Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Yahoo toolbar with browser redirect with more infection, I'm sure.

Started by Ozzette53 , Oct 04 2014 02:24 PM

This topic is locked

#1
Ozzette53

Posted 04 October 2014 - 02:24 PM

Member

Member
28 posts

Hi. I need some help here with this computer. My browser was redirected and the Yahoo toolbar was installed and I cannot remove it. I have gotten it to disappear. I have run every scan I can find and all I have found was one trojan, gell or something with Super Anti Spyware. I have run Kapersky, AVG and Malwarebytes. Since I cannot remove the Yahoo toolbar, and it is not located in the Programs list to remove it, I am afraid I am still infected. I would appreciate it if someone could take a look at my logs. Thank you so much.

OTL Extras logfile created on: 10/4/2014 3:55:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Trudy2\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 68.57% Memory free
4.22 Gb Paging File | 2.92 Gb Available in Paging File | 69.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 595.66 Gb Total Space | 570.97 Gb Free Space | 95.86% Space Free | Partition Type: NTFS

Computer Name: TRUDY | User Name: Trudy2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28E46246-1665-44CC-BC0D-090BECE8F682}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29C36C1C-4E8A-431D-B9AE-93DA15CA8F81}" = lport=137 | protocol=17 | dir=in | app=system |
"{31C2528B-8658-4F93-93E5-BF70A92FAFA8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E18D37A-97AE-43E3-B84D-BFB9DDDA925D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A0DFA59-8DFA-42FF-8710-7FE3B7A426A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{58646E19-8BF3-40CB-9F89-F05B22EB31C6}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D3F6B12-A233-4C09-B93D-6EC31797A97C}" = rport=139 | protocol=6 | dir=out | app=system |
"{732BE8DF-5C9C-4964-8631-2CE31F4F0EC4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78960BEA-5997-431E-B59A-1D6519BC2810}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7C8B7499-6F6B-43DB-A787-6BDC654487F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8A854907-1FD7-4813-B2D1-4ACBED8D227D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9BDA1924-22EC-400F-B39F-645E6D06E81E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A11EB713-FD1C-40E1-BB25-C04F06D29C9F}" = rport=137 | protocol=17 | dir=out | app=system |
"{B98A3C1E-B9D1-48CE-A127-12C7353F3C28}" = lport=139 | protocol=6 | dir=in | app=system |
"{CAB21B1B-0ADE-4A27-9294-CFE62011B16A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E9F4218B-B814-41CE-862A-05AB2D4F474E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAD4E56B-6547-4190-B663-CC913CCDEDC7}" = rport=445 | protocol=6 | dir=out | app=system |
"{EEC9C3EB-7380-4C6D-B761-3C51750DA7B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3577894-56CF-4851-8796-751350922010}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F94ABF91-241E-456E-8B4D-76A29F673B86}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB450E2B-2279-48FC-9A99-81D65D9161EB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01945DB8-387B-4A2E-97AE-4A812649F060}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0774DD9C-C9A8-4F57-8272-3FB37E880D92}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{0831FC0B-68C7-4DB3-BFB4-06CDB6686E0B}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{0C5994A1-A0E2-4AE0-9ED8-EA4C3508A7DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{26FBAA02-0AC4-4706-9A5B-B18393EB48BB}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{2B0C7B80-FBBE-4BD4-9DDD-D908F2947BA2}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{2C0ADCF3-B53F-469A-8A03-345D8F6BF5F5}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{2C88AB8B-8355-487D-B6C9-9539B4DCC60A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgdiagex.exe |
"{32D23666-2E63-464E-AB48-96BCC4B592CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{41844900-B07C-4D89-974D-311EAB7116A3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4BC4911E-EDB4-4F2E-A181-7523EB407500}" = protocol=1 | dir=in | [email protected],-28543 |
"{4C03A887-2327-4A67-9CA4-CC80CF5B8A10}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{5515AA79-19CA-4A76-8A5E-D668E73201D0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{5717FEE0-06B9-4A8B-B779-4AD55B790F38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A4652A5-0588-4B1E-8049-B8E59411A726}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BB80395-47B5-4842-90F6-1A7E16D5CC6F}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{6A4723FB-DDB7-4EDA-AB66-E5EDC99C35B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6AA25060-9CE0-4C20-AB95-5C5370C19034}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgmfapx.exe |
"{75BB0681-3889-40AB-BD66-2F89CFB00716}" = protocol=6 | dir=out | app=system |
"{7774FB80-8E2D-478B-9565-189761C84971}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{90854B4B-9CCB-454C-A0CC-14CACC42C366}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{978FB5A4-0F18-45DB-9086-A71B3B1EEA1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98E78BE2-4C43-4F61-B452-4D7D7F429B7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{99E3886A-0A0A-4F52-A8A8-EAF9683B600F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9AE622BF-956C-46B1-B626-7C6DFA48FA7D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{A0BD0BB3-6BF9-45F6-B6EA-6FB3A614E025}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |
"{A3CA986A-EC90-4F70-8071-897E7FAA06BA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A3CC9209-529B-4713-9622-D23CFE6EEDA3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4749E40-0249-456D-A1C2-F6E47C2B2442}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{A680880D-C499-4D5F-8C07-74B0BDF72E1E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A76DEF8E-27A0-491E-B752-E5578382CAA7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2015\avgemca.exe |
"{ADCC24DE-E7C2-4415-8068-E46F30162058}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{AE25C130-3B43-490A-80AC-88EAED6553A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C0D813B8-7842-4667-AA6F-6DB6C6B63D9B}" = protocol=58 | dir=in | [email protected],-28545 |
"{C6F8A720-F01F-44B4-A9AC-3460C7FDF29F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{CCA27DE2-0F23-406F-8502-DA7296C39DCA}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{CF715409-D5DC-47D3-A626-67A076A091DA}" = dir=out | name=windows_ie_ac_001 |
"{D2419F32-BDA4-4201-9360-94235AF2D27F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{D8C9E812-5038-4637-9C13-D2E2E99112BA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{DC72C8D6-4C1B-4E8D-B4BB-0E387BD14860}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{E0138E9F-CD5C-4C92-8BCC-8FAB30DE8C21}" = protocol=1 | dir=out | [email protected],-28544 |
"{E1E9FBAA-2725-4386-A931-AC1B82F6C10E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EFAA2817-4B4B-4AD2-9A98-E01F14CF9D00}" = protocol=58 | dir=out | [email protected],-28546 |
"{F23134F9-FEAF-4AA3-ABCC-307BCCD41EAF}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F3ED8F5E-357A-40B7-A979-F65354EF37F5}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F4FFF923-56BC-42A3-AFF4-1B8CC48AC242}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2015\avgnsa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1C5B64D4-6268-41A9-868B-209B100D0A06}" = AVG 2015
"{426E8080-E591-436B-9F7A-3C61D0AB742D}" = AVG 2015
"{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}" = Classic Shell
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"AVG" = AVG 2015
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}" = Kaspersky Security Scan
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AbiWord2" = AbiWord 2.8.6
"InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}" = Kaspersky Security Scan
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPlayer" = MPlayer (remove only)
"Security Task Manager" = Security Task Manager 1.8g

