 00:14 - 00000000 ____D C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
2015-08-23 00:14 - 2015-08-23 00:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-23 00:14 - 2015-08-23 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-08-23 00:02 - 2015-08-23 00:33 - 00000112 _____ C:\windows\setupact.log
2015-08-23 00:02 - 2015-08-23 00:02 - 00000000 _____ C:\windows\setuperr.log
2015-08-23 00:00 - 2015-08-23 00:00 - 01605632 _____ C:\Users\George\Downloads\adwcleaner_5.003.exe
2015-08-22 23:59 - 2015-08-22 23:59 - 00000000 ____D C:\ProgramData\Google
2015-08-22 23:53 - 2015-08-22 23:53 - 04383777 _____ C:\Users\George\Downloads\tdsskiller.zip
2015-08-22 10:44 - 2015-08-22 10:44 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-22 10:44 - 2015-08-22 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-22 10:42 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-22 10:42 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-22 10:42 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-08-22 10:42 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-22 10:42 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-08-22 10:42 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-22 10:42 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-22 10:42 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-22 10:42 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-08-22 10:41 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-22 10:41 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-22 10:41 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-22 10:41 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-22 10:41 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-22 10:41 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-22 10:41 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-22 10:41 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-22 10:41 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-22 10:41 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-22 10:41 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-22 10:41 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-22 10:41 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-22 10:41 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-22 10:41 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-22 10:41 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-22 10:41 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-22 10:41 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-22 10:41 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-22 10:41 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-22 10:41 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-22 10:41 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-22 10:41 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-22 10:41 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-22 10:41 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-22 10:41 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-22 10:41 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-22 10:41 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-22 10:41 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-22 10:41 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-22 10:41 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-08-22 10:41 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-08-22 10:41 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-08-22 10:41 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-08-22 10:41 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-08-22 10:41 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-08-22 10:38 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-08-22 10:38 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-08-22 10:38 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-08-22 10:38 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-08-22 10:28 - 2015-08-22 10:28 - 00000000 ____D C:\Program Files (x86)\Ricoh
2015-08-19 17:36 - 2015-08-10 20:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-19 17:36 - 2015-08-10 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-19 17:36 - 2015-08-10 19:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-19 17:36 - 2015-08-10 19:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-13 07:04 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 07:04 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 16:36 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-11 16:36 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-11 16:36 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-11 16:36 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-11 16:36 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-11 16:36 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-11 16:36 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-11 16:36 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-11 16:36 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-11 16:36 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-11 16:36 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-11 16:36 - 2015-07-16 14:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-11 16:36 - 2015-07-16 14:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-11 16:36 - 2015-07-16 14:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-11 16:36 - 2015-07-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-08-11 16:35 - 2015-07-20 19:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-11 16:35 - 2015-07-20 19:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-11 16:35 - 2015-07-16 15:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-11 16:35 - 2015-07-16 15:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-11 16:35 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-11 16:35 - 2015-07-16 15:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-11 16:35 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-11 16:35 - 2015-07-16 15:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-11 16:35 - 2015-07-16 15:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-11 16:35 - 2015-07-16 15:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-11 16:35 - 2015-07-16 15:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-11 16:35 - 2015-07-16 15:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-11 16:35 - 2015-07-16 15:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 16:35 