Hello! I hope I did these ok. At first I was saving Farbers scan and of course they were going into downloads. So I went into the options and changed to "save to desktop" and redownloaded and ran it again, only I checked the additions box so I would get that log. Then when I worked with the aswMBR I downloaded the AVAST definitions but it never gave me an option to scan. Looking at your example, I believe I got what you wanted, but I scanned again and got the MBR.dat. I am including only the logs you requested. If I have done anything wrong, please let me know. I did my best. I have an AA degree in comp sci from 1995, LOL, but have been on my own puter since and have been using GTG for at least 15 years, I think. I don't mean to sound in anyway to brag, just want to let you know I am familiar with my PCs. Please do not think I will do anything you don't tell me to do, or change anything unless it seems extremely logical to me... as in the small problems I had today. I will let you know exactly what I do, just like I did today.
Farber Scan Logs:
FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Trudy2 (administrator) on TRUDY on 05-10-2014 18:08:20
Running from C:\Users\Trudy2\Desktop
Loaded Profile: Trudy2 (Available profiles: Trudy2)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1640894672-1411345100-1642154565-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
HKU\S-1-5-21-1640894672-1411345100-1642154565-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC795DB396FB2CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 207.255.0.43 207.255.0.45
FireFox:
========
FF ProfilePath: C:\Users\Trudy2\AppData\Roaming\Mozilla\Firefox\Profiles\4ycy5xti.default
FF Homepage: https://www.google.com/
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080 2014-06-15] (Kaspersky Lab ZAO)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [215040 2013-09-24] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [273176 2014-07-18] (AVG Technologies CZ, s.r.o.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290520 2013-10-24] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-08-06] (Hewlett-Packard Development Company, L.P.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-05 18:08 - 2014-10-05 18:08 - 00008952 _____ () C:\Users\Trudy2\Desktop\FRST.txt
2014-10-05 18:06 - 2014-10-05 18:06 - 02109440 _____ (Farbar) C:\Users\Trudy2\Desktop\FRST64.exe
2014-10-05 17:58 - 2014-10-05 17:59 - 00018724 _____ () C:\Users\Trudy2\Downloads\Addition.txt
2014-10-05 17:56 - 2014-10-05 17:59 - 00028602 _____ () C:\Users\Trudy2\Downloads\FRST.txt
2014-10-05 17:52 - 2014-10-05 18:08 - 00000000 ____D () C:\FRST
2014-10-05 17:52 - 2014-10-05 17:52 - 02109440 _____ (Farbar) C:\Users\Trudy2\Downloads\FRST64.exe
2014-10-04 16:14 - 2014-10-04 16:14 - 00043504 _____ () C:\Users\Trudy2\Downloads\Extras.Txt
2014-10-04 16:12 - 2014-10-04 16:12 - 00083684 _____ () C:\Users\Trudy2\Downloads\OTL.Txt
2014-10-04 15:53 - 2014-10-04 15:53 - 00602112 _____ (OldTimer Tools) C:\Users\Trudy2\Downloads\OTL.exe
2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2014-10-04 15:48 - 2014-10-04 15:48 - 00000000 ____D () C:\Program Files\Classic Shell
2014-10-04 15:37 - 2014-10-05 14:14 - 00034653 _____ () C:\Windows\WindowsUpdate.log
2014-10-04 15:11 - 2014-10-04 15:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\SUPERAntiSpyware.com
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-04 15:10 - 2014-10-04 15:10 - 19631472 _____ (SUPERAntiSpyware) C:\Users\Trudy2\Downloads\SAS_47224.EXE
2014-10-04 14:43 - 2014-10-04 14:43 - 00001304 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan.lnk
2014-10-04 14:42 - 2014-10-04 14:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-04 14:42 - 2014-10-04 14:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-10-04 14:32 - 2014-10-04 14:32 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-10-04 14:31 - 2014-10-04 14:31 - 02178048 _____ (Reason Software Company Inc.) C:\Users\Trudy2\Downloads\ShouldIRemoveIt_Setup.exe
2014-10-04 14:24 - 2014-10-04 14:26 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-10-04 14:24 - 2014-10-04 14:24 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-10-04 14:23 - 2014-10-04 14:23 - 02365840 _____ () C:\Users\Trudy2\Downloads\SecurityTaskManager_Setup.exe
2014-10-04 13:06 - 2014-10-04 13:06 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-04 13:06 - 2014-10-04 13:06 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-03 18:43 - 2014-10-03 18:44 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Mozilla
2014-10-03 18:43 - 2014-10-03 18:44 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\Mozilla
2014-10-03 18:43 - 2014-10-03 18:43 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\ProgramData\Mozilla
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-03 18:43 - 2014-10-03 18:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-03 18:32 - 2014-10-03 18:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\AVG2015
2014-10-03 18:31 - 2014-10-03 18:32 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ___HD () C:\$AVG