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Should I Remove It 1.0.4" = Should I Remove It

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/23/2014 12:20:08 PM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/24/2014 1:22:45 AM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/24/2014 11:01:20 AM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/25/2014 1:07:27 AM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/25/2014 11:20:40 PM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/26/2014 12:38:33 AM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/26/2014 9:58:22 AM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/27/2014 12:09:19 PM | Computer Name = Trudy | Source = MsiInstaller | ID = 1024
Description =

Error - 9/30/2014 1:40:11 AM | Computer Name = Trudy | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel.    Process ID: db4    Start
Time: 01cfdc70bfd5a47d    Termination Time: 47    Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE    Report Id: 3b8d087d-4864-11e4-be7a-2016d87e7db4    Faulting package
full name:     Faulting package-relative application ID:

Error - 9/30/2014 1:47:01 AM | Computer Name = Trudy | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.2.9200.16628,
time stamp: 0x51a94434 Faulting module name: twinui.dll, version: 6.2.9200.17040,
time stamp: 0x53a90fba Exception code: 0xc0000005 Fault offset: 0x000000000010da56
Faulting
process id: 0x6818 Faulting application start time: 0x01cfdc71f0915caa Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\System32\twinui.dll
Report
Id: 3297ee0c-4865-11e4-be7a-2016d87e7db4 Faulting package full name:   Faulting package-relative
application ID:

[ System Events ]
Error - 10/1/2014 12:01:24 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 12:01:24 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 12:01:24 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 12:01:24 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 12:01:25 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 12:01:25 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 12:01:25 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 12:01:25 PM | Computer Name = Trudy | Source = DCOM | ID = 10016
Description =

Error - 10/1/2014 8:15:42 PM | Computer Name = Trudy | Source = Service Control Manager | ID = 7031
Description = The YsDyWv service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 10/1/2014 8:16:42 PM | Computer Name = Trudy | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the YsDyWv service, but this action
failed with the following error:   %%1056

< End of report >

Thank you again.

#2
pystryker

Posted 05 October 2014 - 05:05 AM

Trusted Helper

Malware Removal
3,912 posts

Hello and welcome to GeeksToGo! My nickname is Pystryker

, and I will be helping you with your issue today.

Before we get started, I have a few things I need to go over with you

If you are receiving help for this issue at another forum, please let me know so I can close this thread.
Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
If possible, please have your original Windows installation disks handy, just in case.
If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we? :thumbsup:

Hello, let's get a look at your system and see what's going on.

Step 1: Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Place a check in the box marked Addition.txt
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Step 2: Scan with aswMBR

Please download aswMBR.exe to your desktop.
Double click the file to run it.
It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Click the Scan button to begin the scan.

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.

Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
Click Exit

Things I need to see in your next post:

FRST Log

Addition.txt Log

aswMBR Log

#3
Ozzette53

Posted 05 October 2014 - 05:11 PM

Member

Topic Starter
Member
28 posts

Hello! I hope I did these ok. At first I was saving Farbers scan and of course they were going into downloads. So I went into the options and changed to "save to desktop" and redownloaded and ran it again, only I checked the additions box so I would get that log. Then when I worked with the aswMBR I downloaded the AVAST definitions but it never gave me an option to scan. Looking at your example, I believe I got what you wanted, but I scanned again and got the MBR.dat. I am including only the logs you requested. If I have done anything wrong, please let me know. I did my best. I have an AA degree in comp sci from 1995, LOL, but have been on my own puter since and have been using GTG for at least 15 years, I think. I don't mean to sound in anyway to brag, just want to let you know I am familiar with my PCs. Please do not think I will do anything you don't tell me to do, or change anything unless it seems extremely logical to me... as in the small problems I had today. I will let you know exactly what I do, just like I did today.

Farber Scan Logs:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Trudy2 (administrator) on TRUDY on 05-10-2014 18:08:20
Running from C:\Users\Trudy2\Desktop
Loaded Profile: Trudy2 (Available profiles: Trudy2)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1640894672-1411345100-1642154565-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1640894672-1411345100-1642154565-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC795DB396FB2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 207.255.0.43 207.255.0.45

FireFox:
========
FF ProfilePath: C:\Users\Trudy2\AppData\Roaming\Mozilla\Firefox\Profiles\4ycy5xti.default
FF Homepage: https://www.google.com/
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-10-24] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-06] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 18:08 - 2014-10-05 18:08 - 00008952 _____ () C:\Users\Trudy2\Desktop\FRST.txt
2014-10-05 18:06 - 2014-10-05 18:06 - 02109440 _____ (Farbar) C:\Users\Trudy2\Desktop\FRST64.exe
2014-10-05 17:58 - 2014-10-05 17:59 - 00018724 _____ () C:\Users\Trudy2\Downloads\Addition.txt
2014-10-05 17:56 - 2014-10-05 17:59 - 00028602 _____ () C:\Users\Trudy2\Downloads\FRST.txt
2014-10-05 17:52 - 2014-10-05 18:08 - 00000000 ____D () C:\FRST
2014-10-05 17:52 - 2014-10-05 17:52 - 02109440 _____ (Farbar) C:\Users\Trudy2\Downloads\FRST64.exe
2014-10-04 16:14 - 2014-10-04 16:14 - 00043504 _____ () C:\Users\Trudy2\Downloads\Extras.Txt
2014-10-04 16:12 - 2014-10-04 16:12 - 00083684 _____ () C:\Users\Trudy2\Downloads\OTL.Txt
2014-10-04 15:53 - 2014-10-04 15:53 - 00602112 _____ (OldTimer Tools) C:\Users\Trudy2\Downloads\OTL.exe
2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\Program Files\Classic Shell
2014-10-04 15:37 - 2014-10-05 14:14 - 00034653 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 15:11 - 2014-10-04 15:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\SUPERAntiSpyware.com
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-04 15:10 - 2014-10-04 15:10 - 19631472 _____ (SUPERAntiSpyware) C:\Users\Trudy2\Downloads\SAS_47224.EXE
2014-10-04 14:43 - 2014-10-04 14:43 - 00001304 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2014-10-04 14:42 - 2014-10-04 14:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-04 14:42 - 2014-10-04 14:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-10-04 14:32 - 2014-10-04 14:32 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-10-04 14:31 - 2014-10-04 14:31 - 02178048 _____ (Reason Software Company Inc.) C:\Users\Trudy2\Downloads\ShouldIRemoveIt_Setup.exe
2014-10-04 14:24 - 2014-10-04 14:26 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-10-04 14:24 - 2014-10-04 14:24 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-10-04 14:23 - 2014-10-04 14:23 - 02365840 _____ () C:\Users\Trudy2\Downloads\SecurityTaskManager_Setup.exe
2014-10-04 13:06 - 2014-10-04 13:06 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-04 13:06 - 2014-10-04 13:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-03 18:43 - 2014-10-03 18:44 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Mozilla
2014-10-03 18:43 - 2014-10-03 18:44 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\Mozilla
2014-10-03 18:43 - 2014-10-03 18:43 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 18:32 - 2014-10-03 18:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\AVG2015
2014-10-03 18:31 - 2014-10-03 18:32 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ___HD () C:\$AVG
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\TuneUp Software
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-03 18:30 - 2014-10-03 18:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-03 18:27 - 2014-10-05 14:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-03 18:27 - 2014-10-04 13:19 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\Avg2015
2014-10-03 18:27 - 2014-10-03 18:27 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\MFAData
2014-10-03 14:38 - 2014-10-03 15:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:37 - 2014-10-03 14:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:37 - 2014-10-03 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 13:49 - 2014-10-04 16:24 - 00000000 ____D () C:\Users\Trudy2\Desktop\DeesTools
2014-10-01 19:55 - 2014-10-01 19:56 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (2).flv
2014-10-01 19:55 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (3).flv
2014-10-01 19:55 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (1).flv
2014-10-01 19:54 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1.flv
2014-09-29 15:51 - 2014-09-29 15:51 - 00000000 ____D () C:\ProgramData\Browser
2014-09-28 14:34 - 2014-09-28 14:34 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\AstroArcade
2014-09-28 14:33 - 2014-10-03 19:25 - 00000000 ____D () C:\Program Files (x86)\Yahoo Browser Settings
2014-09-28 14:32 - 2014-10-04 15:35 - 00000000 ____D () C:\ProgramData\FYluKfYOX
2014-09-28 14:32 - 2014-10-04 14:32 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-28 14:32 - 2014-10-03 18:00 - 00000000 ____D () C:\ProgramData\AstroArcade
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPlayer
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPlayer
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Program Files (x86)\MPlayer 1.0rc2
2014-09-22 20:35 - 2014-08-09 04:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-22 20:35 - 2014-08-09 04:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-22 14:26 - 2014-08-20 19:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-22 14:26 - 2014-08-20 13:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-22 14:26 - 2014-08-20 13:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-22 14:26 - 2014-08-20 13:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 14:26 - 2014-08-20 13:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-22 14:26 - 2014-08-20 13:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 14:26 - 2014-06-24 03:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-22 14:26 - 2014-06-24 02:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-22 14:26 - 2014-06-24 02:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-22 14:26 - 2014-06-24 02:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-22 14:26 - 2014-06-24 02:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-22 14:26 - 2014-06-24 00:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-22 14:26 - 2014-06-24 00:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-22 14:26 - 2014-06-24 00:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:50 - 2014-08-16 05:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:50 - 2014-08-16 05:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:50 - 2014-08-16 05:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:50 - 2014-08-16 03:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:50 - 2014-08-16 03:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:50 - 2014-08-16 03:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:50 - 2014-03-06 20:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:50 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-12 03:50 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-12 03:50 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:50 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:50 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:50 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-12 03:50 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:50 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-12 03:50 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:50 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:50 - 2012-07-25 23:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:49 - 2014-08-16 05:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:48 - 2014-08-16 03:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:37 - 2014-08-28 07:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 03:37 - 2014-08-28 02:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-12 03:37 - 2014-08-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 03:37 - 2014-08-28 02:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-12 03:37 - 2014-07-31 19:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-12 03:36 - 2014-09-04 18:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 03:36 - 2014-09-02 21:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 03:36 - 2014-06-04 21:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-12 03:36 - 2014-06-03 19:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-12 03:35 - 2014-07-23 23:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-12 03:35 - 2014-07-23 23:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 18:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-05 14:06 - 2014-09-01 23:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D233ABE-9F1E-4A8F-B1D4-B11F5DB84BAF}
2014-10-04 23:47 - 2014-08-12 15:33 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\ClassicShell
2014-10-04 16:34 - 2012-07-26 03:28 - 00803370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-04 16:30 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 16:29 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-04 16:28 - 2014-07-24 22:52 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1640894672-1411345100-1642154565-1001
2014-10-04 13:11 - 2014-07-24 22:45 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\VirtualStore
2014-10-04 13:08 - 2014-07-21 14:57 - 00000000 ____D () C:\Windows\Panther
2014-10-03 20:00 - 2014-08-12 15:41 - 00000000 ____D () C:\Users\Trudy2\AbiSuite
2014-10-03 19:03 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-03 18:56 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\security
2014-10-03 18:36 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-03 18:31 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-03 15:21 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 13:33 - 2014-08-12 15:49 - 00002012 _____ () C:\Users\Trudy2\Desktop\Internet Explorer (2).lnk
2014-10-03 13:33 - 2014-07-24 22:46 - 00002042 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 13:32 - 2014-08-12 15:48 - 00002042 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (2).lnk
2014-09-27 12:10 - 2014-08-12 15:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 11:21 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-09-24 00:15 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-24 00:15 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-22 02:42 - 2014-07-30 00:00 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 01:13 - 2014-08-07 15:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 01:12 - 2014-07-30 00:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 01:10 - 2014-07-30 00:24 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 23:09 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-28 09:39

