I cannot get TinyWallet extension to stay removed.

Robert Zohn · Oct 24, 2014

TwinHeadedEagle, opps I caught the same virus, TinyWallet pop up ads. Can you please help me?

Much thanks!

-Robert

TwinHeadedEagle · Oct 24, 2014

Hello,

They call me TwinHeadedEagle around here, and I'll be working with you.

Before we start please read and note the following:

At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
Please attach all report using

button below. Doing this, you make it easier for me to analyze and fix your problem.
Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Right-click on

icon and select

Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.

In the main box please paste in the following script:

Code:

createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Robert Zohn · Oct 24, 2014

Zoek.exe v5.0.0.0 Updated 24-10-2014
Tool run by ValueElectronics on Fri 10/24/2014 at 17:52:26.35.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\ValueElectronics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKUTDVRL\zoek.exe [Scan all users] [Deep Scan] [Auto Clean]
===== Runcheck 17:53:59.40 =====
--- Create Environment Variables 17:54:00.45
--- Create System Restore Point 17:54:09.26
--- Checking Input 17:54:19.48
--- AU AppData Check 17:54:24.39
--- Remove From Windows Installer 17:54:26.31
--- Empty Folders Check 17:55:04.00
--- IE Startpage Check 17:55:09.96
--- Program Files DB Check 17:55:23.25
--- C:\Users\Default\AppData\Roaming DB Check 17:55:57.12
--- C:\Users\Default User\AppData\Roaming DB Check 17:55:57.12
--- C:\Users\UpdatusUser\AppData\Roaming DB Check 17:55:57.12
--- C:\Users\ValueElectronics\AppData\Roaming DB Check 17:55:57.12
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 17:55:57.12

Robert Zohn · Oct 24, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-10-2014
Ran by ValueElectronics at 2014-10-24 18:01:20
Running from C:\Users\ValueElectronics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\240VN613
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
calibre (HKLM-x32\...\{AB116F72-C91A-40F2-A25A-949B5D065EBB}) (Version: 2.3.0 - Kovid Goyal)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
Dexpot (HKCU\...\Dexpot) (Version: 1.6.13 - Dexpot GbR)
DSC/AA Factory Installer (Version: 3.5.6426.22 - PC-Doctor, Inc.) Hidden
DVD Architect Studio 5.0 (HKLM-x32\...\{3822E74F-08F8-11E3-99EE-F04DA23A5C58}) (Version: 5.0.186 - Sony)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
Intel(R) Chipset Device Software (Version: 10.0.13 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Management Engine Components (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (Version: 10.0.0.1168 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.2.1001 - Intel Corporation) Hidden
Intel(R) Update Manager (HKLM-x32\...\{AD6B46F2-FE21-496F-BE90-BE19AABE353C}) (Version: 2.2.12 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.35.127.1 - Intel Corporation) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 13.0 (64-bit) (HKLM\...\{402E168F-CC02-11E3-812F-F04DA23A5C58}) (Version: 13.0.932 - Sony)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 332.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.66 - NVIDIA Corporation)
NVIDIA Control Panel 332.66 (Version: 332.66 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3266 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.)
QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6909 - Realtek Semiconductor Corp.)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.7.6 - Shark007)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
x64 Components v4.7.6 (HKLM\...\Advanced x64Components_is1) (Version: 4.7.6 - Shark007)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2441111295-191220787-3265443465-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ValueElectronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2441111295-191220787-3265443465-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ValueElectronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2441111295-191220787-3265443465-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ValueElectronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2441111295-191220787-3265443465-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ValueElectronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2441111295-191220787-3265443465-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ValueElectronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
24-09-2014 07:00:55 Windows Update
04-10-2014 19:37:18 Windows Update
05-10-2014 07:00:11 Windows Update
13-10-2014 17:44:43 Windows Update
13-10-2014 17:47:15 Installed AVG 2015
13-10-2014 17:47:27 Installed AVG 2015
21-10-2014 22:00:11 Removed Visual Studio 2012 x64 Redistributables
21-10-2014 22:00:45 Removed Visual Studio 2012 x64 Redistributables
21-10-2014 22:01:04 Removed Visual Studio 2012 x86 Redistributables
21-10-2014 22:02:11 Removed Visual Studio 2012 x86 Redistributables
21-10-2014 22:02:57 Removed AVG 2015
21-10-2014 22:04:20 Removed AVG 2015
21-10-2014 22:17:49 Removed Visual Studio 2012 x64 Redistributables
21-10-2014 22:18:26 Removed Visual Studio 2012 x64 Redistributables
21-10-2014 22:20:00 Removed Visual Studio 2012 x64 Redistributables
21-10-2014 22:21:54 Removed Visual Studio 2012 x64 Redistributables
21-10-2014 22:22:42 Removed Visual Studio 2012 x86 Redistributables
21-10-2014 22:23:11 Removed Visual Studio 2012 x86 Redistributables
21-10-2014 22:23:24 Removed Visual Studio 2012 x86 Redistributables
22-10-2014 00:07:32 Windows Update
24-10-2014 21:54:11 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {36ACB6BD-B035-401A-A553-94F46A01DFAB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A2D082D-284F-423B-AD5A-4FE053C72410} - \bench-S-1-5-21-2441111295-191220787-3265443465-1002 No Task File <==== ATTENTION
Task: {4E2C77E9-6EC5-482E-B5D5-7814A0DFE0B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {70315B10-34D2-469B-8A69-806E14225EED} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe
Task: {75987F78-9928-489B-A3FB-4614A25DF5CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {75B8310C-FA79-4B9C-9F56-2204567F402E} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {88AF1D73-8DE2-4172-98EF-3F9E28A01F73} - \GPUP No Task File <==== ATTENTION
Task: {8EB45CC9-216F-4BEF-9651-12D6944CB8BB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {93CA6444-3F7C-4A9C-B71A-EA5385C36E55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-29] (Adobe Systems Incorporated)
Task: {94425F50-7461-4259-B755-0AF6E74E8B73} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {BE166120-E658-464B-B450-098F12DB5DE9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-01-17] ()
Task: {C37735A3-4360-4CC0-B52A-1D145D9430E5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {D968DA9D-FEFA-4F81-B073-69EC2120DA6C} - \bench-sys No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-29 18:57 - 2014-02-16 04:35 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-21 12:18 - 2013-04-06 00:27 - 02231296 _____ () C:\Windows\system32\ac3filter.acm
2014-07-29 19:02 - 2014-03-12 13:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-07-29 19:02 - 2014-03-12 13:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-07-29 19:02 - 2014-03-12 13:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-07-29 19:02 - 2014-04-30 11:35 - 00486880 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-10-24 17:52 - 2014-10-24 17:52 - 01290752 _____ () C:\Users\ValueElectronics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKUTDVRL\zoek.exe
2014-04-10 15:30 - 2014-04-10 15:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-02-19 19:51 - 2014-02-19 19:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-29 19:02 - 2013-12-17 18:47 - 01904928 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-07-29 19:02 - 2012-11-26 00:20 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-07-29 19:02 - 2012-11-26 00:20 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================
Administrator (S-1-5-21-2441111295-191220787-3265443465-500 - Administrator - Disabled)
Guest (S-1-5-21-2441111295-191220787-3265443465-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2441111295-191220787-3265443465-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-2441111295-191220787-3265443465-1000 - Limited - Enabled) => C:\Users\UpdatusUser
ValueElectronics (S-1-5-21-2441111295-191220787-3265443465-1002 - Administrator - Enabled) => C:\Users\ValueElectronics
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (10/24/2014 03:22:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/22/2014 10:42:22 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:21 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:20 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:19 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:18 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:17 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:37:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 09:15:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 08:44:28 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))

System errors:
=============
Error: (10/24/2014 03:23:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (10/24/2014 03:20:54 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff88001b27c1d, 0xfffff8800dd25930, 0x0000000000000000)C:\Windows\MEMORY.DMP102414-17362-01
Error: (10/24/2014 03:20:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:57:04 PM on ‎10/‎24/‎2014 was unexpected.
Error: (10/22/2014 10:38:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (10/22/2014 10:36:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.
Error: (10/22/2014 10:35:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (10/22/2014 10:35:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (10/22/2014 10:35:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (10/22/2014 10:33:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068
Error: (10/22/2014 10:33:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (10/24/2014 03:22:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/22/2014 10:42:22 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:21 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:20 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:19 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:18 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:42:17 AM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))
Error: (10/22/2014 10:37:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 09:15:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/21/2014 08:44:28 PM) (Source: iumsvc) (EventID: 255) (User: )
Description: Exception : ('Device Profile Push Failure', ProxyError(ProxyError('Cannot connect to proxy. Socket error: [Errno 10061] No connection could be made because the target machine actively refused it.',),))

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 13%
Total physical RAM: 16335.22 MB
Available physical RAM: 14091.89 MB
Total Pagefile: 32668.62 MB
Available Pagefile: 29488.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:912.18 GB) (Free:581.66 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:19.29 GB) (Free:8.95 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 5617E1FF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=19.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=912.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================

Robert Zohn · Oct 24, 2014

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by ValueElectronics (administrator) on VALUEELECTRONIC on 24-10-2014 18:00:42
Running from C:\Users\ValueElectronics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\240VN613
Loaded Profiles: UpdatusUser & ValueElectronics (Available profiles: UpdatusUser & ValueElectronics)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_182_ActiveX.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Users\ValueElectronics\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKUTDVRL\zoek.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-02-06] (Intel Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {9AB38540-4C23-4935-AEF7-2DC613465D51} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9AB38540-4C23-4935-AEF7-2DC613465D51} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {9AB38540-4C23-4935-AEF7-2DC613465D51} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9AB38540-4C23-4935-AEF7-2DC613465D51} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {5AFE4BD8-4EF3-465E-8613-B3C461714349} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {9AB38540-4C23-4935-AEF7-2DC613465D51} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
FireFox:
========
FF ProfilePath: C:\Users\ValueElectronics\AppData\Roaming\Mozilla\Firefox\Profiles\agwzpbmc.default
FF Homepage: https://search.yahoo.com/firefox/?fr=sfp-yff32
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\ValueElectronics\AppData\Roaming\Mozilla\Firefox\Profiles\agwzpbmc.default\user.js
FF Extension: TInuyWalleaT - C:\Users\ValueElectronics\AppData\Roaming\Mozilla\Firefox\Profiles\agwzpbmc.default\Extensions\0icfMlH@e.com [2014-10-21]
FF Extension: Yahoo! Toolbar - C:\Users\ValueElectronics\AppData\Roaming\Mozilla\Firefox\Profiles\agwzpbmc.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-24]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-21]
CHR Extension: (Google Docs) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-21]
CHR Extension: (Google Drive) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-21]
CHR Extension: (YouTube) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-21]
CHR Extension: (Google Search) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-21]
CHR Extension: (Google Sheets) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-21]
CHR Extension: (Google Wallet) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-21]
CHR Extension: (Gmail) - C:\Users\ValueElectronics\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-02-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-02-19] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-01-17] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-15] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [116736 2014-02-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 18:00 - 2014-10-24 18:00 - 00000000 ____D () C:\FRST
2014-10-24 17:54 - 2014-10-24 17:55 - 00001049 _____ () C:\zoek-results.log
2014-10-24 17:52 - 2014-10-24 18:01 - 00003132 _____ () C:\runcheck.txt
2014-10-24 17:52 - 2014-10-24 17:52 - 00000000 ____D () C:\zoek_backup
2014-10-24 15:21 - 2014-10-24 15:21 - 00000000 ___RD () C:\Users\ValueElectronics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-10-24 15:20 - 2014-10-24 15:20 - 00292536 _____ () C:\Windows\Minidump\102414-17362-01.dmp
2014-10-21 20:53 - 2014-10-21 20:53 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-21 20:50 - 2014-10-21 20:50 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-21 20:50 - 2014-10-21 20:50 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-21 20:50 - 2014-10-21 20:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-21 20:27 - 2014-10-24 15:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-21 20:27 - 2014-10-21 21:20 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-21 20:27 - 2014-10-21 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-21 20:27 - 2014-10-21 21:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-21 20:27 - 2014-10-21 20:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 20:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-21 20:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-21 20:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-21 19:57 - 2014-10-21 19:58 - 231648632 _____ (Symantec Corporation) C:\Users\ValueElectronics\Downloads\N360_21.1.0.18_SYMTB_PROMO_4_MRFTT_830_10145-US1.exe
2014-10-21 19:28 - 2014-10-21 19:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-21 18:56 - 2014-10-21 18:56 - 00000591 _____ () C:\Users\ValueElectronics\AppData\Roaming\Microsoft\Windows\Start Menu\Free Virus Scan Online Virus Scanner from ESET.website
2014-10-21 18:45 - 2014-10-21 18:45 - 32601272 _____ (Microsoft Corporation) C:\Users\ValueElectronics\Downloads\Windows-KB890830-x64-V5.17.exe
2014-10-21 18:44 - 2014-10-21 18:44 - 06494416 _____ (383 Media, Inc.) C:\Users\ValueElectronics\Downloads\DriverRestore.exe
2014-10-21 18:37 - 2014-10-21 18:37 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-21 18:37 - 2014-10-21 18:37 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-21 18:36 - 2014-10-21 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-21 18:36 - 2014-10-21 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-21 18:36 - 2014-10-21 18:36 - 00244032 _____ () C:\Users\ValueElectronics\Downloads\Firefox Setup Stub 33.0.exe
2014-10-21 18:00 - 2014-10-21 18:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-21 17:42 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-21 17:42 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-21 17:42 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-21 17:42 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-21 17:42 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-21 17:42 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-21 17:42 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-21 17:42 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-21 17:42 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-21 17:42 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-21 17:42 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-21 17:42 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-21 17:42 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-21 17:42 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-21 17:42 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-21 17:42 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-21 17:42 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-21 17:42 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-21 17:42 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-21 17:42 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-21 17:42 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-21 17:42 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-21 17:42 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-21 17:42 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-21 17:42 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-21 17:42 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-21 17:42 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-21 17:42 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-21 17:42 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-21 17:42 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-21 17:42 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-21 17:42 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-21 17:42 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-21 17:42 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-21 17:42 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-21 17:42 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-21 17:42 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-21 17:42 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-21 17:42 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-21 17:42 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-21 17:42 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-21 17:42 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-21 17:42 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-21 17:42 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-21 17:42 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-21 17:42 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-21 17:42 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-21 17:42 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-21 17:42 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-21 17:42 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-21 17:42 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-21 17:42 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-21 17:42 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-21 17:42 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-21 17:42 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-21 17:42 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-21 17:42 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-21 17:42 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-21 17:42 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-21 17:42 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-21 17:42 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-21 17:42 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-21 17:42 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-21 17:42 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-21 17:42 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-21 17:42 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-21 17:41 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-21 17:41 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-21 17:41 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-21 17:41 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-21 17:41 - 2014-09-04 22:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-21 17:41 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-21 17:41 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-21 17:41 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-21 17:41 - 2014-08-28 22:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-21 17:41 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-21 17:41 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-21 17:41 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-21 17:41 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-21 17:41 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-21 17:41 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-21 17:41 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-21 17:41 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-21 17:41 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-21 17:41 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-21 17:41 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-21 17:32 - 2014-10-24 15:20 - 833475031 _____ () C:\Windows\MEMORY.DMP
2014-10-21 17:32 - 2014-10-24 15:20 - 00000000 ____D () C:\Windows\Minidump
2014-10-21 17:32 - 2014-10-21 17:32 - 00292592 _____ () C:\Windows\Minidump\102114-32666-01.dmp
2014-10-13 13:47 - 2014-10-13 13:47 - 00000000 ____D () C:\Users\ValueElectronics\AppData\Roaming\TuneUp Software
2014-10-13 13:46 - 2014-10-21 18:05 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-13 13:46 - 2014-10-13 13:46 - 00000000 ____D () C:\Users\ValueElectronics\AppData\Local\MFAData
2014-10-13 13:45 - 2014-10-13 13:46 - 04579176 _____ (AVG Technologies) C:\Users\ValueElectronics\Downloads\avg_free_stb_all_2015_5315_cnet.exe
2014-10-13 13:37 - 2014-10-13 13:37 - 00003336 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-10-13 13:37 - 2014-10-13 13:37 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-10-13 13:35 - 2014-10-13 13:35 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-06 20:39 - 2014-10-13 14:05 - 00000000 ____D () C:\Program Files (x86)\TInuyWalleaT
2014-10-06 20:39 - 2014-10-06 20:39 - 00000394 __RSH () C:\ProgramData\ntuser.pol
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\ValueElectronics\AppData\Local\Torch
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\ValueElectronics\AppData\Local\Comodo
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\ValueElectronics\AppData\Local\Chromatic Browser
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Torch
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Google
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Comodo
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Guest
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\Users\Administrator
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\ProgramData\TInuyWalleaT
2014-10-06 20:39 - 2014-10-06 20:39 - 00000000 ____D () C:\ProgramData\e12ee7ae05d1cc4e
2014-10-06 20:21 - 2014-10-06 20:21 - 00000000 ____D () C:\Users\ValueElectronics\AppData\Roaming\Apple Computer
2014-10-04 20:01 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-04 20:01 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-24 17:43 - 2014-07-29 19:07 - 00022229 _____ () C:\Windows\SysWOW64\Gms.log
2014-10-24 17:43 - 2014-07-29 18:46 - 01159300 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 17:43 - 2014-07-29 18:46 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 17:33 - 2014-09-19 13:28 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 16:34 - 2014-09-19 13:28 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-24 15:28 - 2014-07-29 19:01 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-10-24 15:28 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 15:28 - 2009-07-14 00:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 15:25 - 2009-07-14 01:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 15:20 - 2014-09-19 13:28 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 15:20 - 2014-07-29 18:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-24 15:20 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 15:20 - 2009-07-14 00:51 - 00040147 _____ () C:\Windows\setupact.log
2014-10-22 12:02 - 2014-07-29 18:52 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2014-10-21 21:13 - 2010-11-20 23:47 - 00257134 _____ () C:\Windows\PFRO.log
2014-10-21 20:14 - 2009-07-14 00:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-21 20:13 - 2014-09-19 16:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-21 20:09 - 2014-09-19 16:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-21 20:07 - 2014-09-19 16:15 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-21 18:01 - 2014-09-20 13:02 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-10-21 17:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-06 20:39 - 2014-09-19 13:28 - 00000000 ____D () C:\Users\ValueElectronics\AppData\Local\Google
2014-10-06 20:39 - 2014-09-19 13:28 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-06 20:39 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-06 20:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-04 15:03 - 2014-09-19 13:46 - 00000000 ____D () C:\Users\ValueElectronics\Documents\Movie Studio Platinum 13.0 Projects
Some content of TEMP:
====================
C:\Users\ValueElectronics\AppData\Local\Temp\7za.exe
C:\Users\ValueElectronics\AppData\Local\Temp\bitool.dll
C:\Users\ValueElectronics\AppData\Local\Temp\fphtml.dll
C:\Users\ValueElectronics\AppData\Local\Temp\hijackthis.exe
C:\Users\ValueElectronics\AppData\Local\Temp\jdHg7.dll
C:\Users\ValueElectronics\AppData\Local\Temp\jdHg7.exe
C:\Users\ValueElectronics\AppData\Local\Temp\NirCmd.exe
C:\Users\ValueElectronics\AppData\Local\Temp\PEVZ.EXE
C:\Users\ValueElectronics\AppData\Local\Temp\remove.exe
C:\Users\ValueElectronics\AppData\Local\Temp\sed.exe
C:\Users\ValueElectronics\AppData\Local\Temp\shortcut.exe
C:\Users\ValueElectronics\AppData\Local\Temp\swreg.exe
C:\Users\ValueElectronics\AppData\Local\Temp\swxcacls.exe
C:\Users\ValueElectronics\AppData\Local\Temp\wget.exe
C:\Users\ValueElectronics\AppData\Local\Temp\zoek-delete.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-19 15:17
==================== End Of Log ============================

TwinHeadedEagle · Oct 25, 2014

Please attach all reports.

Robert Zohn · Oct 25, 2014

Thanks for the reply. Is this ok?

-Robert

TwinHeadedEagle · Oct 25, 2014

Yes, now run FRST following my instructions.

Robert Zohn · Oct 27, 2014

2 files attached, FRST & ADDITION.

-Robert

TwinHeadedEagle · Oct 27, 2014

You're infected with new variant of this malware that alters your Google Chrome. Reinstall of Google Chrome is needed. Tell me is everything all right when you finish this?

Robert Zohn · Oct 28, 2014

Thanks, I removed and reinstalled Google Chrome and don't see the ads. Will that fix Firefox's Tinywallet ads as well?

You provide a great service and I'm happy to make a donation and very sincerely appreciate your help!

-Robert

Robert Zohn · Oct 28, 2014

Forgot to ask it the uninstall and reinstall of Google Chrome fixes all of the new Malware issues?

-Robert

TwinHeadedEagle · Oct 28, 2014

Yes, try to reinstall Firefox too.

Search

I cannot get TinyWallet extension to stay removed.

Robert Zohn

New Member

TwinHeadedEagle

Level 41

Robert Zohn

New Member

Robert Zohn

New Member

Robert Zohn

New Member

TwinHeadedEagle

Level 41

Robert Zohn

New Member

Attachments

TwinHeadedEagle

Level 41

Robert Zohn

New Member

Attachments

TwinHeadedEagle

Level 41

Robert Zohn

New Member

Robert Zohn

New Member

TwinHeadedEagle

Level 41

Similar threads