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\TuneUp Software
2014-10-03 18:31 - 2014-10-03 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-03 18:30 - 2014-10-03 18:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-03 18:27 - 2014-10-05 14:11 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-03 18:27 - 2014-10-04 13:19 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\Avg2015
2014-10-03 18:27 - 2014-10-03 18:27 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\MFAData
2014-10-03 14:38 - 2014-10-03 15:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-03 14:37 - 2014-10-03 14:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-03 14:37 - 2014-10-03 14:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-03 14:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-03 14:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-03 14:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-03 13:49 - 2014-10-04 16:24 - 00000000 ____D () C:\Users\Trudy2\Desktop\DeesTools
2014-10-01 19:55 - 2014-10-01 19:56 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (2).flv
2014-10-01 19:55 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (3).flv
2014-10-01 19:55 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1 (1).flv
2014-10-01 19:54 - 2014-10-01 19:55 - 06016073 _____ () C:\Users\Trudy2\Downloads\03000201004B5F310A283102ECEE3D743FB345-CC13-878D-1953-99B110258BF1.flv
2014-09-29 15:51 - 2014-09-29 15:51 - 00000000 ____D () C:\ProgramData\Browser
2014-09-28 14:34 - 2014-09-28 14:34 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\AstroArcade
2014-09-28 14:33 - 2014-10-03 19:25 - 00000000 ____D () C:\Program Files (x86)\Yahoo Browser Settings
2014-09-28 14:32 - 2014-10-04 15:35 - 00000000 ____D () C:\ProgramData\FYluKfYOX
2014-09-28 14:32 - 2014-10-04 14:32 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-09-28 14:32 - 2014-10-03 18:00 - 00000000 ____D () C:\ProgramData\AstroArcade
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPlayer
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeParlor
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Yahoo! Companion
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPlayer
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-09-28 14:32 - 2014-09-28 14:32 - 00000000 ____D () C:\Program Files (x86)\MPlayer 1.0rc2
2014-09-22 20:35 - 2014-08-09 04:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-09-22 20:35 - 2014-08-09 04:29 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll
2014-09-22 14:26 - 2014-08-20 19:40 - 00732880 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-09-22 14:26 - 2014-08-20 13:05 - 00694784 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-22 14:26 - 2014-08-20 13:05 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-09-22 14:26 - 2014-08-20 13:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 14:26 - 2014-08-20 13:02 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-22 14:26 - 2014-08-20 13:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-22 14:26 - 2014-06-24 03:35 - 00010450 _____ () C:\Windows\system32\autoconfig.cab
2014-09-22 14:26 - 2014-06-24 02:41 - 10115584 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-22 14:26 - 2014-06-24 02:40 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2014-09-22 14:26 - 2014-06-24 02:39 - 02307072 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-22 14:26 - 2014-06-24 02:39 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-22 14:26 - 2014-06-24 00:08 - 08858624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-22 14:26 - 2014-06-24 00:06 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-22 14:26 - 2014-06-24 00:06 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-12 03:50 - 2014-08-16 05:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 03:50 - 2014-08-16 05:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 03:50 - 2014-08-16 05:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 03:50 - 2014-08-16 05:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 03:50 - 2014-08-16 05:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 03:50 - 2014-08-16 03:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-12 03:50 - 2014-08-16 03:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-12 03:50 - 2014-08-16 03:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-12 03:50 - 2014-08-16 03:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-12 03:50 - 2014-03-06 20:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-12 03:50 - 2013-05-15 18:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-12 03:50 - 2013-05-15 18:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-12 03:50 - 2013-05-14 09:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 03:50 - 2013-05-14 05:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-12 03:50 - 2013-02-21 06:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-12 03:50 - 2013-02-21 06:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-12 03:50 - 2013-02-21 06:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-12 03:50 - 2013-02-21 06:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 03:50 - 2013-02-19 05:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-12 03:50 - 2012-11-08 00:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 03:50 - 2012-11-08 00:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 03:50 - 2012-07-25 23:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 03:49 - 2014-08-16 05:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 03:48 - 2014-08-16 03:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-12 03:37 - 2014-08-28 07:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-12 03:37 - 2014-08-28 02:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-12 03:37 - 2014-08-28 02:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-12 03:37 - 2014-08-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-12 03:37 - 2014-08-28 02:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-12 03:37 - 2014-08-28 02:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-12 03:37 - 2014-07-31 19:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-12 03:36 - 2014-09-04 18:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 03:36 - 2014-09-02 21:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 03:36 - 2014-06-04 21:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-12 03:36 - 2014-06-03 19:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-12 03:35 - 2014-07-23 23:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-12 03:35 - 2014-07-23 23:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-05 18:00 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\sru
2014-10-05 14:06 - 2014-09-01 23:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4D233ABE-9F1E-4A8F-B1D4-B11F5DB84BAF}
2014-10-04 23:47 - 2014-08-12 15:33 - 00000000 ____D () C:\Users\Trudy2\AppData\Roaming\ClassicShell
2014-10-04 16:34 - 2012-07-26 03:28 - 00803370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-04 16:30 - 2012-07-26 03:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-04 16:29 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-10-04 16:28 - 2014-07-24 22:52 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1640894672-1411345100-1642154565-1001
2014-10-04 13:11 - 2014-07-24 22:45 - 00000000 ____D () C:\Users\Trudy2\AppData\Local\VirtualStore
2014-10-04 13:08 - 2014-07-21 14:57 - 00000000 ____D () C:\Windows\Panther
2014-10-03 20:00 - 2014-08-12 15:41 - 00000000 ____D () C:\Users\Trudy2\AbiSuite
2014-10-03 19:03 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-10-03 18:56 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\security
2014-10-03 18:36 - 2012-07-26 01:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-03 18:31 - 2012-07-26 04:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-10-03 15:21 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-03 13:33 - 2014-08-12 15:49 - 00002012 _____ () C:\Users\Trudy2\Desktop\Internet Explorer (2).lnk
2014-10-03 13:33 - 2014-07-24 22:46 - 00002042 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-03 13:32 - 2014-08-12 15:48 - 00002042 _____ () C:\Users\Trudy2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (2).lnk
2014-09-27 12:10 - 2014-08-12 15:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-24 11:21 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\rescache
2014-09-24 00:15 - 2012-07-26 04:12 - 00000000 ___RD () C:\Windows\ToastData
2014-09-24 00:15 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\WinStore
2014-09-22 02:42 - 2014-07-30 00:00 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-13 01:13 - 2014-08-07 15:11 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-13 01:12 - 2014-07-30 00:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 01:10 - 2014-07-30 00:24 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 23:09 - 2012-07-26 04:12 - 00000000 ____D () C:\Windows\AUInstallAgent
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-28 09:39
==================== End Of Log ============================
Addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Trudy2 at 2014-10-05 18:09:58
Running from C:\Users\Trudy2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AbiWord 2.8.6 (HKLM-x32\...\AbiWord2) (Version: 2.8.6 - AbiSource Developers)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4176 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C4}) (Version: 12.0.1.881 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.881 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MPlayer (remove only) (HKLM-x32\...\MPlayer) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.6.1.3 - Synaptics Incorporated)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
19-09-2014 14:44:42 Scheduled Checkpoint
23-09-2014 16:39:16 Windows Update
28-09-2014 18:32:09 Windows Modules Installer
03-10-2014 17:39:49 Removed Uninstall Helper
04-10-2014 18:31:45 Installed Should I Remove It