==================== End Of Log ============================

Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Trudy2 at 2014-10-05 18:09:58
Running from C:\Users\Trudy2\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4176 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MPlayer (remove only) (HKLM-x32\...\MPlayer) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

19-09-2014 14:44:42 Scheduled Checkpoint
23-09-2014 16:39:16 Windows Update
28-09-2014 18:32:09 Windows Modules Installer
03-10-2014 17:39:49 Removed Uninstall Helper
04-10-2014 18:31:45 Installed Should I Remove It

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {173CA941-0FD6-4043-BB06-DF699D9A2699} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-13] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {47962D48-D16F-4292-929C-26220FEC3503} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {968F167C-3AA6-497A-AACE-17159992EEE3} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-11-04] (Realtek Semiconductor)
Task: {9CBE252F-396D-45A3-9975-8F9C675A70FE} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C40B4661-E466-472A-9F97-BFC390D8F7CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2012-07-26 03:58 - 2012-07-26 03:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "KSS"
HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"

========================= Accounts: ==========================

Administrator (S-1-5-21-1640894672-1411345100-1642154565-500 - Administrator - Disabled)
Guest (S-1-5-21-1640894672-1411345100-1642154565-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1640894672-1411345100-1642154565-1003 - Limited - Enabled)
Trudy2 (S-1-5-21-1640894672-1411345100-1642154565-1001 - Administrator - Enabled) => C:\Users\Trudy2

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/04/2014 03:04:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4448

Start Time: 01cfe0052f507512

Termination Time: 55

Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE

Report Id: 43e6d7b0-4bf9-11e4-be7f-84349794460b

Faulting package full name:

Faulting package-relative application ID:

Error: (10/04/2014 02:46:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db
Faulting module name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db
Exception code: 0xc0000005
Fault offset: 0x0002aba5
Faulting process id: 0x81d8
Faulting application start time: 0xavgwsc.exe0
Faulting application path: avgwsc.exe1
Faulting module path: avgwsc.exe2
Report Id: avgwsc.exe3
Faulting package full name: avgwsc.exe4
Faulting package-relative application ID: avgwsc.exe5

Error: (10/04/2014 02:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShouldIRemoveIt.exe, version: 1.0.4.30407, time stamp: 0x54078dde
Faulting module name: LSASRV.dll, version: 6.2.9200.17013, time stamp: 0x53867ce8
Exception code: 0xc0000005
Fault offset: 0x0000000000051e28
Faulting process id: 0x62d8
Faulting application start time: 0xShouldIRemoveIt.exe0
Faulting application path: ShouldIRemoveIt.exe1
Faulting module path: ShouldIRemoveIt.exe2
Report Id: ShouldIRemoveIt.exe3
Faulting package full name: ShouldIRemoveIt.exe4
Faulting package-relative application ID: ShouldIRemoveIt.exe5

Error: (09/30/2014 01:47:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: twinui.dll, version: 6.2.9200.17040, time stamp: 0x53a90fba
Exception code: 0xc0000005
Fault offset: 0x000000000010da56
Faulting process id: 0x6818
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (09/30/2014 01:40:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: db4

Start Time: 01cfdc70bfd5a47d

Termination Time: 47

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 3b8d087d-4864-11e4-be7a-2016d87e7db4

Faulting package full name:

Faulting package-relative application ID:

Error: (09/27/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/26/2014 09:58:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/26/2014 00:38:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/25/2014 11:20:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error: (09/25/2014 01:07:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

System errors:
=============
Error: (10/04/2014 03:43:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (10/04/2014 03:43:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/04/2014 03:40:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Security Scan Service service, but this action failed with the following error:
%%1056

Error: (10/04/2014 03:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/03/2014 03:18:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:52:08 PM on ‎10/‎3/‎2014 was unexpected.

Error: (10/01/2014 08:16:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the YsDyWv service, but this action failed with the following error:
%%1056

Error: (10/01/2014 08:15:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The YsDyWv service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/01/2014 00:01:25 PM) (Source: DCOM) (EventID: 10016) (User: Trudy)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TrudyTrudy2S-1-5-21-1640894672-1411345100-1642154565-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/01/2014 00:01:25 PM) (Source: DCOM) (EventID: 10016) (User: Trudy)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TrudyTrudy2S-1-5-21-1640894672-1411345100-1642154565-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/01/2014 00:01:25 PM) (Source: DCOM) (EventID: 10016) (User: Trudy)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TrudyTrudy2S-1-5-21-1640894672-1411345100-1642154565-1001LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (10/04/2014 03:04:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16537444801cfe0052f50751255C:\Program Files\Internet Explorer\IEXPLORE.EXE43e6d7b0-4bf9-11e4-be7f-84349794460b

Error: (10/04/2014 02:46:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgwsc.exe15.0.0.53155409c7dbavgwsc.exe15.0.0.53155409c7dbc00000050002aba581d801cfe003933db020C:\Program Files (x86)\AVG\AVG2015\avgwsc.exeC:\Program Files (x86)\AVG\AVG2015\avgwsc.exed23d132f-4bf6-11e4-be7f-84349794460b

Error: (10/04/2014 02:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShouldIRemoveIt.exe1.0.4.3040754078ddeLSASRV.dll6.2.9200.1701353867ce8c00000050000000000051e2862d801cfe0019a8f7c0dC:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exeC:\Windows\SYSTEM32\LSASRV.dlle6641c49-4bf4-11e4-be7f-84349794460b

Error: (09/30/2014 01:47:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.1704053a90fbac0000005000000000010da56681801cfdc71f0915caaC:\Windows\Explorer.EXEC:\Windows\System32\twinui.dll3297ee0c-4865-11e4-be7a-2016d87e7db4