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-11 16:35 - 2015-07-16 14:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-11 16:35 - 2015-07-16 14:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-11 16:35 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-11 16:35 - 2015-07-16 14:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-11 16:35 - 2015-07-16 14:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-11 16:35 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-11 16:35 - 2015-07-16 14:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-11 16:35 - 2015-07-16 14:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-11 16:35 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-11 16:35 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-11 16:35 - 2015-07-16 14:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-11 16:35 - 2015-07-16 14:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-11 16:35 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-11 16:35 - 2015-07-16 14:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-11 16:35 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-11 16:35 - 2015-07-16 14:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-11 16:35 - 2015-07-16 14:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 16:35 - 2015-07-16 14:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-11 16:35 - 2015-07-16 14:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-11 16:35 - 2015-07-16 14:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-11 16:35 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-11 16:35 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-11 16:35 - 2015-07-16 14:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-11 16:35 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-11 16:35 - 2015-07-16 14:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-11 16:35 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-11 16:35 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-11 16:35 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-11 16:35 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-11 16:35 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-11 16:35 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-11 16:35 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-11 16:35 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-11 16:35 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-11 16:34 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-11 16:34 - 2015-07-16 15:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-11 16:34 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-11 16:34 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-11 16:34 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-11 16:34 - 2015-07-16 15:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-11 16:34 - 2015-07-16 15:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-11 16:34 - 2015-07-16 14:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-11 16:34 - 2015-07-16 14:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-11 16:34 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-11 16:34 - 2015-07-16 14:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-11 16:34 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-11 16:33 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-11 16:33 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-11 16:33 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-11 16:33 - 2015-07-30 13:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-11 16:33 - 2015-07-30 13:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-11 16:33 - 2015-07-30 13:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-11 16:33 - 2015-07-30 13:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-11 16:33 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-11 16:33 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-11 16:33 - 2015-07-30 12:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-11 16:33 - 2015-07-30 12:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-11 16:33 - 2015-07-30 12:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-11 16:33 - 2015-07-30 12:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-11 16:33 - 2015-07-30 11:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-11 16:33 - 2015-07-30 11:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-11 16:33 - 2015-07-30 11:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-11 16:33 - 2015-07-20 13:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-11 16:33 - 2015-07-20 13:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-11 16:33 - 2015-07-20 13:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-11 16:33 - 2015-07-20 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-11 16:33 - 2015-07-20 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-11 16:33 - 2015-07-20 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-11 16:33 - 2015-07-20 12:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-11 16:33 - 2015-07-20 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-11 16:33 - 2015-07-14 22:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-11 16:33 - 2015-07-14 22:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-11 16:33 - 2015-07-14 22:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-11 16:33 - 2015-07-14 22:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-11 16:33 - 2015-07-14 21:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-11 16:33 - 2015-07-14 21:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-11 16:33 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-11 16:33 - 2015-07-14 21:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-11 16:33 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-11 16:33 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-11 16:33 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-11 16:33 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-11 16:33 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-11 16:33 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-11 16:33 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-11 16:33 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-11 16:33 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-10 21:39 - 2015-08-10 21:39 - 00000722 _____ C:\Users\George\Desktop\serial num.txt
2015-08-09 20:48 - 2015-08-09 20:48 - 00000000 ____D C:\Program Files\Common Files\AV