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {173CA941-0FD6-4043-BB06-DF699D9A2699} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-13] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {47962D48-D16F-4292-929C-26220FEC3503} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-16] (Synaptics Incorporated)
Task: {968F167C-3AA6-497A-AACE-17159992EEE3} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-11-04] (Realtek Semiconductor)
Task: {9CBE252F-396D-45A3-9975-8F9C675A70FE} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\Windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C40B4661-E466-472A-9F97-BFC390D8F7CF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
==================== Loaded Modules (whitelisted) =============
2012-07-26 03:58 - 2012-07-26 03:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKCU\...\StartupApproved\Run: => "KSS"
HKCU\...\StartupApproved\Run: => "SUPERAntiSpyware"
========================= Accounts: ==========================
Administrator (S-1-5-21-1640894672-1411345100-1642154565-500 - Administrator - Disabled)
Guest (S-1-5-21-1640894672-1411345100-1642154565-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1640894672-1411345100-1642154565-1003 - Limited - Enabled)
Trudy2 (S-1-5-21-1640894672-1411345100-1642154565-1001 - Administrator - Enabled) => C:\Users\Trudy2
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/04/2014 03:04:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 4448
Start Time: 01cfe0052f507512
Termination Time: 55
Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Report Id: 43e6d7b0-4bf9-11e4-be7f-84349794460b
Faulting package full name:
Faulting package-relative application ID:
Error: (10/04/2014 02:46:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db
Faulting module name: avgwsc.exe, version: 15.0.0.5315, time stamp: 0x5409c7db
Exception code: 0xc0000005
Fault offset: 0x0002aba5
Faulting process id: 0x81d8
Faulting application start time: 0xavgwsc.exe0
Faulting application path: avgwsc.exe1
Faulting module path: avgwsc.exe2
Report Id: avgwsc.exe3
Faulting package full name: avgwsc.exe4
Faulting package-relative application ID: avgwsc.exe5
Error: (10/04/2014 02:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShouldIRemoveIt.exe, version: 1.0.4.30407, time stamp: 0x54078dde
Faulting module name: LSASRV.dll, version: 6.2.9200.17013, time stamp: 0x53867ce8
Exception code: 0xc0000005
Fault offset: 0x0000000000051e28
Faulting process id: 0x62d8
Faulting application start time: 0xShouldIRemoveIt.exe0
Faulting application path: ShouldIRemoveIt.exe1
Faulting module path: ShouldIRemoveIt.exe2
Report Id: ShouldIRemoveIt.exe3
Faulting package full name: ShouldIRemoveIt.exe4
Faulting package-relative application ID: ShouldIRemoveIt.exe5
Error: (09/30/2014 01:47:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.2.9200.16628, time stamp: 0x51a94434
Faulting module name: twinui.dll, version: 6.2.9200.17040, time stamp: 0x53a90fba
Exception code: 0xc0000005
Fault offset: 0x000000000010da56
Faulting process id: 0x6818
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
Error: (09/30/2014 01:40:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: db4
Start Time: 01cfdc70bfd5a47d
Termination Time: 47
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id: 3b8d087d-4864-11e4-be7a-2016d87e7db4
Faulting package full name:
Faulting package-relative application ID:
Error: (09/27/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
Error: (09/26/2014 09:58:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
Error: (09/26/2014 00:38:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
Error: (09/25/2014 11:20:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
Error: (09/25/2014 01:07:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
System errors:
=============
Error: (10/04/2014 03:43:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
Error: (10/04/2014 03:43:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/04/2014 03:40:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Security Scan Service service, but this action failed with the following error:
%%1056
Error: (10/04/2014 03:40:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Kaspersky Security Scan Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (10/03/2014 03:18:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:52:08 PM on 10/3/2014 was unexpected.
Error: (10/01/2014 08:16:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the YsDyWv service, but this action failed with the following error:
%%1056
Error: (10/01/2014 08:15:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The YsDyWv service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/01/2014 00:01:25 PM) (Source: DCOM) (EventID: 10016) (User: Trudy)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TrudyTrudy2S-1-5-21-1640894672-1411345100-1642154565-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (10/01/2014 00:01:25 PM) (Source: DCOM) (EventID: 10016) (User: Trudy)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TrudyTrudy2S-1-5-21-1640894672-1411345100-1642154565-1001LocalHost (Using LRPC)UnavailableUnavailable
