Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Dregol Malware: HELP NEEDED

This is a discussion on Dregol Malware: HELP NEEDED within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I would like to thank you so much for your help first, I really need it and actually broke


 
 
Thread Tools Search this Thread
Old 05-21-2015, 03:51 PM   #1
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7


Mistake

Hello,
I would like to thank you so much for your help first, I really need it and actually broke down crying when I got this malware. I have been trying to rid myself of it and I think I have done so. I am sorry but I have already deleted various files and such, I have deleted everything with the word Dregol and I thought I was done. Although I incorrectly deleted google chrome and so I could not re-install it (or at least I think that is the case). Please help!!! I believe I got the malware when downloading and installing a iso for a play station 2 simulator (it wasn't me it was a friend doing it for no good reason >.<). It was called dregol and whenever I opened up any search engine it brought me to their website. I uninstalled firefox and chrome and found ways to delete it from being the primary source and how to manually delete it from my computer but I have not yet deleted it from chrome and I cannot re-install it. Everytime I try it says "Installation failed. The Google Chrome installer failed to start." Please help me it is distracting me and I REALLY need help. Thank you so much,
-a simple guy who needs help

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17356 BrowserJavaVersion: 10.60.2
Run by Thomas at 18:45:51 on 2015-05-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8061.4246 [GMT -4:00]
.
AV: Norton Security *Enabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
D:\Project\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxEM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\Music\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
C:\Users\Thomas\AppData\Local\Apps\2.0\8KNXZW9J.36B\XLQPW1YB.E9O\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
C:\Program Files (x86)\BenQ\Display Pilot\DTHtml.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~2\Raptr\raptr.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRA~2\Raptr\raptr_im.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Raptr\raptr_ep64.exe
C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyCrashService.exe
C:\Program Files (x86)\Razer\Core\RazerCore.exe
C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~2\NORTON~2\Engine\2220~1.31\navw32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Thomas\Downloads\ChromeSetup.exe
C:\Users\Thomas\AppData\Local\Temp\GUMACF1.tmp\GoogleUpdate.exe
C:\Users\Thomas\AppData\Local\Temp\GUMACF1.tmp\GoogleUpdateSetup.exe
C:\Program Files (x86)\GUMBF78.tmp\GoogleUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coieplg.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\coieplg.dll
uRun: [Spotify Web Helper] "C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6] "\\localhost\C$\@GMT-2015.05.15-23.44.09\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Spotify] "C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Raptr] "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
mRun: [StartCCC] "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT BEN] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -BEN
StartupFolder: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TP-LIN~1.LNK - C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4E329CEC-843A-43E2-86A5-71CEBD05F247} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4E329CEC-843A-43E2-86A5-71CEBD05F247}\4425F676562737 : DHCPNameServer = 192.168.1.1 167.206.245.135 167.206.245.136
TCP: Interfaces\{4E329CEC-843A-43E2-86A5-71CEBD05F247}\E435140254870727563737 : DHCPNameServer = 192.168.43.1
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\CoIEPlg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.2.0.31\CoIEPlg.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [iTunesHelper] "D:\Music\iTunes\iTunesHelper.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\q9zjyd9j.default\
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-2-21 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NSx64\1602000.01F\SymDS64.sys [2015-5-21 490712]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NSx64\1602000.01F\SymEFA64.sys [2015-5-21 1151704]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2015-3-16 73296]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\BASHDefs\20150519.001\BHDrvx64.sys [2015-5-19 1639128]
R1 ccSet_NS;NS Settings Manager;C:\Windows\System32\drivers\NSx64\1602000.01F\ccSetx64.sys [2015-5-21 165080]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.2.0.31\Definitions\IPSDefs\20150520.001\IDSviA64.sys [2015-5-20 671448]
R1 RzFilter;RzFilter;C:\Windows\System32\drivers\RzFilter.sys [2015-1-18 74432]
R1 SMR430;Symantec SMR Utility Service 4.3.0;C:\Windows\System32\drivers\SMR430.SYS [2015-5-21 108216]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NSx64\1602000.01F\Ironx64.sys [2015-5-21 271576]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NSx64\1602000.01F\symnets.sys [2015-5-21 565464]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-20 244736]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-5-21 314696]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 124568]
R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [2015-5-21 282528]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2015-1-19 122384]
R2 Razer Game Scanner Service;Razer Game Scanner;C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [2015-2-4 187072]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2014-6-30 32544]
R2 RzOvlMon;Razer Overlay Subsystem Emergency Service;C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe [2014-4-18 32960]
R2 rzpmgrk;rzpmgrk;C:\Windows\System32\drivers\rzpmgrk.sys [2015-1-18 37184]
R2 rzpnk;rzpnk;C:\Windows\System32\drivers\rzpnk.sys [2015-1-18 129600]
R2 RzSurroundVADStreamingService;RzSurroundVADStreamingService;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [2015-2-3 4250624]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2014-8-21 906432]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-5-21 142640]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-2-21 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-2-21 791024]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RzDxgk;RzDxgk;C:\Windows\System32\drivers\RzDxgk.sys [2015-1-18 129472]
R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2014-12-30 39592]
R3 rzmpos;rzmpos;C:\Windows\System32\drivers\rzmpos.sys [2014-12-30 35496]
R3 RZSURROUNDVADService;Razer Surround Audio Service;C:\Windows\System32\drivers\RzSurroundVAD.sys [2015-2-9 40640]
R3 rzudd;Razer Keyboard Driver;C:\Windows\System32\drivers\rzudd.sys [2014-12-30 177832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-10 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);C:\Windows\System32\drivers\RtTeam620.sys [2014-6-30 58512]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan620.sys [2014-6-30 32400]
S3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2014-6-9 32768]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);C:\Windows\System32\drivers\RtTeam60.sys [2014-6-30 58000]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-10 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-10 30208]
S3 VLAN;Realtek Virtual Adapter;C:\Windows\System32\drivers\RtVlan60.sys [2014-6-30 32400]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-7-10 1255736]
.
=============== Created Last 30 ================
.
2015-05-21 22:22:38 -------- d-----w- C:\Users\Thomas\AppData\Local\Google
2015-05-21 22:11:34 -------- d-----w- C:\Program Files (x86)\GUM97AC.tmp
2015-05-21 22:04:30 -------- d-----w- C:\NPE
2015-05-21 22:01:29 108216 ----a-w- C:\Windows\System32\drivers\SMR430.SYS
2015-05-21 22:01:12 -------- d-----w- C:\Users\Thomas\AppData\Local\NPE
2015-05-21 21:07:22 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2015-05-21 20:29:15 102616 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2015-05-21 20:29:15 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2015-05-21 20:29:11 916184 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\srtsp64.sys
2015-05-21 20:29:11 565464 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\symnets.sys
2015-05-21 20:29:11 490712 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\SymDS64.sys
2015-05-21 20:29:11 42200 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\srtspx64.sys
2015-05-21 20:29:11 271576 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\Ironx64.sys
2015-05-21 20:29:11 23568 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\SymELAM.sys