2015-08-09 09:54 - 2015-08-09 09:54 - 00001083 _____ C:\Users\George\Documents - Shortcut.lnk
2015-08-08 21:18 - 2015-08-23 00:49 - 00028672 ___SH C:\Users\George\Thumbs.db
2015-08-04 16:22 - 2015-08-04 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-08-02 11:35 - 2015-08-02 11:57 - 00000000 ____D C:\Users\George\Desktop\New folder (4)
2015-07-30 18:21 - 2015-07-30 18:23 - 14239754 _____ C:\Users\George\Downloads\adsb_all.zip
2015-07-30 16:30 - 2015-07-30 16:30 - 00000561 _____ C:\Users\George\Desktop\temp2.txt
2015-07-29 18:40 - 2015-08-16 12:24 - 00000000 ____D C:\Users\George\Desktop\sdrsharp
2015-07-29 18:07 - 2015-07-29 18:50 - 01778032 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2015-07-29 18:07 - 2015-07-29 18:50 - 00000000 ____D C:\usb_driver
2015-07-29 18:00 - 2015-07-29 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-07-29 18:00 - 2015-07-29 18:00 - 00000000 ____D C:\Program Files\7-Zip
2015-07-29 17:24 - 2015-07-29 18:20 - 00000000 ____D C:\Program Files (x86)\HDSDR
2015-07-29 17:21 - 2015-07-29 17:21 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_WinUsb_01011.Wdf
2015-07-29 17:20 - 2015-07-29 17:20 - 05132802 _____ C:\Users\George\Downloads\zadig_v2.0.1.160.7z
2015-07-29 17:11 - 2015-07-29 17:21 - 01002728 _____ (Microsoft Corporation) C:\windows\system32\WinUSBCoInstaller2.dll
2015-07-29 17:11 - 2015-07-29 17:21 - 00000000 ____D C:\Users\George\usb_driver
2015-07-29 17:10 - 2015-07-29 17:11 - 05191512 _____ (akeo.ie) C:\Users\George\Downloads\zadig_2.1.2.exe
2015-07-29 17:09 - 2015-07-29 17:09 - 00000000 ____D C:\Users\George\Documents\sdr-install
2015-07-29 17:08 - 2015-07-29 17:08 - 00155240 _____ C:\Users\George\Downloads\sdr-install.zip
2015-07-29 17:08 - 2015-07-29 17:08 - 00000000 ____D C:\Users\George\Downloads\sdr-install
2015-07-29 17:00 - 2015-07-29 17:00 - 01755711 _____ (DG0JBJ ) C:\Users\George\Downloads\HDSDR_install.exe
2015-07-29 17:00 - 2015-07-29 17:00 - 00000000 ____D C:\Users\George\Documents\HDSDR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-23 09:10 - 2015-06-06 12:26 - 00000000 ____D C:\FRST
2015-08-23 09:09 - 2015-06-10 18:01 - 00000000 ____D C:\Users\George\Desktop\New folder (2)
2015-08-23 09:05 - 2015-06-06 12:14 - 00000000 ____D C:\AdwCleaner
2015-08-23 09:03 - 2012-03-05 10:25 - 00321905 _____ C:\FaceProv.log
2015-08-23 08:50 - 2012-03-05 10:32 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-23 08:48 - 2015-06-12 17:22 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-23 08:14 - 2015-06-09 19:04 - 01167450 _____ C:\windows\WindowsUpdate.log
2015-08-23 08:14 - 2009-07-13 23:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-23 08:14 - 2009-07-13 23:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-23 06:50 - 2012-03-05 10:32 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-23 00:59 - 2015-06-07 09:16 - 00000371 _____ C:\prefs.js
2015-08-23 00:59 - 2015-05-03 22:57 - 00000000 ____D C:\searchplugins
2015-08-23 00:57 - 2015-05-03 22:57 - 00425744 _____ (Lavasoft Limited) C:\windows\system32\LavasoftTcpService64.dll
2015-08-23 00:57 - 2015-05-03 22:57 - 00345360 _____ (Lavasoft Limited) C:\windows\SysWOW64\LavasoftTcpService.dll
2015-08-23 00:57 - 2015-05-03 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-08-23 00:40 - 2009-07-14 00:13 - 00781298 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-23 00:34 - 2012-03-05 10:25 - 00000000 ____D C:\ProgramData\VeriFace
2015-08-23 00:34 - 2012-03-05 10:19 - 00494182 _____ C:\windows\system32\fastboot.set
2015-08-23 00:33 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-23 00:14 - 2015-06-10 18:25 - 00001420 _____ C:\Users\George\Desktop\Rkill.txt
2015-08-22 23:45 - 2015-04-26 12:59 - 00000000 ____D C:\Users\George\AppData\Roaming\Skype
2015-08-22 10:50 - 2015-04-17 18:41 - 00000000 ___RD C:\Users\George\Desktop\shortcuts
2015-08-22 10:44 - 2015-04-26 12:59 - 00000000 ____D C:\ProgramData\Skype
2015-08-22 10:28 - 2012-03-05 09:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-22 09:48 - 2015-06-14 13:58 - 00000000 ____D C:\Users\George\AppData\Local\CrashDumps
2015-08-21 17:40 - 2015-04-17 18:02 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-18 23:39 - 2009-07-13 21:34 - 00450771 ____R C:\windows\system32\Drivers\etc\hosts.20150822-083803.backup
2015-08-13 08:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-08-13 07:23 - 2015-04-22 21:58 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 07:23 - 2015-04-22 21:58 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 07:23 - 2009-07-13 23:45 - 00437984 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-13 07:21 - 2015-04-17 21:35 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-13 07:21 - 2015-04-17 21:35 - 00000000 ____D C:\windows\system32\appraiser
2015-08-13 07:04 - 2015-04-22 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 06:58 - 2015-04-17 20:07 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 06:55 - 2015-04-17 20:07 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-11 17:48 - 2015-06-12 17:22 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 17:48 - 2015-04-20 06:15 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 17:48 - 2015-04-20 06:15 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-09 20:48 - 2015-04-17 22:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-09 14:11 - 2015-04-17 18:55 - 00001188 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-08-09 14:11 - 2015-04-17 18:55 - 00000000 ____D C:\Program Files\paint.net
2015-08-09 09:54 - 2015-04-17 17:23 - 00000000 ____D C:\Users\George
2015-08-06 21:34 - 2015-04-17 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VCDS
2015-08-04 16:23 - 2015-07-02 16:14 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-04 16:22 - 2015-07-02 16:14 - 00003554 _____ C:\windows\System32\Tasks\GarminUpdaterTask
2015-08-04 16:22 - 2015-07-02 16:14 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-07-29 18:36 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-29 18:18 - 2015-06-09 17:38 - 00000000 ____D C:\Program Files\HWiNFO64
2015-07-29 18:15 - 2011-02-22 06:19 - 00000000 ____D C:\windows\Panther
2015-07-29 17:11 - 2009-07-13 22:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-07-26 11:54 - 2015-05-03 22:39 - 00000000 ____D C:\Users\George\AppData\Local\Windows Live
2015-07-25 17:07 - 2015-04-17 21:35 - 00000000 ___SD C:\windows\system32\GWX
2015-07-25 11:23 - 2009-07-13 21:34 - 00450771 ____R C:\windows\system32\Drivers\etc\hosts.20150818-233948.backup

==================== Files in the root of some directories =======

2015-06-06 12:37 - 2015-06-07 08:38 - 0000115 _____ () C:\Users\George\AppData\Roaming\LogFile.txt
2015-05-30 13:37 - 2015-05-30 13:46 - 0007601 _____ () C:\Users\George\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\George\AppData\Local\Temp\70a7fa85-269a-43f1-9439-9b47574a5de1.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-13 07:53

==================== End of log ============================

 

 

For grins

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:09:41 AM, on 8/23/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17937)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files\AVAST Software\Avast\avastUi.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\George\Desktop\New folder (2)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Startup: RT-Updater.lnk = C:\Ross-Tech\VCDS\VCDS.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lavasofttcpservice.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.7.485.8398\AdAwareService.exe
O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: IE Search Set (SearchProtectionService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14841 bytes

Attached Thumbnails

  • Redirect Notice.jpg

Edited by gmcjetpilot, 23 August 2015 - 09:05 AM.

  • 0

Advertisements

#2
zep516
Posted 23 August 2015 - 03:42 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

You have two Anti Virus programs running.
1. Microsoft Security Client.
2. AVAST Software.

The real-time protection of two antivirus programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.[* ]Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
Please uninstall one of them.
Please post the "Additions.txt" Log it should be on your desktop, then we will proceed with a clean up.

Thanks
Joe :)
  • 0

#3
gmcjetpilot
Posted 29 August 2015 - 08:10 PM

gmcjetpilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Thanks so much :spoton: zep516. Will do and report back.

PS Apology on not getting back sooner. So busy this week.....

Thanks again. G


  • 0

#4
zep516
Posted 29 August 2015 - 08:26 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Good enough.

Thanks for posting.

Joe
  • 0

#5
gmcjetpilot
Posted 03 September 2015 - 01:59 AM

gmcjetpilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Good enough.

Thanks for posting.

Joe

OK Joe thanks. I think it's OK now (don't know how)... did a few things, most of all started removing all my anti-virus programs. However most of these added after the problem. I also reloaded IE11 and reset all the settings. That was a pain in that there was a lot of things to fix after that. Then I removed google toolbar and added it. Still no joy, but poking around, no more redirect on images from Google search and can post on Youtube. I think it was something to do with Google, virus or not. The SD card is dead but that is likely unrelated and some driver issue... although I updated that. It could be hardware... Cheers... Thanks for your help.


  • 0

#6
zep516
Posted 03 September 2015 - 05:15 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
There are still more issues in the log report. If you want to continue post the additions.txt log

Thanks
Joe
  • 0

#7
gmcjetpilot
Posted 05 September 2015 - 06:08 AM

gmcjetpilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

There are still more issues in the log report. If you want to continue post the additions.txt log

Thanks
Joe

Yes Sir!!! Please, let's clean this baby up.... G


  • 0

#8
zep516
Posted 17 September 2015 - 09:18 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP