Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ISP Say My 88 yr Old Mother is Exceeding Her Data Allowance! How?

bandwidth ISP

  • Please log in to reply

#1
dontcensorme

dontcensorme

    Member

  • Member
  • PipPip
  • 66 posts

Hello all at GtG

 

Once again I need your help....

 

My mother uses her computer about 2 to 3 hours per evening.  She plays poker on stars and full tilt and also buys her national lottery ticket (we're in UK).  She reads emails and plays hearts or solitaire and that's about all she uses her computer for.  No movies, no videos or tv, nothing like that.

 

Her ISP sent her an email saying that between the 1st September and 4th September she used 98% of her Data Allowance!  She's allowed 25GB per month and will be charged for everything over that.  Her ISP said her bill is going to be HUGE this month :(

 

I phoned them and said it's not possible that she's used all that data.  They said she had, but can't tell me on what.  They did say that on two days in September a lot of that bandwidth was used at 2pm.  She doesn't even go on there until after 3pm usually.  She doesn't download anything except AVG and Windows updates and any updates that the poker sites use.

 

She doesn't use a wireless connection and her ISP say her old router doesn't have the facility for wireless anyway, so it's not a piggy-backing neighbour.

 

I asked about previous months and was told she used 15GB in July and 10GB in Ausgust, which is what I'd expect.

 

I checked her history in Firefox and it shows only her usual hangouts (poker and lottery and an amazon search).

 

The ISP told me to do a Malwarebytes scan and it found 1 thing.  "PUP optional. bitberry" which it deleted.  Needless to say I have no idea what this is.  Could it have caused it?

 

She hasn't had any visitors use the PC and she lives alone.  I'm stumped!

 

Is there anything I can check on her PC that will tell me what's happened?   Or anything else I should know?  t.i.a.


Edited by dontcensorme, 02 October 2015 - 12:21 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Sounds like Malware.  I'm going to ask that this be moved to the malware forum.  Do Step 3. Download and Run FRST

on 

http://www.geekstogo...ide/#entry12367

 

Then copy and paste (or attach if they are too big) to a Reply to this post.


  • 0

#3
dontcensorme

dontcensorme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Thank you for your reply.

 

I'll do as you suggest, but as I don't live with her I won't be able to do it until tomorrow.

 

If I don't reply quickly, that's the reason. 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No problem with delays.  I don't keep track.  Just post the logs when you get a chance.  I'm in Florida so about 5 hours behind you so there's going to be some delay anyway.


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Suggest you may want to install the free TeamViewer program on her computer.  Set it up to control the pc remotely with a permanent password  Then you can log in remotely and save a trip next time.

 

https://www.teamview...m/en/index.aspx

 

 

One thought from others on our team:  If she recently let it upgrade to Windows 10 then we have found the culprit.  Windows 10 uses P2P to allow your neighbors to get their upgrades from you.  You can turn it off:

http://www.howtogeek...r-the-internet/


  • 0

#6
dontcensorme

dontcensorme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Thank you RKinner.

 

She's still running on Vista so it's not that.  

 

Good idea about the remote operation, but I'll have to ask her, of course.

 

Was round there today and did the FRST scan.  Results:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-10-2015
Ran by Gardenia (administrator) on GARDENIA-PC (05-10-2015 16:05:42)
Running from C:\Users\Gardenia\Desktop\Desktop
Loaded Profiles: Gardenia (Available Profiles: Gardenia)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gteko Ltd.) C:\Program Files\DellSupport\DSAgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-12] (Gteko Ltd.)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-26] (Google Inc.)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"English" /KBD:2
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA0CBC1A-4F4F-485E-A313-96B6BD0320CF}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-690159537-611873118-1648271922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070329
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.national-lottery.co.uk/player/p/home.ftl?org.apache.struts.taglib.html.TOKEN=9b581235f744d1b14295b6af7a5ee129
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> URL hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> {15AC7096-4349-47F7-B3E8-49228671E053} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=CCA1651C-647D-4C37-8AE9-03E72C506251&apn_sauid=1E4CE90F-7863-4083-A2FD-B10549B02B4B
SearchScopes: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll [2006-11-17] (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-20] (Google Inc.)
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll [2006-03-06] ()
 
FireFox:
========
FF ProfilePath: C:\Users\Gardenia\AppData\Roaming\Mozilla\Firefox\Profiles\t9s7hy7l.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://www.national-lottery.co.uk/sign-in
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]
 
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-01]
CHR Extension: (YouTube) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-13]
CHR Extension: (Google Search) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Gmail) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-13]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1942224 2015-01-30] (Dell Inc.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () [File not signed]
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-08-29] (NOS Microsystems Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [20688 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [19984 2015-01-30] (Dell Computer Corporation)
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) [File not signed]
R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-05 16:01 - 2015-10-05 16:05 - 00000000 ____D C:\FRST
2015-10-05 16:00 - 2015-10-05 16:00 - 01697792 _____ (Farbar) C:\Users\Gardenia\Downloads\FRST.exe
2015-10-02 16:21 - 2015-10-02 16:23 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-02 16:21 - 2015-10-02 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 16:21 - 2015-10-02 16:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-02 16:21 - 2015-06-18 09:47 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-02 16:21 - 2015-06-18 09:47 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-02 16:20 - 2015-10-02 16:20 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Gardenia\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-09-11 21:56 - 2015-10-05 15:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-09-11 19:58 - 2015-09-11 19:58 - 00000104 _____ C:\Users\Gardenia\Desktop\Internet - Shortcut.lnk
2015-09-09 02:05 - 2015-08-13 15:15 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-09-09 02:05 - 2015-08-13 15:15 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-09-09 02:04 - 2015-09-02 22:26 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 02:04 - 2015-09-02 22:26 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 02:02 - 2015-07-10 15:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 02:01 - 2015-09-02 22:26 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 02:01 - 2015-09-02 20:55 - 02067456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 02:01 - 2015-09-02 20:54 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 02:01 - 2015-08-05 16:59 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 00:33 - 2015-08-17 18:18 - 01814016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-09 00:33 - 2015-08-17 18:17 - 12388352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-09 00:33 - 2015-08-17 18:14 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-09 00:33 - 2015-08-17 18:13 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 00:33 - 2015-08-17 18:12 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-09 00:33 - 2015-08-17 18:12 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-09 00:33 - 2015-08-17 18:11 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-09 00:33 - 2015-08-17 18:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-09 00:33 - 2015-08-17 18:10 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-09-09 00:33 - 2015-08-17 18:10 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-09-09 00:33 - 2015-08-17 18:10 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-09-09 00:33 - 2015-08-17 18:09 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-05 16:02 - 2014-10-22 16:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-05 15:59 - 2007-03-29 00:26 - 01579020 _____ C:\Windows\WindowsUpdate.log
2015-10-05 15:57 - 2010-10-20 15:11 - 00000000 ____D C:\ProgramData\MFAData
2015-10-05 15:52 - 2013-06-07 21:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-10-05 15:52 - 2013-05-31 18:00 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-10-05 15:52 - 2010-09-03 21:59 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-05 15:52 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-05 15:52 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-05 15:52 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-05 00:46 - 2006-11-02 14:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-05 00:19 - 2014-11-03 16:20 - 00000000 ____D C:\Program Files\Full Tilt UK
2015-10-04 23:52 - 2010-09-03 21:59 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-04 23:04 - 2008-03-12 01:12 - 00000000 ____D C:\Users\Gardenia\AppData\Local\PokerStars.UK
2015-10-03 14:49 - 2010-07-16 20:11 - 00092540 _____ C:\Windows\PFRO.log
2015-10-02 16:59 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\nap
2015-10-02 16:27 - 2010-08-18 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-10-02 16:21 - 2010-08-18 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-02 16:18 - 2014-11-03 16:22 - 00000000 ____D C:\Users\Gardenia\AppData\Local\FullTilt UK
2015-09-25 14:55 - 2012-12-13 01:32 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 21:03 - 2013-07-06 09:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-21 21:03 - 2013-03-01 17:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-17 13:26 - 2014-10-22 12:31 - 00000844 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-17 13:26 - 2014-04-25 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-12 15:09 - 2013-01-10 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-09 17:34 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 17:23 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2015-09-09 16:58 - 2006-11-02 13:47 - 00290336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 16:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 01:59 - 2013-08-15 00:16 - 00000000 ____D C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2011-12-28 23:52 - 2012-01-23 13:12 - 0056103 _____ () C:\Program Files\EULA.eng
2012-05-04 18:12 - 2012-05-04 18:12 - 0000000 _____ () C:\Users\Gardenia\AppData\Roaming\wklnhst.dat
2007-04-11 17:27 - 2015-01-11 16:36 - 0025600 _____ () C:\Users\Gardenia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-03 15:45 - 2014-11-03 15:50 - 51027168 _____ () C:\Users\Gardenia\AppData\Local\TempFullTiltUkSetup.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-10-05 16:00
 
==================== End of FRST.txt ============================

 

 

 

And the addition:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-10-2015
Ran by Gardenia (2015-10-05 16:09:41)
Running from C:\Users\Gardenia\Desktop\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2007-03-28 23:26:58)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-690159537-611873118-1648271922-500 - Administrator - Disabled)
Gardenia (S-1-5-21-690159537-611873118-1648271922-1000 - Administrator - Enabled) => C:\Users\Gardenia
Guest (S-1-5-21-690159537-611873118-1648271922-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
888poker (HKLM\...\888poker) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
ATI Catalyst Control Center Ex (HKLM\...\{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}) (Version: 2.0.2488.36465 - ATI Technologies Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.32 - Piriform)
Coral Poker (HKLM\...\Coral Poker_is1) (Version:  - coral)
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)
Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)
Dell Data Vault (HKLM\...\Dell Data Vault) (Version: 4.1.9.0 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)
Full Tilt UK (HKLM\...\{31967082-7E6A-42A3-9740-6F9065509BD6}) (Version: 5.22.51.WIN.FullTilt.UK - )
getPlus® for Adobe (HKLM\...\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}) (Version: 1.5.2.29 - NOS Microsystems Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
king.com (remove only) (HKLM\...\king.com) (Version:  - Midasplayer Ltd (king.com))
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-GB) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-GB)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Orange Preload (HKLM\...\{38496EC2-78B7-412A-9398-FC6B7DB8E182}) (Version: 6.1.5.7 - Orange)
partypoker (HKLM\...\PartyPoker) (Version: 110 - PartyGaming)
PokerStars (HKLM\...\PokerStars) (Version: 2.166 - PokerStars)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Tiscali Internet (HKLM\...\{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}) (Version: 1.0.0.35 - Tiscali)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== Restore Points =========================
 
27-08-2015 12:40:54 Scheduled Checkpoint
29-08-2015 14:12:25 Scheduled Checkpoint
30-08-2015 20:43:11 Scheduled Checkpoint
02-09-2015 00:44:08 Scheduled Checkpoint
04-09-2015 18:11:53 Scheduled Checkpoint
07-09-2015 14:18:01 Scheduled Checkpoint
09-09-2015 01:50:47 Windows Update
09-09-2015 18:04:11 Scheduled Checkpoint
10-09-2015 14:35:46 Scheduled Checkpoint
15-09-2015 16:09:16 Scheduled Checkpoint
20-09-2015 14:10:20 Scheduled Checkpoint
26-09-2015 15:38:03 Scheduled Checkpoint
27-09-2015 18:58:47 Scheduled Checkpoint
29-09-2015 19:51:49 Scheduled Checkpoint
04-10-2015 19:40:42 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DE0EEB2-62A1-40FA-A696-8BD9238FBE0C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {10A45B41-CBF1-4E35-8A0A-DB9D5D0AA8A3} - System32\Tasks\{15FAE785-B211-41E2-B2FD-837CD088D3D9} => pcalua.exe -a "C:\Users\Gardenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GO25QX0\SetupPoker[2].exe" -d C:\Windows\system32
Task: {11FE6C01-0E8A-42EC-AED3-BB4B0AEED280} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {15E0601D-C3B3-4E9C-9456-DC6F3BC9D39A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gardenia => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {4E3D8FBE-56E1-49D6-9ACE-5058674160C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {533E6E3D-BF3A-4231-928C-5C9969C56906} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5496C03E-D01F-4397-B2EB-1DA6D6320FCA} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: {621C0896-0FD4-409C-8B92-8915481004F1} - System32\Tasks\{369D992A-33A2-4979-8798-A20D77082E64} => pcalua.exe -a "C:\Bingo\BPC Bingo\_SetupBingo[1].exe" -c /uninstall
Task: {698423AA-13D6-49E6-9A30-2F23D24947EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6B9E612D-CFF4-4770-AD62-A393302EB0ED} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{880BFEF7-C96C-4502-8984-05A39CA764B9}.exe
Task: {B6ECF45B-30DC-40BA-98FF-3365042AF1C4} - System32\Tasks\{A62B73E5-7970-443B-97FB-B1967F883F2D} => pcalua.exe -a "C:\Users\Gardenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOGFY8H7\SetupBingo[1].exe" -d C:\Windows\system32
Task: {C1055084-25EF-4DE2-9551-AC9E64F73D03} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{C85A043D-8876-4A75-98B8-AFCAF69C7499}.exe
Task: {CB4B10F6-E897-4422-B1B6-72C8455F495D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D8CBDFAD-E538-415A-A017-EC92137796C6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: {F7EA707C-D81D-4444-B82F-EA829BD66910} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{C85A043D-8876-4A75-98B8-AFCAF69C7499}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{880BFEF7-C96C-4502-8984-05A39CA764B9}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2007-03-29 08:22 - 2006-10-25 05:44 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Gardenia\Documents\My Google Gadgets:Roxio EMC Stream
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 

==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{E7B00AF9-83B2-4B54-A1FB-D7663C6B8CCF}] => (Allow) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
FirewallRules: [TCP Query User{8C694021-F92E-43A7-B8E4-BD16FEEF8E7A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{E5E9B367-492A-4647-9DB5-1164755D5E47}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{8BF817F4-2CE0-4935-85C9-F9BB3E369F56}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{ED9408D8-E2DE-435B-91A7-842CC41C7FA2}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{F432C6F9-A5B0-4506-91F5-514D8D5C9978}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{4876ADDE-C2A5-4851-83CB-2273E8BF3E9B}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{6FBA9B0D-D3C9-4A49-90D8-96F85FBAE949}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{B41FD31C-647D-4FE0-BE62-08E39B645E8D}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{B34F3716-3CE6-4481-A5B0-C83A6128A681}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{2486B7AC-5083-4D1F-A006-790FC8002DCA}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{6544D547-ED45-4258-874A-B6B49692FD74}] => (Allow) LPort=80
FirewallRules: [{E52938E8-2E70-4FDA-960C-D16A7F4F406E}] => (Allow) LPort=80
FirewallRules: [{EE3807F1-BC55-4713-ACBF-2C5208F3FEA6}] => (Allow) LPort=80
FirewallRules: [TCP Query User{0DAA1378-85A2-4186-848F-DDB8A8AC19AA}C:\program files\pacificpoker\bin\poker.exe] => (Block) C:\program files\pacificpoker\bin\poker.exe
FirewallRules: [UDP Query User{B7A65ED7-57CB-423C-9702-BACBA315A7CB}C:\program files\pacificpoker\bin\poker.exe] => (Block) C:\program files\pacificpoker\bin\poker.exe
FirewallRules: [{0C418C30-C46F-485F-BE65-90299FFD0AEE}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E7BE07A3-9E1E-4F06-AF6C-69D6816BFE1C}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{20BADCC5-23E7-4F7A-9611-C1CF4A0E23DD}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D2B4FB21-8C2B-47C7-A5F9-D0D3999D7F5C}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{DED778F1-9836-4EA0-BA5D-87A15D67A96E}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F3C579FC-BD33-483D-A9EA-82E4797D2AA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{645E18D5-7F82-4633-8CD9-7710B8D3F360}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F21FF65-40E3-4430-9C7D-88B3F470BF5D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{57C416B5-3F37-4D0E-8062-D627314A1550}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B7B713B9-D23F-4EDE-88EB-E514F96794DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{8F32C3BB-063F-4686-B38D-5E86EB8A4CAC}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{D575DF20-590E-46E1-B4BD-21B35CF1E82B}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DCBE461D-921C-485D-89C6-10BBDE40B3CB}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{96D8ACD1-C208-41E2-B5CD-63BAE78CEE35}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{C449E849-99F5-468B-A411-DF2351E00A2A}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{97C989C2-B717-4D94-8B1C-E32BD3D06723}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/04/2015 07:35:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (10/04/2015 07:35:42 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (10/02/2015 05:26:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (10/02/2015 05:26:24 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (10/02/2015 04:39:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program msinfo32.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 2a0
Start Time: 01d0fd283ef316fd
Termination Time: 16
 
Error: (10/02/2015 03:53:04 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\GARDENIA\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\T9S7HY7L.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
 
Context:  Application, SystemIndex Catalog
 
Details:
 A device attached to the system is not functioning.   (0x8007001f)
 
Error: (09/29/2015 07:29:37 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (09/29/2015 07:29:35 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (09/27/2015 06:25:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
 
Error: (09/27/2015 06:25:16 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 

System errors:
=============
Error: (10/05/2015 03:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/04/2015 04:15:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/03/2015 11:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/03/2015 02:51:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/02/2015 05:01:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/02/2015 03:09:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/01/2015 06:12:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/01/2015 12:39:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (09/30/2015 05:48:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (09/29/2015 05:24:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 

CodeIntegrity:
===================================
  Date: 2015-10-05 16:09:36.122
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:35.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:34.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:32.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:31.208
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:30.147
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:29.055
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:28.010
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:04.360
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-10-05 16:09:03.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 44%
Total physical RAM: 3069.57 MB
Available physical RAM: 1713.71 MB
Total Virtual: 6371.7 MB
Available Virtual: 5210.95 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:151.91 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Not seeing any obvious smoking guns but we can clean up some stuff that you don't need and clear some errors:

 

Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 55
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
 
Also Uninstall:
getPlus® for Adobe
 
Plus any of these that you can find:
 
Dell Data Vault (HKLM\...\Dell Data Vault) (Version: 4.1.9.0 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport 
 
There are a lot of posts about the Dell stuff causing problems and it's causing errors anyway so not working correctly.  With an old Vista it's doubtful that Dell is still doing updates anyway so no need to waste bandwidth checking with Dell all the time.
 
Is Corel Snapfire Plus a paid version or just the 30 day free trial?  If an expired trial, uninstall it.
 
Also not sure what king.com program is.  This is the website for Candy Crush & several other games but normally you do not need to install any programs.
 
The following will clean out some deadwood and remove visible traces of the Dell stuff just in case the uninstall doesn't remove them
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Let's check for errors:
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  The second time you run VEW it will overwrite the log so rename it or copy it to a Reply before you rerun it.
 
Finally I have located a program that monitors your bandwidth usage on a per application basis.  It's called NetBalancer and the free version looks like it will be a big help.  
 
Instructions here:
 
The download page is a bit tricky.
 
 
Just click on the black DOWNLOAD button.  Once you get it up and running you can click twice on the Downloaded or Uploaded column headers and it will sort things by biggest users.  There is an annoying little window that shows the traffic instantaneously.  You can right click on it and Hide and it will go away.  Then just close the program.  It will keep running - you will see it in the systray and if you right click on it and Show Main Windows it will bring up the main window again..  To quit the program right click and Exit and Stop Service.

 


  • 0

#8
dontcensorme

dontcensorme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Wow, that's very comprehensive - thank you so much, RKinner.

 

I had a look at Teamviewer, it looks great and i downloaded it to my PC, but as I said I'll have to get mum's permission to put it on hers.  Is it quite safe? 

 

I will do as you advise, but probably won't be able to get it done until nearer the end of this week, possibly even  the weekend.

 

Please don't think I'm not appreciative if I don't reply soon, I'm very grateful for your help.

 

Thanks again.


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Take your time.  I use TeamViewer a lot.  I have a 93 year old father in law who likes to visit porn sites and I use it to clean up his PC.  Just use a good password and it will be quite safe.


  • 1

#10
dontcensorme

dontcensorme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

I haven't done everything on the list yet, I ran out of time.  But I've downloaded TeamViewer to her PC and hopefully I can complete the rest of the steps tomorrow.

 

I uninstalled the old Java (but put on a new one) and all the Dell things I could find, except one which wouldn't go and kept trying to install when I clicked on "uninstall", which is a bit weird.  Also uninstalled the corel snapfire and the adobe getplus.

 

Here is the fix log:

 

Fix result of Farbar Recovery Scan Tool (x86) Version:10-10-2015
Ran by Gardenia (2015-10-10 17:37:26) Run:1
Running from C:\Users\Gardenia\Desktop
Loaded Profiles: Gardenia (Available Profiles: Gardenia)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ECenter] => c:\dell\E-Center\EULALauncher.exe [17920 2006-11-17] ( )
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre7\bin\jusched.exe"
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [DellSupport] => C:\Program Files\DellSupport\DSAgnt.exe [446976 2006-11-12] (Gteko Ltd.)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-690159537-611873118-1648271922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> {15AC7096-4349-47F7-B3E8-49228671E053} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=CCA1651C-647D-4C37-8AE9-03E72C506251&apn_sauid=1E4CE90F-7863-4083-A2FD-B10549B02B4B
SearchScopes: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\BAE\BAE.dll [2006-11-17] (Dell Inc.)
BHO: Javaâ„¢ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\.DEFAULT -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Javaâ„¢ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [1942224 2015-01-30] (Dell Inc.)
S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () [File not signed]
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [33752 2008-08-29] (NOS Microsystems Ltd.)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
S3 stllssvr; "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]
S3 DDDriver; C:\Windows\System32\drivers\DDDriver32Dcsa.sys [20688 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [19984 2015-01-30] (Dell Computer Corporation)
R3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
Task: {0DE0EEB2-62A1-40FA-A696-8BD9238FBE0C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {10A45B41-CBF1-4E35-8A0A-DB9D5D0AA8A3} - System32\Tasks\{15FAE785-B211-41E2-B2FD-837CD088D3D9} => pcalua.exe -a "C:\Users\Gardenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GO25QX0\SetupPoker[2].exe" -d C:\Windows\system32
Task: {11FE6C01-0E8A-42EC-AED3-BB4B0AEED280} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {533E6E3D-BF3A-4231-928C-5C9969C56906} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B6ECF45B-30DC-40BA-98FF-3365042AF1C4} - System32\Tasks\{A62B73E5-7970-443B-97FB-B1967F883F2D} => pcalua.exe -a "C:\Users\Gardenia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AOGFY8H7\SetupBingo[1].exe" -d C:\Windows\system32
Task: {621C0896-0FD4-409C-8B92-8915481004F1} - System32\Tasks\{369D992A-33A2-4979-8798-A20D77082E64} => pcalua.exe -a "C:\Bingo\BPC Bingo\_SetupBingo[1].exe" -c /uninstall
Task: {D8CBDFAD-E538-415A-A017-EC92137796C6} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{C85A043D-8876-4A75-98B8-AFCAF69C7499}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{880BFEF7-C96C-4502-8984-05A39CA764B9}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{E7B00AF9-83B2-4B54-A1FB-D7663C6B8CCF}] => (Allow) C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe







*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ECenter => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupport => value not found.
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupportCenter => value removed successfully.
"HKU\S-1-5-21-690159537-611873118-1648271922-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-690159537-611873118-1648271922-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15AC7096-4349-47F7-B3E8-49228671E053}" => key removed successfully.
HKCR\CLSID\{15AC7096-4349-47F7-B3E8-49228671E053} => key not found.
"HKU\S-1-5-21-690159537-611873118-1648271922-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => key removed successfully.
"HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found.
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => key removed successfully.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2 => key not found.
C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2 => key not found.
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll => not found.
C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => not found.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Windows\system32\npdeployJava1.dll => not found.
DellDataVault => service removed successfully.
DSBrokerService => service not found.
getPlus® Helper => service not found.
SupportAssistAgent => service not found.
AVG Security Toolbar Service => service removed successfully.
sprtsvc_dellsupportcenter => service removed successfully.
stllssvr => service removed successfully.
DDDriver => service removed successfully.
DellProf => service removed successfully.
DSproct => service not found.
dsunidrv => service not found.
blbdrive => service removed successfully.
IpInIp => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DE0EEB2-62A1-40FA-A696-8BD9238FBE0C} => key not found.
C:\Windows\System32\Tasks\PCDEventLauncherTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{10A45B41-CBF1-4E35-8A0A-DB9D5D0AA8A3}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10A45B41-CBF1-4E35-8A0A-DB9D5D0AA8A3}" => key removed successfully.
C:\Windows\System32\Tasks\{15FAE785-B211-41E2-B2FD-837CD088D3D9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{15FAE785-B211-41E2-B2FD-837CD088D3D9}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11FE6C01-0E8A-42EC-AED3-BB4B0AEED280} => key not found.
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{533E6E3D-BF3A-4231-928C-5C9969C56906} => key not found.
C:\Windows\System32\Tasks\SystemToolsDailyTest => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6ECF45B-30DC-40BA-98FF-3365042AF1C4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6ECF45B-30DC-40BA-98FF-3365042AF1C4}" => key removed successfully.
C:\Windows\System32\Tasks\{A62B73E5-7970-443B-97FB-B1967F883F2D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A62B73E5-7970-443B-97FB-B1967F883F2D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{621C0896-0FD4-409C-8B92-8915481004F1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{621C0896-0FD4-409C-8B92-8915481004F1}" => key removed successfully.
C:\Windows\System32\Tasks\{369D992A-33A2-4979-8798-A20D77082E64} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{369D992A-33A2-4979-8798-A20D77082E64}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8CBDFAD-E538-415A-A017-EC92137796C6} => key not found.
C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate => key not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => moved successfully
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-In-TCP => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-DFSR-Out-TCP => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-TCP => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-TCP => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-In-UDP => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\WinCollab-Out-UDP => value removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E7B00AF9-83B2-4B54-A1FB-D7663C6B8CCF} => value removed successfully.

==== End of Fixlog 17:37:28 ====

 

This is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-10-2015
Ran by Gardenia (administrator) on GARDENIA-PC (10-10-2015 17:38:49)
Running from C:\Users\Gardenia\Desktop
Loaded Profiles: Gardenia (Available Profiles: Gardenia)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(SigmaTel, Inc.) C:\Windows\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [ATICCC] => C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [90112 2006-07-11] ()
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Aurora.scr [1370624 2008-01-19] (Microsoft Corporation)
BootExecute: autocheck autochk * aswBoot.exe /A:"* " /L:"English" /KBD:2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{AA0CBC1A-4F4F-485E-A313-96B6BD0320CF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=0070329
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.national-lottery.co.uk/player/p/home.ftl?org.apache.struts.taglib.html.TOKEN=9b581235f744d1b14295b6af7a5ee129
HKU\S-1-5-21-690159537-611873118-1648271922-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=EIE9HP&PC=UP50
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> URL hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_uk&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-690159537-611873118-1648271922-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll [2006-03-06] ()