2015-05-21 20:29:11 165080 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\ccSetx64.sys
2015-05-21 20:29:11 1151704 ----a-r- C:\Windows\System32\drivers\NSx64\1602000.01F\SymEFA64.sys
2015-05-21 20:28:44 -------- d-----w- C:\Windows\System32\drivers\NSx64\1602000.01F
2015-05-21 20:28:44 -------- d-----w- C:\Windows\System32\drivers\NSx64
2015-05-21 20:28:42 -------- d-----w- C:\Program Files (x86)\Norton Security
2015-05-21 20:26:11 -------- d-----w- C:\ProgramData\NortonInstaller
2015-05-21 20:26:11 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2015-05-21 20:24:54 -------- d-----w- C:\ProgramData\Norton
2015-05-21 19:52:25 -------- d-----w- C:\Users\Thomas\AppData\Local\Chromium
2015-05-21 02:35:27 -------- d-----w- C:\Users\Thomas\AppData\Roaming\Tera_Awesomium
2015-05-21 02:31:52 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DC8A68D-ACC4-47D1-9DC6-8B0E05BCB6F6}\mpengine.dll
2015-05-19 21:31:50 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-05-16 21:29:48 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1640244D-A03E-4F30-B6C0-1F49B8439783}\gapaengine.dll
2015-05-15 23:47:29 -------- d-----w- C:\Users\Thomas\AppData\Local\Apple Computer
2015-05-15 23:47:28 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2015-05-15 23:47:12 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-15 23:47:12 -------- d-----w- C:\Program Files\iPod
2015-05-15 23:47:12 -------- d-----w- C:\Program Files (x86)\iTunes
2015-05-15 23:44:04 -------- d-----w- C:\Users\Thomas\AppData\Local\Apple
2015-05-15 23:43:50 -------- d-----w- C:\Program Files\Bonjour
2015-05-15 23:43:50 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-05-13 03:13:00 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:13:00 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 02:35:55 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-05-07 19:45:11 -------- d-----w- C:\Users\Thomas\Tracing
.
==================== Find3M ====================
.
2015-05-15 19:26:31 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-05-15 19:26:31 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-05-05 01:29:39 342016 ----a-w- C:\Windows\System32\schannel.dll
2015-05-05 01:12:49 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-04-27 19:28:36 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-04-27 19:28:35 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-04-27 19:28:35 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-04-27 19:26:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-04-27 19:22:57 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-04-27 19:22:57 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-04-27 19:22:53 112640 ----a-w- C:\Windows\System32\smss.exe
2015-04-27 19:22:47 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-04-27 19:22:46 43008 ----a-w- C:\Windows\System32\relog.exe
2015-04-27 19:22:35 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-04-27 19:22:34 104448 ----a-w- C:\Windows\System32\logman.exe
2015-04-27 19:22:26 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-04-27 19:22:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-04-27 19:21:37 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-04-27 19:18:37 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-04-27 19:18:25 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-04-27 19:11:55 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-04-27 19:11:54 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-04-27 19:08:02 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-04-27 19:05:40 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-04-27 19:05:35 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-04-27 19:05:34 635392 ----a-w- C:\Windows\SysWow64\tdh.dll
2015-04-27 19:05:32 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-04-27 19:05:29 92160 ----a-w- C:\Windows\SysWow64\sechost.dll
2015-04-27 19:05:29 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-04-27 19:05:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2015-04-27 19:05:17 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-04-27 19:05:11 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-04-27 19:04:45 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-04-27 19:04:37 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-04-27 19:04:33 641536 ----a-w- C:\Windows\SysWow64\advapi32.dll
2015-04-27 19:04:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2015-04-27 19:04:24 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-04-27 19:04:24 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-04-27 19:04:19 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-04-27 19:04:12 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-04-27 19:04:04 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-04-27 19:03:58 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-04-27 19:03:52 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-04-27 19:03:36 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-04-27 19:03:36 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-04-27 19:03:36 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-04-27 19:01:33 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-04-27 19:01:22 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-04-27 1848 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-04-27 17:57:32 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-04-27 17:57:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-04-27 17:55:03 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-04-27 17:55:03 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-27 17:55:03 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-27 17:55:03 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-04-21 14:33:27 1763328 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-04-21 14:33:25 524288 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-04-21 14:33:03 2864640 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-04-21 14:33:02 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-04-21 14:33:02 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2015-04-21 14:32:45 1441280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-04-21 13:53:34 2237440 ----a-w- C:\Windows\System32\wininet.dll
2015-04-21 13:53:29 601600 ----a-w- C:\Windows\System32\vbscript.dll
2015-04-21 13:52:53 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2015-04-21 13:52:51 67072 ----a-w- C:\Windows\System32\iesetup.dll
2015-04-21 13:52:51 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2015-04-21 13:52:36 1509376 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-04-20 03:17:07 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-04-20 02:56:29 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-04-20 02:11:23 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-04-18 03:10:57 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-04-18 0319 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-04-18 02:59:05 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2015-04-18 02:56:57 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-04-18 02:37:08 361984 ----a-w- C:\Windows\SysWow64\html.iec
2015-04-18 02:34:17 441856 ----a-w- C:\Windows\System32\html.iec
2015-04-18 02:12:40 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2015-04-18 02:09:03 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2015-04-13 03:28:33 328704 ----a-w- C:\Windows\System32\services.exe
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-03-25 03:24:41 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-03-25 03:24:41 3298816 ----a-w- C:\Windows\System32\wucltux.dll
2015-03-25 03:24:41 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-03-25 03:24:08 60416 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-03-25 03:23:58 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-03-25 03:23:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-03-25 03:00:57 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-03-25 03:00:57 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-03-25 03:00:15 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-03-23 03:25:15 726528 ----a-w- C:\Windows\System32\generaltel.dll
2015-03-23 03:25:01 769536 ----a-w- C:\Windows\System32\invagent.dll
2015-03-23 03:24:56 419840 ----a-w- C:\Windows\System32\devinv.dll
2015-03-23 03:24:54 957952 ----a-w- C:\Windows\System32\appraiser.dll
2015-03-23 03:24:53 30720 ----a-w- C:\Windows\System32\acmigration.dll
2015-03-23 03:24:53 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-03-23 03:24:53 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-03-23 03:17:39 1111552 ----a-w- C:\Windows\System32\aeinv.dll
2015-03-14 05:49:32 9728 ----a-w- C:\Windows\SysWow64\RzStats.IPC.dll
.
============= FINISH: 18:46:05.62 ===============
Attached Files
File Type: txt attach.txt (7.2 KB, 33 views)
HelpmeIamanoob is offline  
Sponsored Links
Advertisement
 
Old 05-22-2015, 06:51 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, Norton and Security Essentials.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Please choose one to keep and uninstall the other via Programs and Features in your Control Panel.

I suggest uninstalling Norton. If you do, after uninstalling Norton via Programs and Features, run this tool:

Please download the Norton Removal Tool and Save it to your Desktop.
  • Close all programs and double-click the Norton_Removal_Tool.exe then click Run
  • In Vista/Win7, right-click and choose 'Run as administrator'.
  • Follow the on-screen instructions.
  • Restart your computer if not prompted already.
  • Then delete Norton_Removal_Tool.exe from your desktop.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as Administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    chrome
    :regfind
    chrome
    {430FD4D0-B729-4F61-AA34-91526481799D}
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-27-2015, 06:23 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 05-27-2015, 05:23 PM   #4
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7


Mistake

Hello again!
Sorry I became really busy and couldn't be distracted with trying to fix my computer.
My now inactive thread can be found here:
https://www.techsupportforum.com/foru...ml#post6325826
I was being helped by chemist whom I love and I hope will be assisting me again and I have done the steps previously required. Here is as follows:

# AdwCleaner v4.205 - Logfile created 27/05/2015 at 20:05:34
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Thomas - CRONOS
# Running from : C:\Users\Thomas\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Run_Dregol
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17356


-\\ Mozilla Firefox v38.0.1 (x86 en-US)

[q9zjyd9j.default\prefs.js] - Line Deleted : user_pref("extensions.ui.lastCategory", "addons://search/Dregol");

-\\ Google Chrome v42.0.2311.152

[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

-\\ Chromium v

[C:\Users\Thomas\AppData\Local\Chromium\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://www.dregol.com/?f=1&a=drg_ir_15_21&cd=2XzuyEtN2Y1L1Qzu0EzzzyyE0FyC0EtAtC0FtD0AtC0D0B0DtN0D0Tzu0StCtBtAyCtN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtCtCtCtD0E0B0DtG0E0D0B0DtGyCtA0EyEtGtBtBtB0DtGtA0ByE0Bzz0AtB0Bzy0AtAtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0A0Czz0DtCtAtDtGyDzztAtCtGyE0FyCtBtG0BtC0CyCtGyC0CtDtB0D0E0EtA0ByCtA0F2QtN0A0LzutD&cr=1473208514&ir=&uref=chmm
[C:\Users\Thomas\AppData\Local\Chromium\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 1216307531AFE3ED01C0CE8DBEF5F91389D3DB8F070344A7B3C2C866316DBEC2"},"software_reporter":{"prompt_reason":"5A1EEE6610B0E60FAD44D731D9768B67743F2307846BA8C85E4A6884DBA2CC78","prompt_seed":"D12521B12F27ED8D55846D6FE25154BD22242084A3546A89F2435F0D6575A92E","prompt_version":"565C7DC33789AA140A0FFC230B569B2F592F494FD1FE1EF8BAEA97F43DB5B49E"},"sync":{"remaining_rollback_tries":"330199A48C5F90321D74BF4A3B8CAD4B7FF7FA5817F414DCBE4E6C2F52FBDA56"}},"super_mac":"A875A6CC4971A8DD6EDFAD2D2256B6E109FB2582BDCD1973781580841B383A54"},"search_provider_overrides":[{"encoding":"UTF-8","favicon_url":"hxxp://www.dregol.com/favicon.ico

*************************

AdwCleaner[R0].txt - [2611 bytes] - [27/05/2015 20:03:22]
AdwCleaner[R1].txt - [2670 bytes] - [27/05/2015 20:04:37]
AdwCleaner[S0].txt - [2574 bytes] - [27/05/2015 20:05:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2633 bytes] ##########


(This is me again. I see that dregol I was talking about ^_^. -well that is bad- But at least I know what I am talking about.... a bit .... lol....)

Also----
SystemLook 30.07.11 by jpshortstuff
Log created at 20:19 on 27/05/2015 by Thomas
Administrator - Elevation successful

========== folderfind ==========

Searching for "chrome"
C:\Program Files (x86)\Google\Chrome d------ [23:51 27/05/2015]
C:\Users\Thomas\AppData\Local\Google\Chrome d------ [02:24 22/05/2015]
C:\Users\Thomas\Downloads\LOLPBE\LOLPBE\RADS\projects\lol_air_client\releases\0.0.3.99\deploy\assets\images\chrome d------ [22:17 11/04/2015]
C:\Users\Thomas\Downloads\LOLPBE\LOLPBE\RADS\projects\lol_air_client\releases\0.0.3.99\deploy\mod\chrome d------ [22:00 15/05/2015]

========== regfind ==========

Searching for "chrome"
[HKEY_CURRENT_USER\Software\Google\Chrome]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IEDevTools\Options\UAString]
"Chrome"="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\new_chrome.exe]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\new_chrome.exe]
@="C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\new_chrome.exe]
"Path"="C:\Users\Thomas\AppData\Roaming\Google Chrome"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"b"="chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
"a"="chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"d"="chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithList]
"b"="chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6"=""\\localhost\C$\@GMT-2015.05.15-23.44.09\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window"
[HKEY_CURRENT_USER\Software\Classes\.htm\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_CURRENT_USER\Software\Classes\.html\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_CURRENT_USER\Software\Classes\.shtml\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_CURRENT_USER\Software\Classes\.webp\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_CURRENT_USER\Software\Classes\.xht\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_CURRENT_USER\Software\Classes\.xhtml\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M]
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M]
@="Chrome HTML Document"
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M\DefaultIcon]
@="C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe,0"
[HKEY_CURRENT_USER\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M\shell\open\command]
@=""C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe" -- "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.htm\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.html\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xht\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgids]
"ChromeHTML"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\9A1221D6FB710CE4182F723DE03C7010]
"FTRE_ChromeExt"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
@=""C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\delegate_execute.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable"="C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\delegate_execute.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription"="Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A69CE4F71F991D49BAF2BA1BAD45E7B]
"9A1221D6FB710CE4182F723DE03C7010"="02:\Software\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\Path"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\354433B0BB9EE124885E18D1A23507B5]
"9A1221D6FB710CE4182F723DE03C7010"="C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\888F0C474265D6B4B800C4DD39CBD8D8]
"9A1221D6FB710CE4182F723DE03C7010"="02:\Software\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\update_url"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F44B90A6224F5A8409BDD243E2D8D579]
"9A1221D6FB710CE4182F723DE03C7010"="02:\Software\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\Version"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A1221D6FB710CE4182F723DE03C7010\Features]
"FTRE_ChromeExt"="S4}Z&)JE991D,Q,rS!IEJ=p)J(zaE?KPPj4)Z.`XBu'[email protected]@T7IY+jEo+d0cYTM[[email protected]=[*RU"
[HKEY_LOCAL_MACHINE\SOFTWARE\RegisteredApplications]
"Google Chrome"="Software\Clients\StartMenuInternet\Google Chrome\Capabilities"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]
"Path"="C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"name"="Google Chrome binaries"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"name"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{8A69D345-D564-463c-AFF1-A69D9E530F96}\Commands\on-os-upgrade]
"CommandLine"=""C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\setup.exe" --on-os-upgrade --multi-install --chrome --system-level --verbose-logging"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{FDA71E6F-AC4C-4a00-8B70-9958A68906BF}]
"name"="Google Chrome App Launcher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"UninstallString"="C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}]
"ap"="-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"ap"="-multi-chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallString"="C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\setup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"UninstallArguments"=" --uninstall --multi-install --chrome --system-level"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}]
"LastInstallerSuccessLaunchCmdLine"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"=""C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"Localized Name"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
@=""C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\delegate_execute.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32]
"ServerExecutable"="C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\delegate_execute.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome]
@="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationDescription"="Google Chrome is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Google Chrome."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationIcon"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities]
"ApplicationName"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".htm"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".html"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".shtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xht"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".xhtml"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\FileAssociations]
".webp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\Startmenu]
"StartMenuInternet"="Google Chrome"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"ftp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"http"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"https"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"irc"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mailto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"mms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"news"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"nntp"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"sms"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"smsto"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"tel"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"urn"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\Capabilities\URLAssociations]
"webcal"="ChromeHTML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\DefaultIcon]
@="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"HideIconsCommand"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ShowIconsCommand"=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Google Chrome\shell\open\command]
@=""C:\Program Files (x86)\Google\Chrome\Application\chrome.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\RegisteredApplications]
"Google Chrome"="Software\Clients\StartMenuInternet\Google Chrome\Capabilities"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{81968E54-0917-448E-9183-4EBADFE7889C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{81968E54-0917-448E-9183-4EBADFE7889C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{81968E54-0917-448E-9183-4EBADFE7889C}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome|"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Google\Chrome]
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Internet Explorer\IEDevTools\Options\UAString]
"Chrome"="Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\new_chrome.exe]
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\new_chrome.exe]
@="C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\App Paths\new_chrome.exe]
"Path"="C:\Users\Thomas\AppData\Roaming\Google Chrome"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
"a"="chrome.exe"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"d"="chrome.exe"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithList]
"b"="chrome.exe"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6"=""\\localhost\C$\@GMT-2015.05.15-23.44.09\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\.htm\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\.html\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\.shtml\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\.webp\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\.xht\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\.xhtml\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M]
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M]
@="Chrome HTML Document"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M\DefaultIcon]
@="C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe,0"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M\shell\open\command]
@=""C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe" -- "%1""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\.htm\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\.html\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\.shtml\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\.webp\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\.xht\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\.xhtml\OpenWithProgids]
"ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M"=""
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M]
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M]
@="Chrome HTML Document"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M\DefaultIcon]
@="C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe,0"
[HKEY_USERS\S-1-5-21-2573500612-1803532104-3785521816-1000_Classes\ChromeHTML.QGXCERLOMS7MISFO7XSCPIZZ5M\shell\open\command]
@=""C:\Users\Thomas\AppData\Roaming\Google Chrome\new_chrome.exe" -- "%1""

