Some work for you John

voyagerfan99

voyagerfan99

Master of Turning Things Off and Back On Again
Staff member
Computer is running slow. Ran the usual MBAR (removed a bunch of PUPS), ADW, JRT, and Combofix. Here's the Combofix log. Will run OTL shortly. Chrome is installed but is causing malicious pop-ups. It's not appearing in Programs and Features, so I manually removed it by deleting the program and appdata folders.

ComboFix 15-10-26.01 - will 10/26/2015 15:38:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2166 [GMT -4:00]
Running from: c:\users\will\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6664\AddOnDownloaded\06fda46e-43c1-481a-9eb2-9799f42e7f99.dll
c:\programdata\PCDr\6664\AddOnDownloaded\14d73fac-0439-4f06-9763-0341fab0d44f.dll
c:\programdata\PCDr\6664\AddOnDownloaded\1770287d-f115-443b-9fb7-268be5a136fc.dll
c:\programdata\PCDr\6664\AddOnDownloaded\1eec01b0-8ca5-44d8-a311-9e7f96e586dd.dll
c:\programdata\PCDr\6664\AddOnDownloaded\22c459c8-c377-484d-be71-cb488e22acc5.dll
c:\programdata\PCDr\6664\AddOnDownloaded\2c507aa3-5c72-4011-b9e1-3928beb6f336.dll
c:\programdata\PCDr\6664\AddOnDownloaded\3087e0df-b321-44c3-b144-fb94c30c8383.dll
c:\programdata\PCDr\6664\AddOnDownloaded\32de12dc-d8c3-42aa-adc7-6c4c6b126d9e.dll
c:\programdata\PCDr\6664\AddOnDownloaded\35b44250-4f9f-4c83-a518-a7c76d04314b.dll
c:\programdata\PCDr\6664\AddOnDownloaded\41a30eb5-952e-4dbb-ae28-5f8aa6520aba.dll
c:\programdata\PCDr\6664\AddOnDownloaded\48b34bb5-ff90-4d9e-b894-efe9b9fb83df.dll
c:\programdata\PCDr\6664\AddOnDownloaded\545e0921-6e62-4c80-bee9-427f48425c93.dll
c:\programdata\PCDr\6664\AddOnDownloaded\5bbfdaf0-4ed3-451e-8ae5-d6568a621a17.dll
c:\programdata\PCDr\6664\AddOnDownloaded\72db11e1-d2b2-4f9f-828a-5a68b9e7709f.dll
c:\programdata\PCDr\6664\AddOnDownloaded\7eb9d453-6936-472b-8a21-a9513eebbf65.dll
c:\programdata\PCDr\6664\AddOnDownloaded\7ee97e57-ddc8-4c67-a05d-8776b2353080.dll
c:\programdata\PCDr\6664\AddOnDownloaded\8c64e2ef-3080-4951-8358-e991c1695e4a.dll
c:\programdata\PCDr\6664\AddOnDownloaded\964840d8-cf70-45c0-a3db-802e021f9658.dll
c:\programdata\PCDr\6664\AddOnDownloaded\9ad177b0-ddcd-4cf6-ac35-969dc98b22db.dll
c:\programdata\PCDr\6664\AddOnDownloaded\9b664440-a1fb-457f-a208-c519fea54f87.dll
c:\programdata\PCDr\6664\AddOnDownloaded\9bd80958-c5f2-4f2f-aa6b-c45a01a4e97c.dll
c:\programdata\PCDr\6664\AddOnDownloaded\9cc8e4b9-2989-4941-94e1-8c5358218ffb.dll
c:\programdata\PCDr\6664\AddOnDownloaded\b451e5c8-cdbf-46b4-8e59-e9a05ebf3533.dll
c:\programdata\PCDr\6664\AddOnDownloaded\bb97e28d-bdfb-4fa4-902d-264275c5cb1b.dll
c:\programdata\PCDr\6664\AddOnDownloaded\c238c886-2790-4da6-895b-00c9110314ec.dll
c:\programdata\PCDr\6664\AddOnDownloaded\c27a8f9a-0718-4077-8610-9b1806d75bee.dll
c:\programdata\PCDr\6664\AddOnDownloaded\c502e200-e694-4725-9348-253ed2eac74c.dll
c:\programdata\PCDr\6664\AddOnDownloaded\dd1bac2a-784b-4124-895b-8444b4b4697b.dll
c:\programdata\PCDr\6664\AddOnDownloaded\f2ec559f-1bdc-49cf-8127-d220c2ff3e8e.dll
c:\windows\msdownld.tmp
Y:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2015-09-26 to 2015-10-26 )))))))))))))))))))))))))))))))
.
.
2015-10-26 19:51 . 2015-10-26 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-10-26 19:43 . 2015-10-26 19:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FADFB09D-5479-4C52-8667-E1DEBDBF6450}\offreg.4668.dll
2015-10-26 18:55 . 2015-10-26 18:55 -------- dc-h--w- c:\programdata\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
2015-10-26 18:52 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FADFB09D-5479-4C52-8667-E1DEBDBF6450}\mpengine.dll
2015-10-26 18:36 . 2015-10-26 18:36 -------- d-----w- c:\program files\CCleaner
2015-10-26 18:34 . 2015-10-26 18:34 20 ----a-w- c:\users\will\AppData\Roaming\appdataFr2.bin
2015-10-26 18:34 . 2015-10-26 18:36 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-26 18:32 . 2015-10-05 13:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-10-26 18:32 . 2015-10-05 13:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-10-26 18:32 . 2015-10-05 13:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-10-26 18:31 . 2015-10-26 18:32 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-10-22 13:13 . 2015-10-22 13:17 -------- d-----w- C:\AdwCleaner
2015-10-22 13:03 . 2015-10-22 13:03 -------- d-----w- c:\program files (x86)\Dell Update
2015-10-01 23:16 . 2015-10-01 23:48 -------- d-----w- c:\programdata\SupportAssistAgent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-26 18:50 . 2013-01-25 13:07 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-10-26 18:50 . 2013-01-25 13:07 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-11 15:53 . 2015-09-11 15:53 32464 ----a-w- c:\windows\system32\drivers\DDDriver64Dcsa.sys
2015-09-02 03:04 . 2015-09-18 00:10 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-18 00:10 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-18 00:10 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-18 00:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-18 00:10 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-18 00:10 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-18 00:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-18 00:10 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:51 . 2015-09-18 00:10 3209216 ----a-w- c:\windows\system32\win32k.sys
2015-09-02 01:47 . 2015-09-18 00:10 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-18 00:10 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-18 01:04 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-18 01:04 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-18 01:04 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-18 01:04 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-18 01:04 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-18 01:04 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-18 01:04 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-18 01:04 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-08-26 22:37 . 2015-01-20 20:06 134753440 ----a-w- c:\windows\system32\MRT.exe
2015-08-26 18:07 . 2015-09-18 00:09 2606080 ----a-w- c:\windows\system32\wuaueng.dll
2015-08-26 18:07 . 2015-09-18 00:09 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-08-26 18:07 . 2015-09-18 00:09 37888 ----a-w- c:\windows\system32\wups2.dll
2015-08-26 18:07 . 2015-09-18 00:09 36864 ----a-w- c:\windows\system32\wups.dll
2015-08-26 18:07 . 2015-09-18 00:09 3165696 ----a-w- c:\windows\system32\wucltux.dll
2015-08-26 18:07 . 2015-09-18 00:09 192000 ----a-w- c:\windows\system32\wuwebv.dll
2015-08-26 18:07 . 2015-09-18 00:09 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-08-26 18:06 . 2015-09-18 00:09 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-08-26 18:06 . 2015-09-18 00:09 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-08-26 18:06 . 2015-09-18 00:09 37376 ----a-w- c:\windows\system32\wuapp.exe
2015-08-26 18:06 . 2015-09-18 00:09 139776 ----a-w- c:\windows\system32\wuauclt.exe
2015-08-26 17:56 . 2015-09-18 00:09 93184 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-08-26 17:56 . 2015-09-18 00:09 30208 ----a-w- c:\windows\SysWow64\wups.dll
2015-08-26 17:56 . 2015-09-18 00:09 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-08-26 17:56 . 2015-09-18 00:09 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-08-26 17:55 . 2015-09-18 00:09 34816 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-08-18 01:42 . 2015-09-26 14:03 393304 ----a-w- c:\windows\system32\iedkcs32.dll
2015-08-15 06:48 . 2015-09-26 14:03 25190400 ----a-w- c:\windows\system32\mshtml.dll
2015-08-15 06:34 . 2015-09-26 14:03 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-15 06:33 . 2015-09-26 14:03 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2015-08-15 06:18 . 2015-09-26 14:03 66560 ----a-w- c:\windows\system32\iesetup.dll
2015-08-15 06:18 . 2015-09-26 14:04 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2015-08-15 06:17 . 2015-09-26 14:03 417792 ----a-w- c:\windows\system32\html.iec
2015-08-15 06:17 . 2015-09-26 14:03 585216 ----a-w- c:\windows\system32\vbscript.dll
2015-08-15 06:17 . 2015-09-26 14:03 2886144 ----a-w- c:\windows\system32\iertutil.dll
2015-08-15 06:17 . 2015-09-26 14:03 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2015-08-15 06:10 . 2015-09-26 14:03 54784 ----a-w- c:\windows\system32\jsproxy.dll
2015-08-15 06:09 . 2015-09-26 14:04 34304 ----a-w- c:\windows\system32\iernonce.dll
2015-08-15 06:06 . 2015-09-26 14:03 615936 ----a-w- c:\windows\system32\ieui.dll
2015-08-15 06:04 . 2015-09-26 14:04 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2015-08-15 06:04 . 2015-09-26 14:03 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2015-08-15 06:04 . 2015-09-26 14:03 817664 ----a-w- c:\windows\system32\jscript.dll
2015-08-15 06:04 . 2015-09-26 14:03 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-08-15 06:00 . 2015-09-26 14:03 5923328 ----a-w- c:\windows\system32\jscript9.dll
2015-08-15 05:57 . 2015-09-26 14:03 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2015-08-15 05:53 . 2015-09-26 14:03 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2015-08-15 05:53 . 2015-09-26 14:03 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-15 05:46 . 2015-09-26 14:04 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-15 05:42 . 2015-09-26 14:03 199680 ----a-w- c:\windows\system32\msrating.dll
2015-08-15 05:41 . 2015-09-26 14:03 92160 ----a-w- c:\windows\system32\mshtmled.dll