FireFox:
========
FF ProfilePath: C:\Users\Gardenia\AppData\Roaming\Mozilla\Firefox\Profiles\t9s7hy7l.default
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: AVG Secure Search
FF Homepage: hxxps://www.national-lottery.co.uk/sign-in
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-10-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-10-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-08]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-01]
CHR Extension: (YouTube) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-13]
CHR Extension: (Google Search) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-13]
CHR Extension: (Google Wallet) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Gmail) - C:\Users\Gardenia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
R3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 17:38 - 2015-10-10 17:39 - 00012177 _____ C:\Users\Gardenia\Desktop\FRST.txt
2015-10-10 17:30 - 2015-10-10 17:30 - 00000000 ____D C:\Users\Gardenia\Desktop\FRST-OlderVersion
2015-10-10 17:24 - 2015-10-10 17:24 - 00000000 ____D C:\Users\Gardenia\AppData\Roaming\TeamViewer
2015-10-10 17:17 - 2015-10-10 17:18 - 00000000 ____D C:\Program Files\TeamViewer
2015-10-10 17:17 - 2015-10-10 17:17 - 00000842 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-10-10 17:17 - 2015-10-10 17:17 - 00000830 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-10-10 14:46 - 2015-10-10 14:43 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-10-10 14:44 - 2015-10-10 14:44 - 00000000 ____D C:\Program Files\Common Files\Java
2015-10-05 16:03 - 2015-10-10 17:30 - 01699328 _____ (Farbar) C:\Users\Gardenia\Desktop\FRST.exe
2015-10-05 16:01 - 2015-10-10 17:38 - 00000000 ____D C:\FRST
2015-10-05 16:00 - 2015-10-05 16:00 - 01697792 _____ (Farbar) C:\Users\Gardenia\Downloads\FRST.exe
2015-10-05 15:53 - 2015-10-08 08:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-02 16:21 - 2015-10-02 16:23 - 00000901 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-02 16:21 - 2015-10-02 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-02 16:21 - 2015-10-02 16:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-02 16:21 - 2015-06-18 09:47 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-02 16:21 - 2015-06-18 09:47 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-02 16:20 - 2015-10-02 16:20 - 21545336 _____ (Malwarebytes Corporation ) C:\Users\Gardenia\Downloads\mbam-setup-sem-2.1.6.1022.exe
2015-09-11 19:58 - 2015-09-11 19:58 - 00000104 _____ C:\Users\Gardenia\Desktop\Internet - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-10 17:34 - 2011-12-07 13:18 - 00000000 ____D C:\Users\Gardenia\Desktop\old shortcuts
2015-10-10 17:26 - 2007-03-29 00:26 - 01698613 _____ C:\Windows\WindowsUpdate.log
2015-10-10 17:15 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-10 17:15 - 2006-11-02 13:47 - 00003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-10 14:52 - 2010-08-18 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2015-10-10 14:46 - 2013-11-04 23:32 - 00000000 ____D C:\ProgramData\Oracle
2015-10-10 14:42 - 2007-03-29 00:34 - 00000000 ____D C:\Program Files\Java
2015-10-10 14:39 - 2008-09-19 12:39 - 00000000 ____D C:\ProgramData\NOS
2015-10-10 14:39 - 2008-09-19 12:39 - 00000000 ____D C:\Program Files\NOS
2015-10-10 14:38 - 2007-03-29 00:50 - 00000000 ____D C:\Program Files\Dell
2015-10-10 14:35 - 2007-04-04 17:17 - 00000000 ___HD C:\Users\Gardenia\AppData\Roaming\GTek
2015-10-10 14:34 - 2007-04-13 14:25 - 00000000 ____D C:\Users\Gardenia\AppData\Roaming\Corel
2015-10-10 14:34 - 2007-03-29 00:38 - 00000000 ____D C:\Program Files\Corel
2015-10-10 14:33 - 2007-03-29 00:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photography
2015-10-10 14:29 - 2015-02-12 14:34 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2015-10-10 14:28 - 2007-04-04 17:17 - 00000000 ____D C:\Users\Gardenia\AppData\Local\Google
2015-10-10 14:28 - 2007-03-29 00:47 - 00000000 ____D C:\ProgramData\Google
2015-10-10 14:28 - 2007-03-29 00:46 - 00000000 ____D C:\Program Files\Google
2015-10-10 13:21 - 2010-10-20 15:11 - 00000000 ____D C:\ProgramData\MFAData
2015-10-10 13:15 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 23:20 - 2006-11-02 14:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-09 18:49 - 2014-11-03 16:20 - 00000000 ____D C:\Program Files\Full Tilt UK
2015-10-09 17:30 - 2008-03-12 01:12 - 00000000 ____D C:\Users\Gardenia\AppData\Local\PokerStars.UK
2015-10-08 08:22 - 2013-01-10 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-08 08:22 - 2010-07-16 20:11 - 00092896 _____ C:\Windows\PFRO.log
2015-10-02 16:59 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\nap
2015-10-02 16:21 - 2010-08-18 15:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-02 16:18 - 2014-11-03 16:22 - 00000000 ____D C:\Users\Gardenia\AppData\Local\FullTilt UK
2015-09-25 14:55 - 2012-12-13 01:32 - 00001973 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 21:03 - 2013-07-06 09:46 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-21 21:03 - 2013-03-01 17:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-17 13:26 - 2014-10-22 12:31 - 00000844 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-17 13:26 - 2014-04-25 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

==================== Files in the root of some directories =======

2011-12-28 23:52 - 2012-01-23 13:12 - 0056103 _____ () C:\Program Files\EULA.eng
2012-05-04 18:12 - 2012-05-04 18:12 - 0000000 _____ () C:\Users\Gardenia\AppData\Roaming\wklnhst.dat
2007-04-11 17:27 - 2015-01-11 16:36 - 0025600 _____ () C:\Users\Gardenia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-03 15:45 - 2014-11-03 15:50 - 51027168 _____ () C:\Users\Gardenia\AppData\Local\TempFullTiltUkSetup.exe

Some files in TEMP:
====================
C:\Users\Gardenia\AppData\Local\Temp\jre-8u51-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-10 13:21

==================== End of FRST.txt ============================

 

This is the additions log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-10-2015
Ran by Gardenia (2015-10-10 17:39:53)
Running from C:\Users\Gardenia\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2007-03-28 23:26:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-690159537-611873118-1648271922-500 - Administrator - Disabled)
Gardenia (S-1-5-21-690159537-611873118-1648271922-1000 - Administrator - Enabled) => C:\Users\Gardenia
Guest (S-1-5-21-690159537-611873118-1648271922-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM\...\888poker) (Version:  - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
ATI Catalyst Control Center Ex (HKLM\...\{F08F36A8-7EEA-DB4D-00D1-2CA68C2DD445}) (Version: 2.0.2488.36465 - ATI Technologies Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.32 - Piriform)
Coral Poker (HKLM\...\Coral Poker_is1) (Version:  - coral)
Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)
Dell Data Vault (HKLM\...\Dell Data Vault) (Version: 4.1.9.0 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Full Tilt UK (HKLM\...\{31967082-7E6A-42A3-9740-6F9065509BD6}) (Version: 5.22.51.WIN.FullTilt.UK - )
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
king.com (remove only) (HKLM\...\king.com) (Version:  - Midasplayer Ltd (king.com))
Malwarebytes' Anti-Malware (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 41.0.1 (x86 en-GB) (HKLM\...\Mozilla Firefox 41.0.1 (x86 en-GB)) (Version: 41.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 41.0.1.5750 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Orange Preload (HKLM\...\{38496EC2-78B7-412A-9398-FC6B7DB8E182}) (Version: 6.1.5.7 - Orange)
partypoker (HKLM\...\PartyPoker) (Version: 110 - PartyGaming)
PokerStars (HKLM\...\PokerStars) (Version: 2.166 - PokerStars)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Tiscali Internet (HKLM\...\{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}) (Version: 1.0.0.35 - Tiscali)
URL Assistant (HKLM\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