Searching for "{430FD4D0-B729-4F61-AA34-91526481799D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}]

-= EOF =-


(In addition I assume I should keep you updated. A quick fix I used to fix the problem of chrome not installing was to copy and paste a version using a flash drive. The issue with this was that I still could not uninstall chrome in "Uninstall a Program" nor could I re install chrome properly. Sorry for being inactive I will try to check the website everyday after school from now on. Thanks so much!)

-Noob
HelpmeIamanoob is offline  
Old 05-27-2015, 08:43 PM   #5
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7



A side note should be that whenever I use AdwCleaner and I scan and I go to the Chrome tab dregol remains no matter how many times I use the cleaning option. This is most likely because I didn't UNINSTALL chrome but I DELETED the files within the folder. I believe that re installing chrome or figuring out how to properly uninstall it from where I am will be the solution to removing dregol from my computer.
A neighbor says my directory is most likely out of whack... I am not sure if that helps.
Thanks again!
-Noob
HelpmeIamanoob is offline  
Old 05-28-2015, 07:33 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Noob. You're very welcome. Sorry you are having trouble.

Are you sure you don't want me to refer to you by something other than Noob?

------------------------------------------------------

Quote:
whenever I use AdwCleaner and I scan and I go to the Chrome tab dregol remains no matter how many times I use the cleaning option
I know this may be difficult, but going forward, please follow my directions and do no fixing on your own.

It would make it almost impossible to keep track of my fixes if you do more than I ask. Thanks.

As it has been a while since you first posted, I need to see some fresh logs before we proceed.

Did you uninstall Norton and run the removal tool?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

Create a system repair disc

You can also download recovery software if you don't have an installation DVD:

Microsoft Software Recovery

------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-28-2015, 01:54 PM   #7
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7



Hey Chemist!
You can continue to call me noob or Thomas if you prefer haha, either way works for me. Sorry! I will make sure not to do anything until told so from now on. Also I would like to ask if it is okay if I continue to use my computer to type up work and play games?

As for your first steps about recovery... When I built my computer I was short on money and didn't want to pay anything I didn't have to so I never bought an optical disc drive. Instead when I installed windows 7 I used a flash drive to boot up the computer. I do still have my windows 7 DVD with the software though. As for documents I need to save I should be good considering I do all of my work using google drive sheets etc so I do not need to save any files. But it is important to note I was not able to make a system repair disc due to lacking an ODD. Please tell me what you would like me to do about this issue.

As for the scans I will post all results below. Thanks again,
-Thomas

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Thomas (administrator) on CRONOS on 28-05-2015 16:39:58
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available Profiles: Thomas)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) D:\Project\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) D:\Music\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Curse) C:\Users\Thomas\AppData\Local\Apps\2.0\8KNXZW9J.36B\XLQPW1YB.E9O\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Portrait Displays, Inc) C:\Program Files (x86)\BenQ\Display Pilot\dthtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyCrashService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\RazerCore.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => D:\Music\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-05-14] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [590144 2015-04-22] (Razer Inc.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] ()
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-11-12] (Portrait Displays, Inc.)
HKU\S-1-5-21-2573500612-1803532104-3785521816-1000\...\Run: [Spotify Web Helper] => C:\Users\Thomas\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2022968 2015-05-21] (Spotify Ltd)
HKU\S-1-5-21-2573500612-1803532104-3785521816-1000\...\Run: [GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6] => "\\localhost\C$\@GMT-2015.05.15-23.44.09\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-2573500612-1803532104-3785521816-1000\...\Run: [Spotify] => C:\Users\Thomas\AppData\Roaming\Spotify\Spotify.exe [7298616 2015-05-21] (Spotify Ltd)
HKU\S-1-5-21-2573500612-1803532104-3785521816-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2014-06-30]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2015-02-04] ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2573500612-1803532104-3785521816-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\bin\ssv.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\bin\jp2ssv.dll No File
DPF: HKLM-x32 {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} https://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} https://content.systemrequirementslab...l_4.5.24.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload2.macromedia.com/ge...sh/swflash.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\q9zjyd9j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> D:\Program Files\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> D:\Program Files\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2573500612-1803532104-3785521816-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2014-12-25] ()
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\q9zjyd9j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-21]
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-21]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-21]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-21]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-21]
CHR Extension: (Google Sheets) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-21]
CHR Extension: (Bookmark Manager) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-21]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-21]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-21]
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-09-28] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3299328 2014-11-26] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-21] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-02-04] ()
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4250624 2015-02-03] (A-Volute) [File not signed]
R2 VMAuthdService; D:\Project\vmware-authd.exe [87256 2015-01-16] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc)
R1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [32768 2014-06-09] (Windows (R) Win 7 DDK provider)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [35496 2014-12-30] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-02-04] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2015-02-09] (Windows (R) Win 7 DDK provider)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [32400 2012-09-01] (Realtek Corporation)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2015-01-16] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 16:39 - 2015-05-28 16:40 - 00019120 _____ () C:\Users\Thomas\Desktop\FRST.txt
2015-05-28 16:39 - 2015-05-28 16:39 - 00000000 ____D () C:\FRST
2015-05-28 16:37 - 2015-05-28 16:37 - 02108928 _____ (Farbar) C:\Users\Thomas\Desktop\FRST64.exe
2015-05-27 20:19 - 2015-05-27 20:19 - 00047372 _____ () C:\Users\Thomas\Downloads\SystemLook.txt
2015-05-27 20:18 - 2015-05-27 20:18 - 00165376 _____ () C:\Users\Thomas\Downloads\SystemLook_x64.exe
2015-05-27 20:03 - 2015-05-27 23:40 - 00000000 ____D () C:\AdwCleaner
2015-05-27 20:02 - 2015-05-27 20:02 - 02223104 _____ () C:\Users\Thomas\Desktop\AdwCleaner.exe
2015-05-24 20:41 - 2015-05-24 22:45 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Tera_Awesomium
2015-05-23 21:16 - 2015-05-23 21:16 - 00000000 ____D () C:\Program Files (x86)\GUMA2F2.tmp
2015-05-23 21:15 - 2015-05-23 21:15 - 00880208 _____ (Google Inc.) C:\Users\Thomas\Downloads\ChromeSetup.exe
2015-05-23 21:15 - 2015-05-23 21:15 - 00000000 ____D () C:\Program Files (x86)\GUM5550.tmp
2015-05-23 20:54 - 2015-05-27 19:51 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-23 20:51 - 2015-05-23 20:51 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2015-05-21 18:22 - 2015-05-23 21:09 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Google
2015-05-21 18:04 - 2015-05-21 18:06 - 00000000 ____D () C:\NPE
2015-05-21 18:01 - 2015-05-21 18:07 - 00000000 ____D () C:\Users\Thomas\AppData\Local\NPE
2015-05-21 17:30 - 2015-05-21 17:30 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-05-21 17:30 - 2015-05-21 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-21 17:29 - 2015-05-21 17:29 - 00243344 _____ () C:\Users\Thomas\Downloads\Firefox Setup Stub 38.0.1.exe
2015-05-21 16:28 - 2015-05-21 16:28 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-21 16:24 - 2015-05-27 19:59 - 00000000 ____D () C:\ProgramData\Norton
2015-05-21 16:24 - 2015-05-21 16:31 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-05-21 16:24 - 2015-05-21 16:24 - 01037936 _____ (Symantec Corporation) C:\Users\Thomas\Downloads\NSDownloader.exe
2015-05-21 16:24 - 2015-05-21 16:24 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-05-21 15:52 - 2015-05-21 17:07 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Chromium
2015-05-15 19:47 - 2015-05-18 15:39 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Apple Computer
2015-05-15 19:47 - 2015-05-15 19:47 - 00001522 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-15 19:47 - 2015-05-15 19:47 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Apple Computer
2015-05-15 19:47 - 2015-05-15 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-15 19:47 - 2015-05-15 19:47 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-15 19:47 - 2015-05-15 19:47 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-15 19:47 - 2015-05-15 19:47 - 00000000 ____D () C:\Program Files\iPod
2015-05-15 19:47 - 2015-05-15 19:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-15 19:47 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-15 19:44 - 2015-05-15 19:44 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-15 19:44 - 2015-05-15 19:44 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Apple
2015-05-15 19:44 - 2015-05-15 19:44 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-15 19:43 - 2015-05-15 19:47 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-15 19:43 - 2015-05-15 19:43 - 00000000 ____D () C:\ProgramData\Apple
2015-05-15 19:43 - 2015-05-15 19:43 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-15 19:43 - 2015-05-15 19:43 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-15 19:38 - 2015-05-15 19:40 - 152362800 _____ (Apple Inc.) C:\Users\Thomas\Downloads\iTunes6464Setup.exe
2015-05-12 23:13 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:13 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 22:36 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 22:36 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 22:36 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 22:36 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 22:36 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 22:36 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 22:36 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 22:36 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 22:36 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 22:36 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 22:36 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 22:36 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 22:36 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 22:36 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 22:36 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 22:36 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 22:36 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 22:36 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 22:36 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 22:36 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 22:36 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 22:36 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 22:36 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 22:36 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 22:36 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 22:36 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 22:36 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 22:36 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 22:36 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 22:36 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 22:36 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 22:36 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 22:36 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 22:36 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 22:36 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 22:36 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 22:36 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 22:36 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 22:35 - 2015-04-21 10:33 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 22:35 - 2015-04-21 10:33 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 22:35 - 2015-04-21 10:32 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 22:35 - 2015-04-21 09:53 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 22:35 - 2015-04-21 09:53 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 22:35 - 2015-04-21 09:53 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 22:35 - 2015-04-21 09:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 22:35 - 2015-04-21 09:53 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 22:35 - 2015-04-21 09:52 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 22:35 - 2015-04-21 09:52 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 22:35 - 2015-04-21 09:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 22:35 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 22:35 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 22:35 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 22:35 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 22:35 - 2015-04-17 23:06 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 22:35 - 2015-04-17 22:59 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 22:35 - 2015-04-17 22:37 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 22:35 - 2015-04-17 22:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 22:35 - 2015-04-17 22:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-12 22:35 - 2015-04-17 22:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-12 22:35 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 22:35 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 22:35 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 22:35 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 22:35 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 22:35 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 22:35 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 22:35 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 22:35 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 22:35 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 22:35 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 22:35 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 22:35 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 22:35 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-07 15:45 - 2015-05-07 15:45 - 00000000 ____D () C:\Users\Thomas\Tracing

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 16:34 - 2009-07-14 01:13 - 00786022 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-28 16:31 - 2009-07-14 00:51 - 00088210 _____ () C:\Windows\setupact.log
2015-05-28 16:26 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 16:26 - 2009-07-14 00:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 16:22 - 2015-01-04 00:30 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Spotify
2015-05-28 16:22 - 2014-06-30 19:07 - 01629016 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 16:19 - 2015-01-04 00:29 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Spotify
2015-05-28 16:19 - 2014-07-15 20:17 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Raptr
2015-05-28 16:19 - 2014-06-30 12:43 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2015-05-28 16:19 - 2014-06-30 12:36 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Deployment
2015-05-28 16:18 - 2015-03-16 22:02 - 00000000 ____D () C:\ProgramData\VMware
2015-05-28 16:18 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 23:14 - 2015-02-12 21:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-27 19:59 - 2010-11-20 23:47 - 00557262 _____ () C:\Windows\PFRO.log
2015-05-27 19:54 - 2014-11-15 22:39 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{CB4469CF-B17D-4065-9F3D-D2D01703BA54}
2015-05-27 19:45 - 2015-02-09 18:47 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-24 18:52 - 2014-07-15 20:17 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-05-24 18:20 - 2014-11-27 11:56 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-21 22:42 - 2014-06-30 12:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Google
2015-05-21 22:23 - 2014-07-14 00:56 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Curse
2015-05-21 18:04 - 2014-10-12 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-21 17:30 - 2014-10-12 15:21 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 15:51 - 2014-08-24 20:25 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Battle.net
2015-05-18 20:28 - 2015-01-14 20:11 - 00000000 ____D () C:\Users\Thomas\Desktop\New Folder
2015-05-15 15:26 - 2015-02-12 21:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-15 15:26 - 2014-11-03 20:38 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2015-05-15 15:26 - 2014-07-12 14:04 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-15 15:26 - 2014-07-12 14:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-14 21:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 16:04 - 2014-06-30 12:37 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-13 16:04 - 2014-06-30 12:37 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 15:36 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 15:36 - 2009-07-14 00:45 - 00268008 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 15:36 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-12 23:17 - 2014-06-30 11:35 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-12 23:17 - 2014-06-30 11:35 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-12 23:17 - 2014-06-30 11:35 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-12 23:17 - 2014-06-30 11:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-12 23:16 - 2014-07-10 22:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-12 23:14 - 2014-07-10 22:13 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-12 23:12 - 2014-07-10 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-12 23:12 - 2014-07-10 22:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-12 23:12 - 2014-07-10 22:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-12 22:30 - 2014-08-24 20:24 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-07 15:45 - 2014-06-30 16:08 - 00000000 ____D () C:\Users\Thomas
2015-05-07 15:44 - 2014-06-30 12:43 - 00000000 ____D () C:\ProgramData\Skype
2015-05-06 17:08 - 2014-06-30 11:35 - 00060032 _____ () C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT

==================== Files in the root of some directories =======

2014-10-21 21:15 - 2014-10-21 21:15 - 0007594 _____ () C:\Users\Thomas\AppData\Local\Resmon.ResmonCfg
2014-06-30 12:11 - 2014-06-30 12:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-27 21:13

==================== End of log ============================




CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.CWNADZ
----- EOF -----
Attached Files
File Type: txt Addition.txt (50.4 KB, 20 views)
HelpmeIamanoob is offline  
Old 05-28-2015, 01:57 PM   #8
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7