Error: (10/01/2014 00:01:25 PM) (Source: DCOM) (EventID: 10016) (User: Trudy)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}TrudyTrudy2S-1-5-21-1640894672-1411345100-1642154565-1001LocalHost (Using LRPC)UnavailableUnavailable
Microsoft Office Sessions:
=========================
Error: (10/04/2014 03:04:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16537444801cfe0052f50751255C:\Program Files\Internet Explorer\IEXPLORE.EXE43e6d7b0-4bf9-11e4-be7f-84349794460b
Error: (10/04/2014 02:46:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: avgwsc.exe15.0.0.53155409c7dbavgwsc.exe15.0.0.53155409c7dbc00000050002aba581d801cfe003933db020C:\Program Files (x86)\AVG\AVG2015\avgwsc.exeC:\Program Files (x86)\AVG\AVG2015\avgwsc.exed23d132f-4bf6-11e4-be7f-84349794460b
Error: (10/04/2014 02:33:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShouldIRemoveIt.exe1.0.4.3040754078ddeLSASRV.dll6.2.9200.1701353867ce8c00000050000000000051e2862d801cfe0019a8f7c0dC:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exeC:\Windows\SYSTEM32\LSASRV.dlle6641c49-4bf4-11e4-be7f-84349794460b
Error: (09/30/2014 01:47:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.2.9200.1662851a94434twinui.dll6.2.9200.1704053a90fbac0000005000000000010da56681801cfdc71f0915caaC:\Windows\Explorer.EXEC:\Windows\System32\twinui.dll3297ee0c-4865-11e4-be7a-2016d87e7db4
Error: (09/30/2014 01:40:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16537db401cfdc70bfd5a47d47C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE3b8d087d-4864-11e4-be7a-2016d87e7db4
Error: (09/27/2014 00:09:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/26/2014 09:58:22 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/26/2014 00:38:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/25/2014 11:20:40 PM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/25/2014 01:07:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: Trudy)
Description: Adobe Reader XI (11.0.08){AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon HD Graphics
Percentage of memory in use: 28%
Total physical RAM: 3682.27 MB
Available physical RAM: 2643.18 MB
Total Pagefile: 4322.27 MB
Available Pagefile: 2969.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:595.66 GB) (Free:570.61 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
aswMBR Log:
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-05 18:16:42
-----------------------------
18:16:42.598 OS Version: Windows x64 6.2.9200
18:16:42.613 Number of processors: 2 586 0x200
18:16:42.613 ComputerName: TRUDY UserName:
18:16:46.950 Initialize success
18:16:47.512 VM: initialized successfully
18:16:47.528 VM: Amd CPU BiosDisabled
18:16:50.101 VM: supported disk I/O storport.sys
18:20:11.673 AVAST engine defs: 14100501
18:20:14.918 The log file has been saved successfully to "C:\Users\Trudy2\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-10-05 18:16:42
-----------------------------
18:16:42.598 OS Version: Windows x64 6.2.9200
18:16:42.613 Number of processors: 2 586 0x200
18:16:42.613 ComputerName: TRUDY UserName:
18:16:46.950 Initialize success
18:16:47.512 VM: initialized successfully
18:16:47.528 VM: Amd CPU BiosDisabled
18:16:50.101 VM: supported disk I/O storport.sys
18:20:11.673 AVAST engine defs: 14100501
18:20:14.918 The log file has been saved successfully to "C:\Users\Trudy2\Desktop\aswMBR.txt"
18:20:26.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033
18:20:26.491 Disk 0 Vendor: Hitachi_HTS547564A9E384 JEDOA60A Size: 610480MB BusType: 11
18:20:51.069 Disk 0 MBR read successfully
18:20:51.085 Disk 0 MBR scan
18:20:51.085 Disk 0 Windows 7 default MBR code
18:20:51.100 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
18:20:51.366 Disk 0 scanning C:\Windows\system32\drivers
18:21:09.400 Service scanning
18:21:51.412 Modules scanning
18:21:51.443 Disk 0 trace - called modules:
18:21:51.474 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
18:21:51.490 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004872430]
18:21:51.505 3 CLASSPNP.SYS[fffff8800141de0a] -> nt!IofCallDriver -> [0xfffffa8003f48040]
18:21:51.521 5 amd_xata.sys[fffff8800136e594] -> nt!IofCallDriver -> \Device\00000033[0xfffffa8003f931a0]
18:21:55.359 AVAST engine scan C:\Windows
18:22:02.847 AVAST engine scan C:\Windows\system32
18:26:03.281 AVAST engine scan C:\Windows\system32\drivers
18:26:27.945 AVAST engine scan C:\Users\Trudy2
18:31:52.468 AVAST engine scan C:\ProgramData
18:32:34.652 Scan finished successfully
18:33:02.796 Disk 0 MBR has been saved successfully to "C:\Users\Trudy2\Desktop\MBR.dat"
18:33:02.811 The log file has been saved successfully to "C:\Users\Trudy2\Desktop\aswMBR.txt"
As far as I can see, without reading every word, the 2 additions logs were the same. Sorry if I did something wrong. Also, as I am sure you know by now from my logs, but just in case, I am on Windows 8 64 with the classic shell (open source freeware for the Windows 7 home page... or desktop if you will). Thank you so much for your prompt reply and your experience and help!!!