Error: (09/30/2014 01:40:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16537db401cfdc70bfd5a47d47C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE3b8d087d-4864-11e4-be7a-2016d87e7db4

Error: (09/27/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (09/26/2014 09:58:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (09/26/2014 00:38:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (09/25/2014 11:20:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

Error: (09/25/2014 01:07:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)

==================== Memory info ===========================

Processor: AMD E-300 APU with Radeon™ HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 3682.27 MB
Available physical RAM: 2643.18 MB
Total Pagefile: 4322.27 MB
Available Pagefile: 2969.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:595.66 GB) (Free:570.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

aswMBR Log:

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-05 18:16:42
-----------------------------
18:16:42.598    OS Version: Windows x64 6.2.9200
18:16:42.613    Number of processors: 2 586 0x200
18:16:42.613    ComputerName: TRUDY UserName:
18:16:46.950    Initialize success
18:16:47.512    VM: initialized successfully
18:16:47.528    VM: Amd CPU BiosDisabled
18:16:50.101    VM: supported disk I/O storport.sys
18:20:11.673    AVAST engine defs: 14100501
18:20:14.918    The log file has been saved successfully to "C:\Users\Trudy2\Desktop\aswMBR.txt"

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-05 18:16:42
-----------------------------
18:16:42.598    OS Version: Windows x64 6.2.9200
18:16:42.613    Number of processors: 2 586 0x200
18:16:42.613    ComputerName: TRUDY UserName:
18:16:46.950    Initialize success
18:16:47.512    VM: initialized successfully
18:16:47.528    VM: Amd CPU BiosDisabled
18:16:50.101    VM: supported disk I/O storport.sys
18:20:11.673    AVAST engine defs: 14100501
18:20:14.918    The log file has been saved successfully to "C:\Users\Trudy2\Desktop\aswMBR.txt"
18:20:26.476    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033
18:20:26.491    Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA60A Size: 610480MB BusType: 11
18:20:51.069    Disk 0 MBR read successfully
18:20:51.085    Disk 0 MBR scan
18:20:51.085    Disk 0 Windows 7 default MBR code
18:20:51.100    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
18:20:51.366    Disk 0 scanning C:\Windows\system32\drivers
18:21:09.400    Service scanning
18:21:51.412    Modules scanning
18:21:51.443    Disk 0 trace - called modules:
18:21:51.474    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:21:51.490    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004872430]
18:21:51.505    3 CLASSPNP.SYS[fffff8800141de0a] -> nt!IofCallDriver -> [0xfffffa8003f48040]
18:21:51.521    5 amd_xata.sys[fffff8800136e594] -> nt!IofCallDriver -> \Device\00000033[0xfffffa8003f931a0]
18:21:55.359    AVAST engine scan C:\Windows
18:22:02.847    AVAST engine scan C:\Windows\system32
18:26:03.281    AVAST engine scan C:\Windows\system32\drivers
18:26:27.945    AVAST engine scan C:\Users\Trudy2
18:31:52.468    AVAST engine scan C:\ProgramData
18:32:34.652    Scan finished successfully
18:33:02.796    Disk 0 MBR has been saved successfully to "C:\Users\Trudy2\Desktop\MBR.dat"
18:33:02.811    The log file has been saved successfully to "C:\Users\Trudy2\Desktop\aswMBR.txt"

As far as I can see, without reading every word, the 2 additions logs were the same. Sorry if I did something wrong. Also, as I am sure you know by now from my logs, but just in case, I am on Windows 8 64 with the classic shell (open source freeware for the Windows 7 home page... or desktop if you will). Thank you so much for your prompt reply and your experience and help!!!

#4
pystryker

Posted 05 October 2014 - 06:05 PM

Trusted Helper

Malware Removal
3,912 posts

As far as I can see, without reading every word, the 2 additions logs were the same. Sorry if I did something wrong. Also, as I am sure you know by now from my logs, but just in case, I am on Windows 8 64 with the classic shell (open source freeware for the Windows 7 home page... or desktop if you will). Thank you so much for your prompt reply and your experience and help!!!

You're quite welcome and you did perfectly fine.

I see the Yahoo toolbar, but very little else. But I believe in being thorough, so we'll remove Yahoo, and run some further scans.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Fix with Farbar's Recovery Scan Tool

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

Start
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Hosts:
Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Step 2: Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop

Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
Close any open windows or browsers.
Pause your Anti-Virus program if it is running.
Once it starts, click on the Scan button.
Let the scan complete itself. This may take a few minutes.
Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
- Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Fresh FRST Scan

Start Farbar's Recovery Scan Tool and press the Scan button.
FRST will scan your system and produce one log this time. Please post it in your next reply.

Things I need to see in your next post:

Please post each of the these logs in a separate reply to this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST Log

#5
Ozzette53

Posted 05 October 2014 - 07:08 PM

Member

Topic Starter
Member
28 posts

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-10-2014
Ran by Trudy2 at 2014-10-05 20:19:03 Run:1
Running from C:\Users\Trudy2\Desktop
Loaded Profile: Trudy2 (Available profiles: Trudy2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Hosts:
Emptytemp:
End
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 321 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#6
Ozzette53

Posted 05 October 2014 - 07:09 PM

Member

Topic Starter
Member
28 posts

Junkware Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.0 (10.05.2014:1)
OS: Windows 8 x64
Ran by Trudy2 on Sun 10/05/2014 at 20:30:34.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\browser"
Successfully deleted: [Folder] "C:\Users\Trudy2\appdata\locallow\translationbuddy_5eei"
Successfully deleted: [Folder] "C:\Users\Trudy2\appdata\locallow\visi_coupon"
Successfully deleted: [Folder] "C:\Users\Trudy2\appdata\locallow\yahoocouponaddon"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/05/2014 at 20:38:59.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7
Ozzette53

Posted 05 October 2014 - 07:11 PM

Member

Topic Starter
Member
28 posts

ADware Cleaner Log:

# AdwCleaner v3.311 - Report created 05/10/2014 at 20:44:59
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Trudy2 - TRUDY
# Running from : C:\Users\Trudy2\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\ProgramData\SecTaskMan

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Trudy2\AppData\Roaming\Mozilla\Firefox\Profiles\4ycy5xti.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [1683 octets] - [05/10/2014 20:44:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1743 octets] ##########

#8
Ozzette53

Posted 05 October 2014 - 07:14 PM

Member

Topic Starter
Member
28 posts

I have to assume this rewrites the FRST log, because the time stamp is right.

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Trudy2 (administrator) on TRUDY on 05-10-2014 21:02:23
Running from C:\Users\Trudy2\Desktop
Loaded Profile: Trudy2 (Available profiles: Trudy2)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1640894672-1411345100-1642154565-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1640894672-1411345100-1642154565-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC795DB396FB2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 207.255.0.43 207.255.0.45

FireFox:
========
FF ProfilePath: C:\Users\Trudy2\AppData\Roaming\Mozilla\Firefox\Profiles\4ycy5xti.default
FF Homepage: https://www.google.com/
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-10-24] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-06] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 20:58 - 2014-10-05 20:58 - 00000314 _____ () C:\Windows\PFRO.log
2014-10-05 20:44 - 2014-10-05 20:56 - 00000000 ____D () C:\AdwCleaner
2014-10-05 20:43 - 2014-10-05 20:43 - 01375089 _____ () C:\Users\Trudy2\Desktop\AdwCleaner.exe
2014-10-05 20:39 - 2014-10-05 20:38 - 00001000 _____ () C:\Users\Trudy2\Desktop\JRT.txt
2014-10-05 20:30 - 2014-10-05 20:30 - 00000000 ____D () C:\Windows\ERUNT
2014-10-05 20:28 - 2014-10-05 20:28 - 01704938 _____ (Thisisu) C:\Users\Trudy2\Desktop\JRT.exe
2014-10-05 20:16 - 2014-10-05 20:16 - 00001546 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
2014-10-05 18:33 - 2014-10-05 18:33 - 00000512 _____ () C:\Users\Trudy2\Desktop\MBR.dat
2014-10-05 18:20 - 2014-10-05 18:33 - 00002640 _____ () C:\Users\Trudy2\Desktop\aswMBR.txt
2014-10-05 18:15 - 2014-10-05 18:16 - 05185536 _____ (AVAST Software) C:\Users\Trudy2\Desktop\aswmbr.exe
2014-10-05 18:09 - 2014-10-05 18:10 - 00018722 _____ () C:\Users\Trudy2\Desktop\Addition.txt
2014-10-05 18:08 - 2014-10-05 21:02 - 00008400 _____ () C:\Users\Trudy2\Desktop\FRST.txt
2014-10-05 18:06 - 2014-10-05 18:06 - 02109440 _____ (Farbar) C:\Users\Trudy2\Desktop\FRST64.exe
2014-10-05 17:58 - 2014-10-05 17:59 - 00018724 _____ () C:\Users\Trudy2\Downloads\Addition.txt
2014-10-05 17:56 - 2014-10-05 17:59 - 00028602 _____ () C:\Users\Trudy2\Downloads\FRST.txt
2014-10-05 17:52 - 2014-10-05 21:02 - 00000000 ____D () C:\FRST
2014-10-05 17:52 - 2014-10-05 17:52 - 02109440 _____ (Farbar) C:\Users\Trudy2\Downloads\FRST64.exe
2014-10-04 16:14 - 2014-10-04 16:14 - 00043504 _____ () C:\Users\Trudy2\Downloads\Extras.Txt
2014-10-04 16:12 - 2014-10-04 16:12 - 00083684 _____ () C:\Users\Trudy2\Downloads\OTL.Txt
2014-10-04 15:53 - 2014-10-04 15:53 - 00602112 _____ (OldTimer Tools) C:\Users\Trudy2\Downloads\OTL.exe
2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\Program Files\Classic Shell
2014-10-04 15:37 - 2014-10-05 20:59 - 00041289 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 15:11 - 2014-10-04 15:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\SUPERAntiSpyware.com
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-04 15:10 - 2014-10-04 15:10 - 19631472 _____ (SUPERAntiSpyware) C:\Users\Trudy2\Downloads\SAS_47224.EXE
2014-10-04 14:43 - 2014-10-04 14:43 - 00001304 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2014-10-04 14:42 - 2014-10-04 14:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-04 14:42 - 2014-10-04 14:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-10-04 14:32 - 2014-10-04 14:32 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-10-04 14:31 - 2014-10-04 14:31 - 02178048 _____ (Reason Software Company Inc.) C:\Users\Trudy2\Downloads\ShouldIRemoveIt_Setup.exe
2014-10-04 14:24 - 2014-10-04 14:24 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-10-04 14:23 - 2014-10-04 14:23 - 02365840 _____ () C:\Users\Trudy2\Downloads\SecurityTaskManager_Setup.exe
2014-10-04 13:06 - 2014-10-04 13:06 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-04 13:06 - 2014-10-04 13:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-03 18:43 - 2014-10-03 18:44 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Mozilla
2014-10-03 18:43 - 2014-10-03 18:44 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\Mozilla
2014-10-03 18:43 - 2014-10-03 18:43 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 18:32 - 2014-10-03 18:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\AVG2015
2014-10-03 18:31 - 2014-10-03 18:32 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ___HD () C:\$AVG
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\TuneUp Software
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-03 18:30 - 2014-10-03 18:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-03 18:27 - 2014-10-05 14:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-03 18:27 - 2014-10-04 13:19 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\Avg2015
2014-10-03 18:27 - 2014-10-03 18:27 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\MFAData
2014-10-03 14:38 - 2014-10-03 15:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:37 - 2014-10-03 14:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:37 - 2014-10-03 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 13:49 - 2014-10-04 16:24 - 00000000 ____D () C:\Users\Trudy2\Desktop\DeesTools
2014-10-01 19:55 - 2014-10-01 19:56 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (2).flv
2014-10-01 19:55 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (3).flv
2014-10-01 19:55 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (1).flv
2014-10-01 19:54 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1.flv
2014-09-28 14:34 - 2014-09-28 14:34 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\AstroArcade
2014-09-28 14:33 - 2014-10-03 19:25 - 00000000 ____D () C:\Program Files (x86)\Yahoo Browser Settings
2014-09-28 14:32 - 2014-10-04 15:35 - 00000000 ____D () C:\ProgramData\FYluKfYOX
2014-09-28 14:32 - 2014-10-03 18:00 - 00000000 ____D () C:\ProgramData\AstroArcade
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPlayer
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPlayer
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Program Files (x86)\MPlayer 1.0rc2
2014-09-22 20:35 - 2014-08-09 04:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-22 20:35 - 2014-08-09 04:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-22 14:26 - 2014-08-20 19:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-22 14:26 - 2014-08-20 13:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-22 14:26 - 2014-08-20 13:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-22 14:26 - 2014-08-20 13:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 14:26 - 2014-08-20 13:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-22 14:26 - 2014-08-20 13:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 14:26 - 2014-06-24 03:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-22 14:26 - 2014-06-24 02:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-22 14:26 - 2014-06-24 02:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-22 14:26 - 2014-06-24 02:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-22 14:26 - 2014-06-24 02:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-22 14:26 - 2014-06-24 00:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-22 14:26 - 2014-06-24 00:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-22 14:26 - 2014-06-24 00:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:50 - 2014-08-16 05:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:50 - 2014-08-16 05:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:50 - 2014-08-16 05:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:50 - 2014-08-16 03:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:50 - 2014-08-16 03:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:50 - 2014-08-16 03:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:50 - 2014-03-06 20:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:50 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-12 03:50 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-12 03:50 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:50 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:50 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:50 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-12 03:50 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:50 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-12 03:50 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:50 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:50 - 2012-07-25 23:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:49 - 2014-08-16 05:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:48 - 2014-08-16 03:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:37 - 2014-08-28 07:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 03:37 - 2014-08-28 02:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-12 03:37 - 2014-08-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 03:37 - 2014-08-28 02:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-12 03:37 - 2014-07-31 19:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-12 03:36 - 2014-09-04 18:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 03:36 - 2014-09-02 21:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 03:36 - 2014-06-04 21:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-12 03:36 - 2014-06-03 19:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-12 03:35 - 2014-07-23 23:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-12 03:35 - 2014-07-23 23:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 21:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-05 20:59 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-05 20:58 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-05 20:43 - 2014-09-01 23:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D233ABE-9F1E-4A8F-B1D4-B11F5DB84BAF}
2014-10-05 20:25 - 2012-07-26 03:28 - 00803370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-05 20:24 - 2014-08-12 15:33 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\ClassicShell
2014-10-04 16:28 - 2014-07-24 22:52 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1640894672-1411345100-1642154565-1001
2014-10-04 13:11 - 2014-07-24 22:45 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\VirtualStore
2014-10-04 13:08 - 2014-07-21 14:57 - 00000000 ____D () C:\Windows\Panther
2014-10-03 20:00 - 2014-08-12 15:41 - 00000000 ____D () C:\Users\Trudy2\AbiSuite
2014-10-03 19:03 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-03 18:56 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\security
2014-10-03 18:36 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-03 18:31 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-03 15:21 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 13:33 - 2014-08-12 15:49 - 00002012 _____ () C:\Users\Trudy2\Desktop\Internet Explorer (2).lnk
2014-10-03 13:33 - 2014-07-24 22:46 - 00002042 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 13:32 - 2014-08-12 15:48 - 00002042 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (2).lnk
2014-09-27 12:10 - 2014-08-12 15:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 11:21 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-09-24 00:15 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-24 00:15 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-22 02:42 - 2014-07-30 00:00 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 01:13 - 2014-08-07 15:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 01:12 - 2014-07-30 00:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 01:10 - 2014-07-30 00:24 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 23:09 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent

Some content of TEMP:
====================
C:\Users\Trudy2\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-28 09:39

==================== End Of Log ============================

I was so glad to see you so soon. I can't thank you enough.

#9
pystryker

Posted 05 October 2014 - 09:06 PM

Trusted Helper

Malware Removal
3,912 posts

I was so glad to see you so soon. I can't thank you enough.

Let's run some scans for any remnants that may be floating around.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.

Step 2: Scan with ESET Online Scanner

Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->

Select the option YES, I accept the Terms of Use then click on Start
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked.
Make sure that the option Scan archives is checked.
Now click on Advanced Settings and select the following:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on Start
The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
Now click on Finish
Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Step 3: SecurityCheck Scan

Download Security Check

by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need to see in your next post:

ESET Scan Log
MBAM Log
SecurityCheck Log

#10
Ozzette53

Posted 06 October 2014 - 06:34 PM

Member

Topic Starter
Member
28 posts

MBAM Log: nothing found

Malwarebytes Anti-Malware
www.malwarebytes.org

Update, 10/6/2014 6:39:00 PM, SYSTEM, TRUDY, Manual, Malware Database, 2014.10.3.5, 2014.10.6.10,

(end)

ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d5383480a781204a9919806bf9f08fe8
# engine=20472
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-07 12:21:08
# local_time=2014-10-06 08:21:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 16942157 0 0
# scanned=73138
# found=4
# cleaned=0
# scan_time=1673
sh=9B7C672CEDF524BB5158D1F57651E2B4E075E6E5 ft=1 fh=bce35440acf07787 vn="a variant of MSIL/Adware.PullUpdate.F application" ac=I fn="C:\ProgramData\FYluKfYOX\dat\bVpMtYKKTF.dll"
sh=FC2F6B84AA00A3B035B2C8F7346FC2E1E7754789 ft=1 fh=1e1e61a5f922e415 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\ProgramData\FYluKfYOX\dat\NVUEbe.dll"
sh=9B7C672CEDF524BB5158D1F57651E2B4E075E6E5 ft=1 fh=bce35440acf07787 vn="a variant of MSIL/Adware.PullUpdate.F application" ac=I fn="C:\Users\All Users\FYluKfYOX\dat\bVpMtYKKTF.dll"
sh=FC2F6B84AA00A3B035B2C8F7346FC2E1E7754789 ft=1 fh=1e1e61a5f922e415 vn="a variant of MSIL/Adware.PullUpdate.C application" ac=I fn="C:\Users\All Users\FYluKfYOX\dat\NVUEbe.dll"

Checkup Log:

Results of screen317's Security Check version 0.99.88
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2015
Windows Defender
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

ozzette

#11
pystryker

Posted 06 October 2014 - 07:10 PM

Trusted Helper

Malware Removal
3,912 posts

Very good

A few items to remove and then we'll have some tidying up to do.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

Start
C:\ProgramData\FYluKfYOX
C:\Users\All Users\FYluKfYOX
End

#12
Ozzette53

Posted 07 October 2014 - 12:59 PM

Member

Topic Starter
Member
28 posts

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Trudy2 at 2014-10-07 14:58:38 Run:2
Running from C:\Users\Trudy2\Desktop
Loaded Profile: Trudy2 (Available profiles: Trudy2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
    Start
    C:\ProgramData\FYluKfYOX
    C:\Users\All Users\FYluKfYOX
    End
*****************

C:\ProgramData\FYluKfYOX => Moved successfully.
"C:\Users\All Users\FYluKfYOX" => File/Directory not found.

==== End of Fixlog ====

#13
pystryker

Posted 07 October 2014 - 09:13 PM

Trusted Helper

Malware Removal
3,912 posts

Hello

Great news, your logs are CLEAN! :thumbsup:

but we still have a few things we need to address namely:
[list]

I need to remove the tools we installed on your machine.
I also have some tips and information to help reduce your chances of infection.
We also have some programs on your machine that need updating to help protect you in the future.

Step 1: Tool Removal with Delfix and Creation of a clean restore point
Download Delfix from here
Ensure Remove disinfection tools is ticked
Also tick:
Create registry backup
Purge system restore
Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can uninstall ESET Online Scanner at this time.

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Step 2: Anti-Virus Update and Installtion of FileHippo

Your anti-virus is currently out of date, please update it. Also, I'd run a full system scan at least once a week.

Keeping your software updated

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Step 3: Tips, Information and Optional Installation of Uncheck

Do not use P2P programs as the files are almost always infected with malware to some degree or another.

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read How did I get infected in the first place?

Installation of Unchecky
This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

Then click Finish

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Things I need to see in your next post:

Delfix Log

#14
Ozzette53

Posted 09 October 2014 - 05:26 PM

Member

Topic Starter
Member
28 posts

Delfix Log:

# DelFix v10.8 - Logfile created 09/10/2014 at 19:18:20
# Updated 29/07/2014 by Xplode
# Username : Trudy2 - TRUDY
# Operating System : Windows 8 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Trudy2\Desktop\FRST-OlderVersion
Deleted : C:\Users\Trudy2\Desktop\Addition.txt
Deleted : C:\Users\Trudy2\Desktop\AdwCleaner.exe
Deleted : C:\Users\Trudy2\Desktop\aswmbr.exe
Deleted : C:\Users\Trudy2\Desktop\aswMBR.txt
Deleted : C:\Users\Trudy2\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Trudy2\Desktop\Fixlog.txt
Deleted : C:\Users\Trudy2\Desktop\FRST.txt
Deleted : C:\Users\Trudy2\Desktop\FRST64.exe
Deleted : C:\Users\Trudy2\Desktop\JRT.exe
Deleted : C:\Users\Trudy2\Desktop\JRT.txt
Deleted : C:\Users\Trudy2\Desktop\log.txt
Deleted : C:\Users\Trudy2\Desktop\MBR.dat
Deleted : C:\Users\Trudy2\Desktop\SecurityCheck.exe
Deleted : C:\Users\Trudy2\Downloads\Addition.txt
Deleted : C:\Users\Trudy2\Downloads\Extras.Txt
Deleted : C:\Users\Trudy2\Downloads\FRST.txt
Deleted : C:\Users\Trudy2\Downloads\FRST64.exe
Deleted : C:\Users\Trudy2\Downloads\OTL.Txt
Deleted : C:\Users\Trudy2\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #11 [Windows Update | 09/23/2014 16:39:16]
Deleted : RP #12 [Windows Modules Installer | 09/28/2014 18:32:09]
Deleted : RP #13 [Removed Uninstall Helper | 10/03/2014 17:39:49]
Deleted : RP #14 [Installed Should I Remove It | 10/04/2014 18:31:45]

New restore point created !

########## - EOF - ##########

FileHippo recommended the FileHippo App Program. I did that. My reasoning is this is Windows 8 and it is full of apps. Did I do the right thing or should I go back to the previous version?

I have one more problem and I don't know if you can help me with it. I don't seem to receiving all my updates. I let someone else install the classic shell. Now, when I try to click on the Add Windows Features it says it needs a product key. I do not have the paper work, it is not on the puter and this issue is very concerning to me. I don't understand why this computer wants a product key for Windows Features. I am worried about this. I don't know if it is that way with Windows 8 or something was done when the classic shell was installed. Any ideas or anywhere I can post about this. I will continue to search for an answer, but in the meantime I thought I would throw it out there. Thanks so much.

This doesn't look good. I am afraid I am going to have to use system recovery and start from scratch. Unless I can figure out how to find my product key. With Windows 7 you certainly do not need your product key to install updates. When I try it causes serious problems. It crashes, in fact it crashed 3 times in a row, then attempted to fix the Windows update error and couldn't. I hate to have wasted your time with this. I am so sorry.

Edited by Ozzette53, 09 October 2014 - 06:52 PM.

#15
pystryker

Posted 09 October 2014 - 06:52 PM

Trusted Helper

Malware Removal
3,912 posts

FileHippo recommended the FileHippo App Program. I did that. My reasoning is this is Windows 8 and it is full of apps. Did I do the right thing or should I go back to the previous version?

That should be sufficient.

I have one more problem and I don't know if you can help me with it. I don't seem to receiving all my updates. I let someone else install the classic shell. Now, when I try to click on the Add Windows Features it says it needs a product key. I do not have the paper work, it is not on the puter and this issue is very concerning to me. I don't understand why this computer wants a product key for Windows Features. I am worried about this. I don't know if it is that way with Windows 8 or something was done when the classic shell was installed. Any ideas or anywhere I can post about this. I will continue to search for an answer, but in the meantime I thought I would throw it out there. Thanks so much.

That's a bit out of my area, but click the link below and that will take you to the Windows 8 forum. They should be able to help you with that issue there. :thumbsup:

http://www.geekstogo.../188-windows-8/

And you're quite welcome.