04-09-2015 18:11:53 Scheduled Checkpoint
07-09-2015 14:18:01 Scheduled Checkpoint
09-09-2015 01:50:47 Windows Update
09-09-2015 18:04:11 Scheduled Checkpoint
10-09-2015 14:35:46 Scheduled Checkpoint
15-09-2015 16:09:16 Scheduled Checkpoint
20-09-2015 14:10:20 Scheduled Checkpoint
26-09-2015 15:38:03 Scheduled Checkpoint
27-09-2015 18:58:47 Scheduled Checkpoint
29-09-2015 19:51:49 Scheduled Checkpoint
04-10-2015 19:40:42 Scheduled Checkpoint
05-10-2015 16:42:19 Scheduled Checkpoint
08-10-2015 18:54:04 Scheduled Checkpoint
09-10-2015 19:39:38 Scheduled Checkpoint
10-10-2015 14:26:19 Removed Corel Snapfire Plus
10-10-2015 14:28:33 Removed Dell SupportAssistAgent.
10-10-2015 14:31:45 Removed Corel Snapfire Plus
10-10-2015 14:34:21 Removed DellSupport.
10-10-2015 14:37:47 Removed Dell System Customization Wizard.
10-10-2015 14:44:29 Removed Java 7 Update 55

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E87C45-D3A4-4AAC-BF54-1A8179330598} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gardenia => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {4E3D8FBE-56E1-49D6-9ACE-5058674160C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {5496C03E-D01F-4397-B2EB-1DA6D6320FCA} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: {698423AA-13D6-49E6-9A30-2F23D24947EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6B9E612D-CFF4-4770-AD62-A393302EB0ED} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{880BFEF7-C96C-4502-8984-05A39CA764B9}.exe
Task: {C1055084-25EF-4DE2-9551-AC9E64F73D03} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{C85A043D-8876-4A75-98B8-AFCAF69C7499}.exe
Task: {CB4B10F6-E897-4422-B1B6-72C8455F495D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {F7EA707C-D81D-4444-B82F-EA829BD66910} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2007-03-29 08:22 - 2006-10-25 05:44 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Gardenia\Documents\My Google Gadgets:Roxio EMC Stream

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-690159537-611873118-1648271922-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{8C694021-F92E-43A7-B8E4-BD16FEEF8E7A}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{E5E9B367-492A-4647-9DB5-1164755D5E47}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{8BF817F4-2CE0-4935-85C9-F9BB3E369F56}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{ED9408D8-E2DE-435B-91A7-842CC41C7FA2}] => (Allow) C:\Program Files\AVG\AVG10\avgmfapx.exe
FirewallRules: [{F432C6F9-A5B0-4506-91F5-514D8D5C9978}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{4876ADDE-C2A5-4851-83CB-2273E8BF3E9B}] => (Allow) C:\Program Files\AVG\AVG10\avgdiagex.exe
FirewallRules: [{6FBA9B0D-D3C9-4A49-90D8-96F85FBAE949}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{B41FD31C-647D-4FE0-BE62-08E39B645E8D}] => (Allow) C:\Program Files\AVG\AVG10\avgnsx.exe
FirewallRules: [{B34F3716-3CE6-4481-A5B0-C83A6128A681}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{2486B7AC-5083-4D1F-A006-790FC8002DCA}] => (Allow) C:\Program Files\AVG\AVG10\avgemcx.exe
FirewallRules: [{6544D547-ED45-4258-874A-B6B49692FD74}] => (Allow) LPort=80
FirewallRules: [{E52938E8-2E70-4FDA-960C-D16A7F4F406E}] => (Allow) LPort=80
FirewallRules: [{EE3807F1-BC55-4713-ACBF-2C5208F3FEA6}] => (Allow) LPort=80
FirewallRules: [TCP Query User{0DAA1378-85A2-4186-848F-DDB8A8AC19AA}C:\program files\pacificpoker\bin\poker.exe] => (Block) C:\program files\pacificpoker\bin\poker.exe
FirewallRules: [UDP Query User{B7A65ED7-57CB-423C-9702-BACBA315A7CB}C:\program files\pacificpoker\bin\poker.exe] => (Block) C:\program files\pacificpoker\bin\poker.exe
FirewallRules: [{0C418C30-C46F-485F-BE65-90299FFD0AEE}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E7BE07A3-9E1E-4F06-AF6C-69D6816BFE1C}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{20BADCC5-23E7-4F7A-9611-C1CF4A0E23DD}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{D2B4FB21-8C2B-47C7-A5F9-D0D3999D7F5C}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{DED778F1-9836-4EA0-BA5D-87A15D67A96E}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{F3C579FC-BD33-483D-A9EA-82E4797D2AA9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{645E18D5-7F82-4633-8CD9-7710B8D3F360}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9F21FF65-40E3-4430-9C7D-88B3F470BF5D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{57C416B5-3F37-4D0E-8062-D627314A1550}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{B7B713B9-D23F-4EDE-88EB-E514F96794DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{8F32C3BB-063F-4686-B38D-5E86EB8A4CAC}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{D575DF20-590E-46E1-B4BD-21B35CF1E82B}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DCBE461D-921C-485D-89C6-10BBDE40B3CB}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{96D8ACD1-C208-41E2-B5CD-63BAE78CEE35}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{C449E849-99F5-468B-A411-DF2351E00A2A}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{97C989C2-B717-4D94-8B1C-E32BD3D06723}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2C5E7BAF-B8B3-469A-A3BE-C819848C69DA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{68910589-18EE-43FD-9493-29A54B636087}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A5D31591-69D7-402B-A919-44E76D4D6FFD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{49ECF322-1D7E-4D5B-BB21-31FB71307CD5}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2015 01:44:04 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/10/2015 01:44:03 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/07/2015 05:40:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/07/2015 05:40:43 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/06/2015 02:55:13 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/06/2015 02:55:12 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/04/2015 07:35:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/04/2015 07:35:42 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/02/2015 05:26:26 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (10/02/2015 05:26:24 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (10/10/2015 01:17:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/08/2015 08:23:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/07/2015 05:33:12 PM) (Source: DCOM) (EventID: 10016) (User: Gardenia-PC)
Description: application-specificLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}Gardenia-PCGardeniaS-1-5-21-690159537-611873118-1648271922-1000LocalHost (Using LRPC)

Error: (10/07/2015 05:32:16 PM) (Source: DCOM) (EventID: 10016) (User: Gardenia-PC)
Description: application-specificLocalActivation{A47979D2-C419-11D9-A5B4-001185AD2B89}Gardenia-PCGardeniaS-1-5-21-690159537-611873118-1648271922-1000LocalHost (Using LRPC)

Error: (10/05/2015 03:53:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/04/2015 04:15:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/03/2015 11:06:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/03/2015 02:51:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/02/2015 05:01:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2

Error: (10/02/2015 03:09:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2


CodeIntegrity:
===================================
  Date: 2015-10-10 17:39:47.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:46.713
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:45.653
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:44.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:43.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:42.314
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:41.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:40.161
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:15.139
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-10 17:39:14.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
Percentage of memory in use: 56%
Total physical RAM: 3069.57 MB
Available physical RAM: 1350.36 MB
Total Virtual: 6357.66 MB
Available Virtual: 5125.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:222.78 GB) (Free:151.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.8 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=222.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I did the scannow thing and it didn't find anything wrong.

 

I ran out of time to download the Netbalancer, but will put it on asap.  Also ran out of time to do the Event Viewer logs, but will do asap as well.  I cleared the logs, but didn't yet download the new program.

 

The bill came in for her last month's broadband and it's £107 instead of the usual £15.   That's a lot of money.  And data.  There is no way she's used that much by herself.  :0(

 

I also noticed a new email that's got an attachment and AVG has flagged it and asked if I wanted it taken care of and I said Yes, but now I can't delete it.  Try to delete it or move it and an error dialogue box comes up.  I guessed that was because AVG has done something to it.

 

I'll update this thread when I finish all the things on your last post.  I just wanted to post what I've done so far, as much for my own record as anything.

 

Thanks again, your help is very much appreciated :)


  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Log looks OK.    Let me know what you find out.


  • 0

#12
dontcensorme

dontcensorme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Hello again, RKinner :)

 

Still there?  I think i've done everything on your list.   Here are the Event Viewer logs:

 

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 13/10/2015 17:05:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

Log: 'System' Date/Time: 10/10/2015 17:12:54
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2015 15:38:32
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 21:23:52
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 19:48:16
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 12/10/2015 17:07:35
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 21:54:07
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 00:54:17
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 10/10/2015 17:12:24
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

 

 

And the Application log:

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 13/10/2015 17:05:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

Log: 'System' Date/Time: 10/10/2015 17:12:54
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2015 15:38:32
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 21:23:52
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 19:48:16
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 12/10/2015 17:07:35
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 21:54:07
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 00:54:17
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 10/10/2015 17:12:24
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

 

END OF LOG

 

 

I did notice in the Event Viewer that a lot of failed audits had been recorded in the Security section.

 

I did another scan with Malwarebytes and it found nothing.   Also did a scan with Kaspersky's TDSSKiller and it found nothing either.

 

Spoke again with her ISP's tech dept and they say they can't find anything wrong at their end.  They seem convinced that she has used all this date.  I'm equally convinced that she hasn't.  They also said it stopped about the 22nd September, but I've put her on an unlimited tariff now anyway.

 

They also mentioned that her router is old and had a security issue previously, but they didn't think that would cause this huge use of data.

 

I downloaded and installed Net Balancer but found it a bit confusing and difficult to read.  I put Glasswire on my PC and it's really easy to understand, but it wouldn't install on her Vista system.

 

After I'd done all that stuff Net Balancer wanted to re-start the PC, so I did that and used the opportunity to make a new Event Viewer log from VEW.  Just in case it shows anything new (afraid it's all greek to me).

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 13/10/2015 17:05:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

Log: 'System' Date/Time: 10/10/2015 17:12:54
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2015 15:38:32
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 21:23:52
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 19:48:16
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 12/10/2015 17:07:35
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 21:54:07
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 00:54:17
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 10/10/2015 17:12:24
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

 

END OF SYSTEM LOG

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 13/10/2015 17:05:23

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 12/10/2015 16:03:30
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

Log: 'System' Date/Time: 10/10/2015 17:12:54
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 13/10/2015 15:38:32
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 21:23:52
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 12/10/2015 19:48:16
Type: Warning Category: 0
Event: 4 Source: bcm4sbxp
Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Log: 'System' Date/Time: 12/10/2015 17:07:35
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 21:54:07
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 11/10/2015 00:54:17
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

Log: 'System' Date/Time: 10/10/2015 17:12:24
Type: Warning Category: 0
Event: 263 Source: PlugPlayManager
The service 'avgwd' may not have unregistered for device event notifications before it was stopped.

 

END OF APPLICATION LOG

 

Btw, thanks for mentioning Teamviewer, it's brilliant.  It's going to be such a timesaver for me in the future.  What a great program :)

 

Thanks again for your help.


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
On a trip. Limited access to internet. Sounds like you scared off whatever it was tho. Glad you like teamviewer.
  • 0

#14
dontcensorme

dontcensorme

    Member

  • Topic Starter
  • Member
  • PipPip
  • 66 posts

Thank you!

 

I hope you enjoy your trip :0)


  • 0






Similar Topics


Also tagged with one or more of these keywords: bandwidth, ISP

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP