Thank you RKinner.
She's still running on Vista so it's not that.
Good idea about the remote operation, but I'll have to ask her, of course.
Was round there today and did the FRST scan. Results:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by Gardenia (administrator) on GARDENIA-PC (05-10-2015 16:05:42)
Running from C:\Users\Gardenia\Desktop\Desktop
Loaded Profiles: Gardenia (Available Profiles: Gardenia)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-12] (Gteko Ltd.)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-26] (Google Inc.)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"English" /KBD:2
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA0CBC1A-4F4F-485E-A313-96B6BD0320CF}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-690159537-611873118-1648271922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070329
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.national-lottery.co.uk/player/p/home.ftl?org.apache.struts.taglib.html.TOKEN=9b581235f744d1b14295b6af7a5ee129
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> URL hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> {15AC7096-4349-47F7-B3E8-49228671E053} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=CCA1651C-647D-4C37-8AE9-03E72C506251&apn_sauid=1E4CE90F-7863-4083-A2FD-B10549B02B4B
SearchScopes: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll [2006-11-17] (Dell Inc.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll [2006-03-06] ()
FireFox:
========
FF ProfilePath: C:\Users\Gardenia\AppData\Roaming\Mozilla\Firefox\Profiles\t9s7hy7l.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://www.national-lottery.co.uk/sign-in
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-01]
CHR Extension: (YouTube) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-13]
CHR Extension: (Google Search) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Gmail) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-13]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1942224 2015-01-30] (Dell Inc.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () [File not signed]
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-08-29] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [20688 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [19984 2015-01-30] (Dell Computer Corporation)
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) [File not signed]
R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-05 16:01 - 2015-10-05 16:05 - 00000000 ____D C:\FRST
2015-10-05 16:00 - 2015-10-05 16:00 - 01697792 _____ (Farbar) C:\Users\Gardenia\Downloads\FRST.exe
2015-10-02 16:21 - 2015-10-02 16:23 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-02 16:21 - 2015-10-02 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 16:21 - 2015-10-02 16:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-02 16:21 - 2015-06-18 09:47 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-02 16:21 - 2015-06-18 09:47 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-02 16:20 - 2015-10-02 16:20 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Gardenia\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-09-11 21:56 - 2015-10-05 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-11 19:58 - 2015-09-11 19:58 - 00000104 _____ C:\Users\Gardenia\Desktop\Internet - Shortcut.lnk
2015-09-09 02:05 - 2015-08-13 15:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-09 02:05 - 2015-08-13 15:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-09 02:04 - 2015-09-02 22:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 02:04 - 2015-09-02 22:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 02:02 - 2015-07-10 15:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 02:01 - 2015-09-02 22:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 02:01 - 2015-09-02 20:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 02:01 - 2015-09-02 20:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 02:01 - 2015-08-05 16:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 00:33 - 2015-08-17 18:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 00:33 - 2015-08-17 18:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 00:33 - 2015-08-17 18:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 00:33 - 2015-08-17 18:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 00:33 - 2015-08-17 18:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 00:33 - 2015-08-17 18:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 00:33 - 2015-08-17 18:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 00:33 - 2015-08-17 18:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 00:33 - 2015-08-17 18:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-09 00:33 - 2015-08-17 18:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-09 00:33 - 2015-08-17 18:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-05 16:02 - 2014-10-22 16:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-05 15:59 - 2007-03-29 00:26 - 01579020 _____ C:\Windows\WindowsUpdate.log
2015-10-05 15:57 - 2010-10-20 15:11 - 00000000 ____D C:\ProgramData\MFAData
2015-10-05 15:52 - 2013-06-07 21:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-10-05 15:52 - 2013-05-31 18:00 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-10-05 15:52 - 2010-09-03 21:59 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 15:52 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 15:52 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 15:52 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 00:46 - 2006-11-02 14:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-05 00:19 - 2014-11-03 16:20 - 00000000 ____D C:\Program Files\Full Tilt UK
2015-10-04 23:52 - 2010-09-03 21:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 23:04 - 2008-03-12 01:12 - 00000000 ____D C:\Users\Gardenia\AppData\Local\PokerStars.UK
2015-10-03 14:49 - 2010-07-16 20:11 - 00092540 _____ C:\Windows\PFRO.log
2015-10-02 16:59 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\nap
2015-10-02 16:27 - 2010-08-18 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-10-02 16:21 - 2010-08-18 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-02 16:18 - 2014-11-03 16:22 - 00000000 ____D C:\Users\Gardenia\AppData\Local\FullTilt UK
2015-09-25 14:55 - 2012-12-13 01:32 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 21:03 - 2013-07-06 09:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-21 21:03 - 2013-03-01 17:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-17 13:26 - 2014-10-22 12:31 - 00000844 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-17 13:26 - 2014-04-25 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-12 15:09 - 2013-01-10 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-09 17:34 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 17:23 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2015-09-09 16:58 - 2006-11-02 13:47 - 00290336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 16:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 01:59 - 2013-08-15 00:16 - 00000000 ____D C:\Windows\system32\MRT
==================== Files in the root of some directories =======
2011-12-28 23:52 - 2012-01-23 13:12 - 0056103 _____ () C:\Program Files\EULA.eng
2012-05-04 18:12 - 2012-05-04 18:12 - 0000000 _____ () C:\Users\Gardenia\AppData\Roaming\wklnhst.dat
2007-04-11 17:27 - 2015-01-11 16:36 - 0025600 _____ () C:\Users\Gardenia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-03 15:45 - 2014-11-03 15:50 - 51027168 _____ () C:\Users\Gardenia\AppData\Local\TempFullTiltUkSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-10-05 16:00
==================== End of FRST.txt ============================
And the addition:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Gardenia (2015-10-05 16:09:41)
Running from C:\Users\Gardenia\Desktop\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-03-28 23:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-690159537-611873118-1648271922-500 - Administrator - Disabled)
Gardenia (S-1-5-21-690159537-611873118-1648271922-1000 - Administrator - Enabled) => C:\Users\Gardenia
Guest (S-1-5-21-690159537-611873118-1648271922-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
888poker (HKLM\...\888poker) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
ATI Catalyst Control Center Ex (HKLM\...\{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}) (Version: 2.0.2488.36465 - ATI Technologies Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.32 - Piriform)
Coral Poker (HKLM\...\Coral Poker_is1) (Version: - coral)
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)
Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)
Dell Data Vault (HKLM\...\Dell Data Vault) (Version: 4.1.9.0 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)
Full Tilt UK (HKLM\...\{31967082-7E6A-42A3-9740-6F9065509BD6}) (Version: 5.22.51.WIN.FullTilt.UK - )
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.29 - NOS Microsystems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
king.com (remove only) (HKLM\...\king.com) (Version: - Midasplayer Ltd (king.com))
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Orange Preload (HKLM\...\{38496EC2-78B7-412A-9398-FC6B7DB8E182}) (Version: 6.1.5.7 - Orange)
partypoker (HKLM\...\PartyPoker) (Version: 110 - PartyGaming)
PokerStars (HKLM\...\PokerStars) (Version: 2.166 - PokerStars)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Tiscali Internet (HKLM\...\{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}) (Version: 1.0.0.35 - Tiscali)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version: - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
27-08-2015 12:40:54 Scheduled Checkpoint
29-08-2015 14:12:25 Scheduled Checkpoint
30-08-2015 20:43:11 Scheduled Checkpoint
02-09-2015 00:44:08 Scheduled Checkpoint
04-09-2015 18:11:53 Scheduled Checkpoint
07-09-2015 14:18:01 Scheduled Checkpoint
09-09-2015 01:50:47 Windows Update
09-09-2015 18:04:11 Scheduled Checkpoint
10-09-2015 14:35:46 Scheduled Checkpoint
15-09-2015 16:09:16 Scheduled Checkpoint
20-09-2015 14:10:20 Scheduled Checkpoint
26-09-2015 15:38:03 Scheduled Checkpoint
27-09-2015 18:58:47 Scheduled Checkpoint
29-09-2015 19:51:49 Scheduled Checkpoint
04-10-2015 19:40:42 Scheduled Checkpoint
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0DE0EEB2-62A1-40FA-A696-8BD9238FBE0C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {10A45B41-CBF1-4E35-8A0A-DB9D5D0AA8A3} - System32\Tasks\{15FAE785-B211-41E2-B2FD-837CD088D3D9} => pcalua.exe -a "C:\Users\Gardenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GO25QX0\SetupPoker[2].exe" -d C:\Windows\system32
Task: {11FE6C01-0E8A-42EC-AED3-BB4B0AEED280} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {15E0601D-C3B3-4E9C-9456-DC6F3BC9D39A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gardenia => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {4E3D8FBE-56E1-49D6-9ACE-5058674160C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {533E6E3D-BF3A-4231-928C-5C9969C56906} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5496C03E-D01F-4397-B2EB-1DA6D6320FCA} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: {621C0896-0FD4-409C-8B92-8915481004F1} - System32\Tasks\{369D992A-33A2-4979-8798-A20D77082E64} => pcalua.exe -a "C:\Bingo\BPC Bingo\_SetupBingo[1].exe" -c /uninstall
Task: {698423AA-13D6-49E6-9A30-2F23D24947EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6B9E612D-CFF4-4770-AD62-A393302EB0ED} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{880BFEF7-C96C-4502-8984-05A39CA764B9}.exe
Task: {B6ECF45B-30DC-40BA-98FF-3365042AF1C4} - System32\Tasks\{A62B73E5-7970-443B-97FB-B1967F883F2D} => pcalua.exe -a "C:\Users\Gardenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOGFY8H7\SetupBingo[1].exe" -d C:\Windows\system32
Task: {C1055084-25EF-4DE2-9551-AC9E64F73D03} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{C85A043D-8876-4A75-98B8-AFCAF69C7499}.exe
Task: {CB4B10F6-E897-4422-B1B6-72C8455F495D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D8CBDFAD-E538-415A-A017-EC92137796C6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {F7EA707C-D81D-4444-B82F-EA829BD66910} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{C85A043D-8876-4A75-98B8-AFCAF69C7499}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{880BFEF7-C96C-4502-8984-05A39CA764B9}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2007-03-29 08:22 - 2006-10-25 05:44 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Gardenia\Documents\My Google Gadgets:Roxio EMC Stream
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{E7B00AF9-83B2-4B54-A1FB-D7663C6B8CCF}] => (Allow) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [TCP Query User{8C694021-F92E-43A7-B8E4-BD16FEEF8E7A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{E5E9B367-492A-4647-9DB5-1164755D5E47}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{8BF817F4-2CE0-4935-85C9-F9BB3E369F56}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{ED9408D8-E2DE-435B-91A7-842CC41C7FA2}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{F432C6F9-A5B0-4506-91F5-514D8D5C9978}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{4876ADDE-C2A5-4851-83CB-2273E8BF3E9B}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{6FBA9B0D-D3C9-4A49-90D8-96F85FBAE949}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{B41FD31C-647D-4FE0-BE62-08E39B645E8D}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{B34F3716-3CE6-4481-A5B0-C83A6128A681}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{2486B7AC-5083-4D1F-A006-790FC8002DCA}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{6544D547-ED45-4258-874A-B6B49692FD74}] => (Allow) LPort=80
FirewallRules: [{E52938E8-2E70-4FDA-960C-D16A7F4F406E}] => (Allow) LPort=80
FirewallRules: [{EE3807F1-BC55-4713-ACBF-2C5208F3FEA6}] => (Allow) LPort=80
FirewallRules: [TCP Query User{0DAA1378-85A2-4186-848F-DDB8A8AC19AA}C:\program files\pacificpoker\bin\poker.exe] => (Block) C:\program files\pacificpoker\bin\poker.exe
FirewallRules: [UDP Query User{B7A65ED7-57CB-423C-9702-BACBA315A7CB}C:\program files\pacificpoker\bin\poker.exe] => (Block) C:\program files\pacificpoker\bin\poker.exe
FirewallRules: [{0C418C30-C46F-485F-BE65-90299FFD0AEE}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E7BE07A3-9E1E-4F06-AF6C-69D6816BFE1C}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{20BADCC5-23E7-4F7A-9611-C1CF4A0E23DD}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D2B4FB21-8C2B-47C7-A5F9-D0D3999D7F5C}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{DED778F1-9836-4EA0-BA5D-87A15D67A96E}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F3C579FC-BD33-483D-A9EA-82E4797D2AA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{645E18D5-7F82-4633-8CD9-7710B8D3F360}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F21FF65-40E3-4430-9C7D-88B3F470BF5D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{57C416B5-3F37-4D0E-8062-D627314A1550}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B7B713B9-D23F-4EDE-88EB-E514F96794DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{8F32C3BB-063F-4686-B38D-5E86EB8A4CAC}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{D575DF20-590E-46E1-B4BD-21B35CF1E82B}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DCBE461D-921C-485D-89C6-10BBDE40B3CB}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{96D8ACD1-C208-41E2-B5CD-63BAE78CEE35}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{C449E849-99F5-468B-A411-DF2351E00A2A}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{97C989C2-B717-4D94-8B1C-E32BD3D06723}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/04/2015 07:35:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (10/04/2015 07:35:42 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (10/02/2015 05:26:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (10/02/2015 05:26:24 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (10/02/2015 04:39:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msinfo32.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2a0
Start Time: 01d0fd283ef316fd
Termination Time: 16
Error: (10/02/2015 03:53:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\GARDENIA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\T9S7HY7L.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
Context: Application, SystemIndex Catalog
Details:
A device attached to the system is not functioning. (0x8007001f)
Error: (09/29/2015 07:29:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/29/2015 07:29:35 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
Error: (09/27/2015 06:25:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/27/2015 06:25:16 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
System errors:
=============
Error: (10/05/2015 03:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (10/04/2015 04:15:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (10/03/2015 11:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (10/03/2015 02:51:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (10/02/2015 05:01:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (10/02/2015 03:09:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (10/01/2015 06:12:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (10/01/2015 12:39:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (09/30/2015 05:48:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
Error: (09/29/2015 05:24:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
CodeIntegrity:
===================================
Date: 2015-10-05 16:09:36.122
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:35.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:34.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:32.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:31.208
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:30.147
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:29.055
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:28.010
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:04.360
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-10-05 16:09:03.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Athlon 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 44%
Total physical RAM: 3069.57 MB
Available physical RAM: 1713.71 MB
Total Virtual: 6371.7 MB
Available Virtual: 5210.95 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:151.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================