2015-08-15 05:40 . 2015-09-26 14:04 504832 ----a-w- c:\windows\SysWow64\vbscript.dll
2015-08-15 05:40 . 2015-09-26 14:03 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2015-08-15 05:39 . 2015-09-26 14:04 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39 . 2015-09-26 14:03 341504 ----a-w- c:\windows\SysWow64\html.iec
2015-08-15 05:39 . 2015-09-26 14:03 316928 ----a-w- c:\windows\system32\dxtrans.dll
2015-08-15 05:38 . 2015-09-26 14:04 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29 . 2015-09-26 14:03 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2015-08-15 05:29 . 2015-09-26 14:03 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-08-15 05:24 . 2015-09-26 14:04 720384 ----a-w- c:\windows\system32\ie4uinit.exe
2015-08-15 05:23 . 2015-09-26 14:03 801280 ----a-w- c:\windows\system32\msfeeds.dll
2015-08-15 05:22 . 2015-09-26 14:03 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2015-08-15 05:22 . 2015-09-26 14:03 2126336 ----a-w- c:\windows\system32\inetcpl.cpl
2015-08-15 05:16 . 2015-09-26 14:04 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:16 . 2015-09-26 14:03 14451712 ----a-w- c:\windows\system32\ieframe.dll
2015-08-15 05:10 . 2015-09-26 14:03 4520448 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-08-15 05:07 . 2015-09-26 14:03 2427392 ----a-w- c:\windows\system32\wininet.dll
2015-08-15 05:01 . 2015-09-26 14:03 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2015-08-15 05:01 . 2015-09-26 14:03 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:55 . 2015-09-26 14:03 1545728 ----a-w- c:\windows\system32\urlmon.dll
2015-08-15 04:43 . 2015-09-26 14:03 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2015-08-15 04:43 . 2015-09-26 14:03 1951232 ----a-w- c:\windows\SysWow64\wininet.dll
2015-08-14 23:28 . 2013-10-22 07:01 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-08-05 17:56 . 2015-09-26 14:07 1110016 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-05 17:56 . 2015-09-26 14:07 24576 ----a-w- c:\windows\system32\jnwmon.dll
2015-08-05 17:56 . 2015-09-26 14:07 275456 ----a-w- c:\windows\system32\InkEd.dll
2015-08-05 17:40 . 2015-09-26 14:07 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
2015-08-04 18:03 . 2015-09-18 00:11 692672 ----a-w- c:\windows\system32\winload.efi
2015-08-04 18:00 . 2015-09-18 00:11 616360 ----a-w- c:\windows\system32\winresume.efi
2015-08-04 17:56 . 2015-09-18 00:11 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-08-04 17:56 . 2015-09-18 00:11 59392 ----a-w- c:\windows\system32\appidapi.dll
2015-08-04 17:56 . 2015-09-18 00:11 32768 ----a-w- c:\windows\system32\appidsvc.dll
2015-08-04 17:55 . 2015-09-18 00:11 147456 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-08-04 17:55 . 2015-09-18 00:11 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-08-04 17:47 . 2015-09-18 00:11 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-08-04 16:58 . 2015-09-18 00:11 61440 ----a-w- c:\windows\system32\drivers\appid.sys
2015-07-30 18:06 . 2015-08-15 00:31 1180160 ----a-w- c:\windows\system32\FntCache.dll
2015-07-30 18:06 . 2015-08-15 00:31 1648128 ----a-w- c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x]
S2 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S2 DellUpdate;Dell Update Service;c:\program files (x86)\Dell Update\DellUpService.exe;c:\program files (x86)\Dell Update\DellUpService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 SupportAssistAgent;Dell SupportAssist Agent;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe;c:\program files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-08-14 23:38 995144 ----a-w- c:\program files (x86)\Google\Chrome\Application\44.0.2403.155\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-10-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-25 18:50]
.
2015-10-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3075051735-3273578085-3846755741-1000Core.job
- c:\users\will\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26 15:56]
.
2015-10-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3075051735-3273578085-3846755741-1000UA.job
- c:\users\will\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-26 15:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-10-03 1449984]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 172.16.3.43 172.16.3.10
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
c:\users\will\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application"
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-10-26 16:03:11
ComboFix-quarantined-files.txt 2015-10-26 20:03
.
Pre-Run: 430,948,974,592 bytes free
Post-Run: 430,278,107,136 bytes free
.
- - End Of File - - D1688AE3D193B8CAAEF9BC01D5F8C00C
 
Last edited:
OTL logfile created on: 10/26/2015 4:19:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18015)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 69.91% Memory free
7.60 Gb Paging File | 6.29 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 401.11 Gb Free Space | 88.94% Space Free | Partition Type: NTFS
Drive E: | 7.25 Gb Total Space | 7.22 Gb Free Space | 99.52% Space Free | Partition Type: FAT32

Computer Name: WILL-PC | User Name: will | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96d744857eeaf0f2445213d08032e5cc\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09e9b52418dba5729ace249cf0487675\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\82ecf48db57ddf66f74fca17b0f99453\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9c4c2749b3cc38c602b59ee4fd68a8b4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3d4521ea040737939f831af5a10cd6ad\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\a6265e4a24c4f8361d84fc84f10e9736\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


========== Services (SafeList) ==========

SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe File not found
SRV:64bit: - (DellDataVaultWiz) -- C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Inc.)
SRV:64bit: - (DellDataVault) -- C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Dell Inc.)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (SupportAssistAgent) -- C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.)
SRV - (DellUpdate) -- C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (DDDriver) -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys (Dell Computer Corporation)
DRV:64bit: - (DellProf) -- C:\Windows\SysNative\drivers\DellProf.sys (Dell Computer Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NAL) -- C:\Windows\SysNative\drivers\iqvw64e.sys (Intel Corporation )
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CFCACFE6-276D-4E2F-BDB3-2CA3599C2291}
IE:64bit: - HKLM\..\SearchScopes\{CFCACFE6-276D-4E2F-BDB3-2CA3599C2291}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6AC3C520-52BA-455C-BD9D-2E1E7096C486}
IE - HKLM\..\SearchScopes\{6AC3C520-52BA-455C-BD9D-2E1E7096C486}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\..\SearchScopes,DefaultScope = {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
IE - HKCU\..\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Unfriend Checker\FF\

[2013/03/12 17:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2015/10/26 15:51:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F07140B5-3251-441D-BAE3-06328BF4A950}: DhcpNameServer = 172.16.3.43 172.16.3.10
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/02/16 11:23:44 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/10/26 16:04:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015/10/26 15:51:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2015/10/26 15:36:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2015/10/26 15:36:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2015/10/26 15:36:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2015/10/26 15:35:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2015/10/26 15:34:39 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2015/10/26 15:34:06 | 005,636,933 | R--- | C] (Swearware) -- C:\Users\will\Desktop\ComboFix.exe
[2015/10/26 14:55:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1}
[2015/10/26 14:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/10/26 14:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/10/26 14:35:39 | 006,762,072 | ---- | C] (Piriform Ltd) -- C:\Users\will\Desktop\ccsetup511.exe
[2015/10/26 14:34:39 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/10/26 14:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/10/26 14:32:47 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/10/26 14:32:46 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/10/26 14:32:46 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/10/26 14:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/10/22 09:13:56 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/10/22 09:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Update
[2015/10/01 19:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportAssistAgent

========== Files - Modified Within 30 Days ==========

[2015/10/26 16:23:29 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/10/26 16:23:29 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/10/26 16:18:09 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/10/26 16:16:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/10/26 16:16:48 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2015/10/26 16:15:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/10/26 16:14:30 | 000,000,020 | ---- | M] () -- C:\Users\will\AppData\Roaming\appdataFr2.bin
[2015/10/26 16:11:26 | 000,002,285 | ---- | M] () -- C:\Users\will\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/10/26 16:11:26 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/10/26 16:01:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3075051735-3273578085-3846755741-1000UA.job
[2015/10/26 15:51:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/10/26 15:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/10/26 15:34:32 | 005,636,933 | R--- | M] (Swearware) -- C:\Users\will\Desktop\ComboFix.exe
[2015/10/26 14:36:25 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/10/26 14:36:10 | 006,762,072 | ---- | M] (Piriform Ltd) -- C:\Users\will\Desktop\ccsetup511.exe
[2015/10/26 14:32:52 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/10/22 10:19:10 | 000,782,964 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/10/22 10:19:10 | 000,662,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/10/22 10:19:10 | 000,122,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/10/11 19:21:56 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3075051735-3273578085-3846755741-1000Core.job
[2015/10/05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/10/05 09:50:10 | 000,109,272 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2015/10/26 16:10:08 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/10/26 16:10:07 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/10/26 15:36:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2015/10/26 15:36:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2015/10/26 15:36:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2015/10/26 15:36:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2015/10/26 15:36:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2015/10/26 14:34:43 | 000,000,020 | ---- | C] () -- C:\Users\will\AppData\Roaming\appdataFr2.bin
[2015/10/26 14:32:52 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/20 22:42:39 | 000,005,003 | ---- | C] () -- C:\Users\will\AppData\Roaming\UserTile.png
[2013/01/31 17:47:38 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/07/10 13:51:25 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/07/10 13:34:07 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/07/10 14:40:22 | 000,000,000 | ---D | M] -- C:\Users\will\AppData\Roaming\Leadertech
[2015/10/01 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\will\AppData\Roaming\PCDr
[2015/10/26 15:28:41 | 000,000,000 | ---D | M] -- C:\Users\will\AppData\Roaming\SoftGrid Client
[2013/01/25 12:39:25 | 000,000,000 | ---D | M] -- C:\Users\will\AppData\Roaming\TP

========== Purity Check ==========



< End of report >
 
Have you ran tdsskiller? And is it just Chrome and not any other browser? So Chrome wasn't listed in programs? Reinstalled chrome and checked addons? Any process or processes using up the cpu?
 
TDSSKiller didn't find anything. Reinstalled Chrome and it still didn't appear in Programs and Features. I will double check the PC tomorrow, as it's sitting on my desk at work.
 
Might want to run sfc /scannow for corrupt system files if its not showing up in programs. However, it just may be easier to do a fresh install.
 
RAM usage is moderate (around 45-50%). CPU usage is normal. Combofix and everything else seem decent. As long as you don't see anything in the logs.

I reinstalled Chrome again, but it still doesn't show up in Programs and Features, but it seems to be working normally and not giving me any pop-ups.

SFC did not find any errors. The disk could use a good defrag, which I'm doing now.
 
Just an OTL fix though.

Rerun OTL
Copy and paste the following into the custom scan/fixes box at the bottom and then click on the run fix button.

Code: 
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10272015_115807

Just as a side note, this is an Inspiron 14R. The right USB port was busted, so I stripped it down and replaced the daughter board. Fun stuff :cool:
 
You must log in or register to reply here.
Back
Top