Hey,
Quick note, when I wrote
" I do still have my windows 7 DVD with the software though"
I was typing fast. I meant that I have the windows 7 DVD with the OS on it and that I have the key code as well, I accidentally typed software instead
HelpmeIamanoob is offline  
Old 05-28-2015, 10:21 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Thomas. You're very welcome.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKLM-x32\...\Run: [] => [X]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\bin\jp2ssv.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> D:\Program Files\bin\dtplugin\npDeployJava1.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> D:\Program Files\bin\plugin2\npjp2.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
    FirewallRules: [{97A5304B-5B4C-4002-8743-E52ED0E6F1E3}] => (Allow) C:\Users\Thomas\AppData\Local\Temp\7zS4394.tmp\SymNRT.exe
    FirewallRules: [{2AB47D33-4399-4CFD-85BF-8B269E58F21B}] => (Allow) C:\Users\Thomas\AppData\Local\Temp\7zS4394.tmp\SymNRT.exe
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D} /f
    Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} /f
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------

You should be able to re-install Chrome now. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-29-2015, 12:21 PM   #10
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7



Hey Chemist,
I LOVE YOU SO MUCH CHROME INSTALLED!!!!! First let me say, thank you so much for all you have done up to this point and second here is the Fixlog contents you wanted me to post in my response.

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Thomas at 2015-05-29 15:14:43 Run:1
Running from C:\Users\Thomas\Desktop
Loaded Profiles: Thomas (Available Profiles: Thomas)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\bin\jp2ssv.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> D:\Program Files\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> D:\Program Files\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
FirewallRules: [{97A5304B-5B4C-4002-8743-E52ED0E6F1E3}] => (Allow) C:\Users\Thomas\AppData\Local\Temp\7zS4394.tmp\SymNRT.exe
FirewallRules: [{2AB47D33-4399-4CFD-85BF-8B269E58F21B}] => (Allow) C:\Users\Thomas\AppData\Local\Temp\7zS4394.tmp\SymNRT.exe
Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D} /f
Reg: reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} /f
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key Removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key Removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.60.2" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key Removed successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi => Moved successfully.
gupdate => Service Removed successfully
gupdatem => Service Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{97A5304B-5B4C-4002-8743-E52ED0E6F1E3} => value Removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AB47D33-4399-4CFD-85BF-8B269E58F21B} => value Removed successfully

========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D} /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} /f =========

The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => Removed 554.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:15:25 ====


~Thomas
HelpmeIamanoob is offline  
Old 05-29-2015, 05:03 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Thomas. You're very welcome! Any remaining problems? How is the machine behaving?

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.1.6.1022.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the scan log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 7 Update 60

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-30-2015, 05:11 AM   #12
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7


Smile

Hey Chemist,
My computer has been working as it normally does and although when I have been playing some games they sometimes crash I believe it is due to server because my computer has been doing this since I built it and it happens very rarely. Also the ESET scan found nothing. Here is the log for Malwarebytes attached.
Thank you,
~Thomas
Attached Files
File Type: txt ScanLog1.txt (1.8 KB, 47 views)
HelpmeIamanoob is offline  
Old 05-30-2015, 01:24 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Thomas. You're very welcome.

If you no longer see Dregol...

Congratulations. Well done! Your logs appear clean. You should be good to go.
  • Go to Computer > System properties > System protection > Configure.
  • Check 'Turn off system protection' > Apply > Yes > OK.
  • Now turn it back on > Configure
  • Check 'Restore system settings and previous versions of files'.
  • Click Apply > OK > OK.
This will flush out older infected System Restore Points and create one fresh, clean System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Important

Due to continued exploits of zero-day vulnerabilities in Oracle's Java application, it is the recommendation of many security experts, as well as the TSF Security Team, that you disable Java in your web browsers.

Java

US-CERT Alert TA13-010A - Oracle Java 7 Security Manager Bypass Vulnerability

We recommend disabling Java in your browsers, and enabling it only when needed by certain websites.

Please disable Java in your browser(s) by following these instructions:

How do I disable Java in my web browser?

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

Backup and Restore - Microsoft Windows

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows 7 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-30-2015, 02:18 PM   #14
Registered Member
 
Join Date: May 2015
Posts: 8
OS: Windows 7


Smile

Hey Chemist,
Awesome thanks so much! You are an amazing person and I can't believe that this website actually has people like you who actually know what they are doing. I will make sure to keep my computer safe for the future!
-Thomas
HelpmeIamanoob is offline  
Old 05-30-2015, 03:33 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Thomas! Thanks for the kind words.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Stubborn malware in HP2000 laptop
Hello everyone, I need help with the family's laptop, it's a Hewlet Packard 2000 which came with Windows 7 installed but due to an upgrade program from retailer, it's running on Windows 8 now, it worked good for at least 2 years then it started having strange performance issues like having to click...
Jo-Diaz02 Resolved HJT Threads 24 01-05-2014 06:56 PM
Malware Removal Help Needed - deleting ie, music & pictures
DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 Run by Doug McBride at 17:58:02 on 2013-08-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.1515 . AV: Kaspersky PURE 2.0 *Enabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky PURE...
Masterk3y Inactive Malware Help Topics 3 08-21-2013 06:20 PM
Android malware samples jump six-fold in Q2
Article includes... Android malware samples jump six-fold in Q2 | ZDNet
JMH3143 Computer Security News 0 07-25-2013 08:34 PM
Android malware still rising despite Google's security improvements
Android’s 2012 security overhaul hasn't stopped the volume of global threats targeting the mobile OS continuing to rise at an alarming rate, F-Secure’s latest mobile threat report has found. The company noticed 51,447 unique Android malware samples in the third quarter, an unexpectedly huge jump...
Glaswegian Computer Security News 0 11-05-2012 01:27 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:32 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts