PDA

View Full Version : AVG cannot remove Trojan horse



gin_jammer
2015-10-10, 01:23
AVG version 2015.0.6140 has detected "Trojan horse Generic36.BOKP" which it cannot remove from my laptop. Can you help?

FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
Ran by Ed (administrator) on ED-PC (09-10-2015 17:56:46)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\MountPoints2: {0c055248-2ff0-11e5-bcc9-806e6f6e6963} - D:\setup.EXE /AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-07-22]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 65.32.5.111 65.32.5.112

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toast.net/start
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

FireFox:
========
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 17:56 - 2015-10-09 17:57 - 00006752 _____ C:\Users\Ed\Desktop\FRST.txt
2015-10-09 17:54 - 2015-10-09 17:56 - 00000000 ____D C:\FRST
2015-10-09 17:53 - 2015-10-09 17:53 - 01698304 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2015-10-09 17:47 - 2015-10-09 17:47 - 00065999 _____ C:\Users\Ed\Desktop\farbar-recovery-scan-tool.htm
2015-10-09 17:45 - 2015-10-09 17:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ED-PC-Windows-7-Home-Premium-(32-bit).dat
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\RegBackup
2015-10-09 17:44 - 2015-10-09 17:44 - 00002188 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-09 17:44 - 2015-10-09 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-09 17:44 - 2015-10-09 17:44 - 00000000 ____D C:\Program Files\Tweaking.com
2015-10-09 17:41 - 2015-10-09 17:41 - 04687448 _____ (Tweaking.com) C:\Users\Ed\Desktop\tweaking.com_registry_backup_setup.exe
2015-10-05 14:15 - 2015-10-07 08:56 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-10-05 09:45 - 2015-10-05 09:44 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151005-094520.backup
2015-09-28 15:09 - 2015-09-28 15:09 - 00000000 ____D C:\Users\Ed\AppData\LocalLow\Temp
2015-09-17 12:35 - 2015-09-17 12:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-17 12:35 - 2015-09-17 12:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-09-17 12:34 - 2015-09-17 12:34 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg
2015-09-11 17:24 - 2015-09-11 17:24 - 01452382 _____ C:\Users\Ed\Documents\S&P 500.wmf
2015-09-09 10:30 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 10:30 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 10:29 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 10:29 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 10:29 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 10:29 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 10:29 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 10:29 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 10:29 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 10:29 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 10:29 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 10:29 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 10:29 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 10:29 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 10:29 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 10:29 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 10:29 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 10:29 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 10:29 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 10:29 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 10:29 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 10:29 - 2015-07-22 13:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 10:29 - 2015-07-22 13:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 10:29 - 2015-07-22 13:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 10:29 - 2015-07-22 13:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 10:29 - 2015-07-22 13:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 10:29 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 10:29 - 2015-07-22 13:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 10:29 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 10:29 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 10:29 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 10:29 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 10:29 - 2015-07-22 12:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 10:29 - 2015-07-22 12:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 10:29 - 2015-07-22 12:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 10:29 - 2015-07-22 12:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 10:29 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 10:29 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 10:29 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 10:29 - 2015-06-25 05:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 10:29 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 10:29 - 2015-06-25 05:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 10:01 - 2015-09-09 10:01 - 00000340 _____ C:\Windows\Tasks\0915avUpdateInfo.job
2015-09-09 10:01 - 2015-09-09 10:01 - 00000000 ____D C:\ProgramData\Avg_Update_0915av

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 17:20 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 17:20 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 17:14 - 2015-07-21 14:40 - 01828782 _____ C:\Windows\WindowsUpdate.log
2015-10-09 12:43 - 2015-07-21 16:09 - 00000000 ____D C:\ProgramData\MFAData
2015-10-09 08:25 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 08:25 - 2009-07-14 00:39 - 00050103 _____ C:\Windows\setupact.log
2015-10-08 17:22 - 2015-07-21 17:29 - 00240880 _____ C:\Windows\IE11_main.log
2015-10-08 06:59 - 2015-07-22 18:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 06:52 - 2015-08-10 16:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-29 09:54 - 2015-07-25 10:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-29 09:54 - 2015-07-25 10:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-17 12:35 - 2015-07-21 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-12 11:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-09-11 17:22 - 2015-09-01 14:00 - 00000000 ____D C:\TEMP
2015-09-10 16:05 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-10 15:37 - 2009-07-14 00:53 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-10 10:59 - 2010-11-20 17:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 00:01 - 2009-07-14 00:33 - 00278024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 00:00 - 2011-04-11 22:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 17:49 - 2015-07-21 15:43 - 00000000 ____D C:\Windows\system32\MRT

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-01 13:49

==================== End of FRST.txt ============================

Addition.txt follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by Ed (2015-10-09 17:57:22)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

22-09-2015 08:13:58 Windows Update
22-09-2015 08:46:55 Windows Update
22-09-2015 16:39:14 Windows Update
25-09-2015 11:05:28 Windows Update
26-09-2015 07:37:03 Windows Update
27-09-2015 14:28:20 Windows Update
27-09-2015 16:00:55 Windows Update
28-09-2015 16:29:44 Windows Update
29-09-2015 10:46:30 Windows Update
29-09-2015 16:05:50 Windows Update
01-10-2015 10:09:21 Windows Update
01-10-2015 11:15:29 Windows Update
01-10-2015 16:29:03 Windows Update
02-10-2015 11:15:56 Windows Update
02-10-2015 18:05:18 Windows Update
03-10-2015 21:30:50 Windows Update
05-10-2015 09:43:19 Windows Update
05-10-2015 10:40:51 Windows Update
05-10-2015 14:33:26 Windows Update
06-10-2015 15:24:48 Windows Update
06-10-2015 16:58:59 Windows Update
07-10-2015 21:39:55 Windows Update
08-10-2015 17:21:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2015-10-05 09:45 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E842815-25EC-4680-92FB-0323E671FFC9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {29224B2F-948C-4EC2-9AB0-A21C0304A29E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0915avUpdateInfo.job => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-16 20:11 - 2013-01-15 00:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-25 13:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-25 13:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-25 13:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15751 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61EA1F3F-8266-4D1B-B088-DE4F26244D3F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B24444F-1A9A-4A78-9645-5074030A84BA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{28B30718-FFF9-424B-AD86-5F0C708DD0F0}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{F71A4611-11D8-416D-81C9-7C6917234A6B}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{AAFD0C5F-5A83-46F6-A945-74C1B8E4D02F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DA1F11F0-6E6B-4606-83B7-70C813A2CB03}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3870632C-19C3-436D-9682-E6256DEEAE19}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{8433D890-7632-4CF1-84E4-E34346161D3D}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 09:02:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c34

Start Time: 01d1028da700905b

Termination Time: 109

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (10/09/2015 08:25:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2015 06:53:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2015 03:35:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 9.0.0.2717 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 698

Start Time: 01d1013742fa90c5

Termination Time: 0

Application Path: C:\Program Files\Microsoft Office\Office\WINWORD.EXE

Report Id: 934346e7-6d2a-11e5-bfc8-00226817a818

Error: (10/07/2015 08:11:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 05:51:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 01:24:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 09:10:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2015 09:00:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2015 04:36:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/09/2015 05:23:39 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MOONCHILD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0B48741.
The master browser is stopping or an election is being forced.

Error: (10/09/2015 02:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 02:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 02:34:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 02:34:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 12:51:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MOONCHILD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0B48741.
The master browser is stopping or an election is being forced.

Error: (10/09/2015 11:06:18 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MOONCHILD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0B48741.
The master browser is stopping or an election is being forced.

Error: (10/09/2015 08:26:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (10/09/2015 08:26:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/09/2015 08:25:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 56%
Total physical RAM: 1944.03 MB
Available physical RAM: 838.63 MB
Total Virtual: 3888.06 MB
Available Virtual: 2499.94 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:264.76 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

aswMBR follows:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-09 18:08:47
-----------------------------
18:08:47.000 OS Version: Windows 6.1.7601 Service Pack 1
18:08:47.000 Number of processors: 2 586 0x170A
18:08:47.000 ComputerName: ED-PC UserName: Ed
18:09:07.155 Initialize success
18:09:07.343 VM: initialized successfully
18:09:07.343 VM: Intel CPU BiosDisabled
18:10:43.493 AVAST engine defs: 15100900
18:11:58.108 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"

Regards,

Ed

Juliet
2015-10-10, 15:00
AVG version 2015.0.6140 has detected "Trojan horse Generic36.BOKP"
By chance, can you post the file/folder it says it detected this in?



~~~~

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes


~~~~~~~~~~~~~~~~~~~~~~``

http://i24.photobucket.com/albums/c30/ken545/MBAM%20Application_zps7zm0ftdm.png (http://s24.photobucket.com/user/ken545/media/MBAM%20Application_zps7zm0ftdm.png.html)

1. Open up Malwarebytes and you will be on the Dashboard
2. Click on the History Tab
3. Then click on Application Logs
4. Double click on the SCAN LOG (Not Protection Log ) you just ran
5. When it opens it will look like this



http://i24.photobucket.com/albums/c30/ken545/MBAM%20Export_zpsjbtttjun.jpg (http://s24.photobucket.com/user/ken545/media/MBAM%20Export_zpsjbtttjun.jpg.html)

6. Then click on Export
7. On the drop down list click on Copy to Clipboard
8. Then paste the log back into this thread

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.


~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~
please post
Malwarebytes log
AdwCleaner[CX].txt
JRT.txt

gin_jammer
2015-10-13, 00:38
AVG did not report which file Generic Trojan horse was detected in. Only reported: "access denied"

Following your instructions step by step, I had a few problems and didn't always get what I expected.

MBAM Scan Log follows:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/12/2015
Scan Time: 4:34 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.12.03
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304205
Time Elapsed: 5 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MindSpark, HKLM\SOFTWARE\HowToSimplified_8e, Quarantined, [878c1f375b301f17137dc8fa70949967],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

After AdwCleaner Scan, I got no option to click Report, so did not reboot at that point.

Ran JRT, and JRT.txt follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x86
Ran by Ed on Mon 10/12/2015 at 17:24:08.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\Tasks\0915avUpdateInfo.job



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Avg_Update_0915av





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/12/2015 at 17:28:21.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards,

Ed

Juliet
2015-10-13, 00:49
AVG did not report which file Generic Trojan horse was detected in. Only reported: "access denied"
This could be many things but, AVG is doing it's job which doesn't necessarily mean there is an infection.

Since running these tools has it shown an alert again?

See if you can locate this
AdwCleaner[CX].txt

if you find it copy and paste it in your next reply.

~~~~~~~
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

gin_jammer
2015-10-13, 23:46
I could not find AdwCleaner[CX].txt.

After my last post, I ran an AVG scan, and it found nothing. In disbelief, I ran it again, and it again found nothing. Does that mean my system is clean?

Should I now continue with your last instruction or not?

Regards,

Ed

Juliet
2015-10-14, 02:15
Should I now continue with your last instruction or not?
Yes, let's make sure it wasn't some sort of fluke.

gin_jammer
2015-10-18, 20:38
The ESET scan ran for 28 minutes, which surprised me since the last time I used ESET the scan ran for hours. It reported nothing. I ran another AVG scan, which also reported nothing.

Juliet
2015-10-18, 21:55
The ESET scan ran for 28 minutes, which surprised me since the last time I used ESET the scan ran for hours. It reported nothing. I ran another AVG scan, which also reported nothing.

The Eset scan surprises me too.

OK, let's watch it for a day or two, come back and give me an update. If all is still good we'll remove tools and quarantine folders.

Juliet
2015-10-30, 00:09
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.

Juliet
2015-11-11, 17:45
Topic re-opened.

Ed
Post the new logs here.

gin_jammer
2015-11-12, 10:08
FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Ed (administrator) on ED-PC (12-11-2015 02:52:14)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\MountPoints2: {0c055248-2ff0-11e5-bcc9-806e6f6e6963} - D:\setup.EXE /AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-07-22]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 65.32.5.111 65.32.5.112

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toast.net/start

FireFox:
========
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [156080 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [256432 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-08-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [192944 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 eapihdrv; \??\C:\Users\Ed\AppData\Local\Temp\ehdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 02:52 - 2015-11-12 02:52 - 00007537 _____ C:\Users\Ed\Desktop\FRST.txt
2015-11-12 02:47 - 2015-11-12 02:47 - 01702400 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2015-11-11 18:18 - 2015-11-11 18:18 - 00000000 ____D C:\New folder
2015-11-01 15:15 - 2015-11-01 15:15 - 00000340 _____ C:\Windows\Tasks\1015avUpdateInfo.job
2015-11-01 15:15 - 2015-11-01 15:15 - 00000000 ____D C:\ProgramData\Avg_Update_1015av
2015-10-24 10:55 - 2015-10-24 10:55 - 00000000 ____D C:\Users\Ed\AppData\Roaming\AVG
2015-10-24 10:51 - 2015-10-24 10:53 - 00000000 ____D C:\ProgramData\Avg
2015-10-24 10:40 - 2015-10-24 12:08 - 00000000 ____D C:\Users\Ed\AppData\Local\AvgSetupLog
2015-10-21 16:24 - 2015-10-21 16:24 - 00229296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-10-21 16:14 - 2015-10-21 16:14 - 00192944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-10-21 14:20 - 2015-11-12 02:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 08:06 - 2015-10-19 08:06 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-10-18 11:00 - 2015-10-18 11:00 - 00000000 ____D C:\Program Files\ESET
2015-10-15 08:04 - 2015-09-18 12:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 08:04 - 2015-09-18 12:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 08:04 - 2015-09-18 12:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 14:36 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-13 14:36 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 14:36 - 2015-09-28 22:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 14:36 - 2015-09-28 21:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 14:36 - 2015-09-28 21:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 14:36 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 14:36 - 2015-09-28 21:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 14:36 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 14:36 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 14:36 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 14:36 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 14:36 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 14:36 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 14:36 - 2015-09-28 20:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 14:36 - 2015-09-28 20:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 14:36 - 2015-09-28 20:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 14:36 - 2015-09-15 12:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 14:36 - 2015-09-15 12:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 14:36 - 2015-09-15 12:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 14:36 - 2015-09-15 12:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 14:36 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 14:35 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 14:35 - 2015-10-01 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 14:35 - 2015-09-25 12:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 14:35 - 2015-09-25 12:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 14:35 - 2015-09-25 12:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 14:35 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 14:35 - 2015-09-25 12:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 14:35 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 14:35 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 01:29 - 2015-10-13 01:29 - 00875720 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 02:52 - 2015-10-09 16:54 - 00000000 ____D C:\FRST
2015-11-12 02:48 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-12 02:48 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-12 02:47 - 2015-07-25 09:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-12 02:47 - 2015-07-25 09:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-12 02:42 - 2015-07-21 13:40 - 01750765 _____ C:\Windows\WindowsUpdate.log
2015-11-12 02:39 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 02:39 - 2009-07-13 23:39 - 00052903 _____ C:\Windows\setupact.log
2015-11-11 19:00 - 2015-07-21 14:43 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 18:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-11-11 18:57 - 2015-07-21 14:43 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 18:55 - 2015-07-21 16:29 - 00310080 _____ C:\Windows\IE11_main.log
2015-11-11 18:54 - 2010-11-20 16:01 - 00774004 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 18:52 - 2015-07-21 15:09 - 00000000 ____D C:\ProgramData\MFAData
2015-11-11 18:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-11-11 18:47 - 2015-07-25 12:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-11 18:47 - 2015-07-22 17:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-11 18:47 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Ed\Desktop\Unused Icons
2015-11-11 18:47 - 2015-07-21 13:41 - 00000000 ____D C:\Users\Ed
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ____D C:\Windows\ShellNew
2015-11-11 18:47 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-04 16:42 - 2015-07-21 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-04 16:41 - 2015-07-21 15:16 - 00000000 ___HD C:\$AVG
2015-11-04 16:40 - 2015-09-17 11:34 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg
2015-10-29 08:55 - 2015-07-22 08:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-24 12:32 - 2009-07-13 21:04 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151108-095805.backup
2015-10-24 10:57 - 2010-11-20 16:48 - 00088004 _____ C:\Windows\PFRO.log
2015-10-24 10:56 - 2015-07-21 15:14 - 00000000 ____D C:\Program Files\AVG
2015-10-24 10:55 - 2015-07-21 15:18 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-16 06:23 - 2015-07-21 14:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-16 06:23 - 2015-07-21 14:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-14 11:31 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-10-14 09:22 - 2015-09-01 13:00 - 00000000 ____D C:\TEMP

Some files in TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\avg-a015582c-1361-4525-b287-fa3a1a145370.exe
C:\Users\Ed\AppData\Local\Temp\avguirn_081829176199.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 09:57

==================== End of FRST.txt ============================

Addition.txt follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by Ed (2015-11-12 02:52:57)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4455 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

29-10-2015 15:34:20 Windows Update
30-10-2015 05:31:22 Windows Update
30-10-2015 06:03:07 Windows Update
01-11-2015 15:15:12 Windows Update
01-11-2015 17:19:13 Windows Update
02-11-2015 14:46:51 Windows Update
02-11-2015 16:09:06 Windows Update
02-11-2015 19:34:32 Windows Update
04-11-2015 16:37:13 Windows Update
05-11-2015 05:22:43 Windows Update
05-11-2015 10:55:25 Windows Update
05-11-2015 13:09:44 Windows Update
05-11-2015 16:39:49 Windows Update
05-11-2015 20:58:05 Windows Update
06-11-2015 11:14:03 Windows Update
08-11-2015 05:58:39 Windows Update
08-11-2015 11:39:16 Windows Update
09-11-2015 18:51:39 Windows Update
10-11-2015 12:40:19 Windows Update
11-11-2015 07:15:04 Windows Update
11-11-2015 18:44:58 Restore Operation
11-11-2015 18:52:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-11-08 09:58 - 00450771 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9F7842C1-875A-4B83-8AF5-FC70D5457E41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-16 19:11 - 2013-01-14 23:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-25 12:53 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-25 12:53 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-25 12:53 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-24 10:51 - 2015-10-24 10:40 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61EA1F3F-8266-4D1B-B088-DE4F26244D3F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B24444F-1A9A-4A78-9645-5074030A84BA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC8C4175-2F17-4693-B6D5-7CA81FDEA919}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{8C5147FC-B773-4348-849A-16B2304D8535}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E581DDF9-5119-4FE2-95B4-927D1E3890A2}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{4A26A062-57E2-432F-9DFC-519F92185DF3}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{281ED8C6-EF35-4F56-B20A-461CB176C0BE}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{0D6D5B17-7D80-483E-B67F-C648C3FBC5A1}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{A908C295-5AAF-4F2F-8AD1-D52A14EFEC60}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{49DE1C6F-8974-4C2D-A006-748022507B95}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2015 02:39:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 06:54:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xc48
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/11/2015 06:48:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 05:09:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 05:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x5609fdaf
Exception code: 0xc015000f
Fault offset: 0x0008433e
Faulting process id: 0xbd8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/11/2015 05:06:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xbd8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/11/2015 09:28:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 01:58:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 07:16:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2015 07:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB3107998).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3101246).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3092601).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3101746).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3101722).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3097877).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3081320).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3100213).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB3102810).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 59%
Total physical RAM: 1944.03 MB
Available physical RAM: 783.24 MB
Total Virtual: 3888.06 MB
Available Virtual: 2641.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:263.6 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Juliet
2015-11-12, 14:51
Looking over the logs I don't think this is related to malware but rather windows system errors.

I did find the update related to a few problems located below in the log you posted but, I think you were having problems before this was released for updates.
Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3097877).

And if I read it right, updates from yesterday all failed?



name="AplusWebMaster" post="872876" timestamp="1447320935"]
FYI...

MS15-115 / re-released ...
- https://technet.microsoft.com/library/security/MS15-115
V2.0 (November 11, 2015): Bulletin revised to inform customers running Windows 7 that the 3097877 update has been re-released to address an issue that caused crashes for some customers when they viewed certain emails. Customers who previously installed update 3097877 should -reinstall- the update to correct this known issue. See Microsoft Knowledge Base Article 3097877* for more information.

* https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/11/2015 22:26:00 - Rev: 2.0 - "... Issues in this security update: We are aware of reports of crashes in all supported versions of Microsoft Outlook that occur when users are reading certain emails after this update is installed..."


~~~~~~~~~~~~~~

Do all your USB Ports work ?

Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif



NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

gin_jammer
2015-11-12, 23:29
4 out of 15 Windows Updates failed on 11/11, however, today (11/12) they (plus one or two more) were successful.

I've tried my wireless keyboard and mouse on two USB ports, and on both they exhibit intermittent problems. For example, briefly keyboard/mouse is fine, then cursor suddenly won't move easily, or when a mouse button is pushed, it's as if nothing happened, or the mouse might act as if I were holding that button down (dragging/highlighting stuff I don't want to drag or highlight). :mad: When that starts, I can usually stop it with ESC on the laptop keyboard.

I'll try the next instructions you sent, and then report.

gin_jammer
2015-11-12, 23:32
Windows Update 3097877 successful.

Juliet
2015-11-12, 23:59
Did you try Windows Repair (all in one)?

Also, does your mouse require a battery?

gin_jammer
2015-11-13, 00:01
Tweaking.COM seriously recommends running Windows Repair in Safe Mode with Networking. You didn't mention that, so is it important?

gin_jammer
2015-11-13, 00:02
I'll put a new batty in Mouse just to make sure.

gin_jammer
2015-11-13, 00:04
Will wait to hear from you regarding Safe Mode before I run Windows Repair.

Juliet
2015-11-13, 00:37
I would think safe mode would be good since thats where less applications are likely to interfere.

gin_jammer
2015-11-16, 04:41
I'm not having success. I performed a Registry Backup, and then ran Windows Repair. It ran for 21.5 hours before I stopped it. I ran another Registry Backup, and then attempted Windows Repair again. This time, I got a pop-up saying Registry Backup either had error or failed.

Meanwhile, the sluggish mouse problem I originally reported is now not noticeable, however Windows Explorer restarts itself when I attempt to right-click on C: drive to look at Properties.

Juliet
2015-11-16, 12:41
well, glad the mouse got better then, seems like we jumped from one thing to another.

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow...
Below is a good tutorial
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html


NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt (http://www.bleepingcomputer.com/tutorials/tutorial167.html).Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'

You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.

~~~~~~~~~~~~~~~~~~~`

Please download MiniToolBox http://www.bleepingcomputer.com/download/minitoolbox/
save it to your desktop and run it.

Checkmark the following check-boxes:

Flush DNS
List last 10 Event Viewer log
List Installed Programs
List Devices
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

gin_jammer
2015-11-16, 14:07
With Elevated Command Prompt, ran sfc /scannow and got: Windows Resource Protection did not find any integrity violations.

Ran MiniToolBox and got MTB.txt (NOT Result.txt), which follows:

MiniToolBox by Farbar Version: 02-11-2015
Ran by Ed (administrator) on 16-11-2015 at 06:57:53
Running from "C:\Users\Ed\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Model: 2716WM5 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2015 06:10:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x1460
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/16/2015 06:09:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xa88
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/16/2015 06:09:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:26:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xcd4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:25:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xecc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:25:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xf64
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:24:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xca4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:24:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:19:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:15:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/16/2015 06:37:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:31:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:31:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:20:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:20:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:16:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:16:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (11/16/2015 06:10:07 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188146001d1205f4fcaa5c9C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll97de960c-8c52-11e5-bcb7-00226817a818

Error: (11/16/2015 06:09:37 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188a8801d1205f3284303bC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll85d4e6e9-8c52-11e5-bcb7-00226817a818

Error: (11/16/2015 06:09:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:26:04 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188cd401d1201613321317C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll62062a66-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:25:32 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188ecc01d120160cd1231bC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4ed7b1fb-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:25:21 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188f6401d12015fff61d96C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4871ff3f-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:24:57 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188ca401d12015ead4e9f9C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll3a5a62b6-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:24:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:19:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:15:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824161310}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AVG (HKLM\...\{8D70C10A-4314-4ED2-ABE8-23F45AE36F89}) (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{290CF037-215E-4A66-8CCC-31DCD7E0693F}) (Version: 16.0.4455 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FMW 1 (HKLM\...\{F1EA36EA-6E73-465A-BCCB-F758EFD165A2}) (Version: 1.22.2 - AVG Technologies) Hidden
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.6.3 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

========================= Devices: ================================

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&132DB2BD&0&04F0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&E89B380&0&18
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&132DB2BD&0&03F0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

Juliet
2015-11-16, 16:07
I want you to manually search for critical windows updates.

Go to and click on the Microsoft Orb, click on All Programs, then windows updates.
Let it scan and let's see if all critical updates have finished.

let me know.

I may have to send you to a tech forum to help with the Explorer crashes.

gin_jammer
2015-11-16, 17:15
Checked for Updates, and tried to install 1 Important Update. As usual, IE 11 failed to Install, which it's been doing for some time. However, when I open IE, it says it IS IE 11.

See Attachment.

Juliet
2015-11-16, 19:34
KB3097877
you manually uninstalled the above update correct?

There should had been a revised version ready to download and install afterwards?

Please run chkdsk /r

Chkdsk /r checks for bad sectors on the hdd and recovers any readable information.

Click on the Start orb and type in cmd in the Search programs and files box. When cmd is seen in Programs above the Search box right click on it, then click on Run as administrator.

Type in chkdsk c:/r then press Enter. Please notice the space between the chkdsk and the /r

You will receieve the message "CHKDSK cannot be run because it is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N>"

Type in Y and press Enter.

Restart your computer to start the scan.

This will take a while to run, please be patient and allow it to complete the scan.

reboot and post back here to let me know if anything improves.

gin_jammer
2015-11-17, 00:53
No, I have not manually uninstalled KB3097877. I'm unsure how to go about manually uninstalling an Update. Assuming I need to do that, can you get me started?

Juliet
2015-11-17, 01:09
yes
Go to the Microsoft ORB and click on that
Go to All Programs, then click on Windows Update.
A window should open, in the left pane you'll see where it says "View Update History"
Click on that, next when that window opens, look for see "Installed Updates", it then changes to yet another window. Let it load because it can take a couple of minutes.
Using the Scroll bar on the right, scroll down to where you see Microsoft Windows, locate Security update KB3097877 right click on that and follow the prompts.
It might take a reboot.

let me know how it goes.

gin_jammer
2015-11-17, 16:55
Manually removed Update KB3097877. Then, checked for new Updates and found two: KB3097877 and IE 11 (latter has been failing repeatedly for weeks even though IE says it's already IE 11).

Installed Updates, and only KB3097877 was successful. IE 11 Update failed again.

Ran chkdsk c:/r. After reboot, ran Windows Explorer. It opened, but crashed as soon as I right-clicked on C: Pop-up said Windows Explorer has stopped working, searching for a solution... After a moment, new pop-up said Windows Explorer was restarting, but it did not.

Juliet
2015-11-17, 18:34
See if you can manually download and install IE 11 update from this site
https://technet.microsoft.com/en-us/library/dn321445.aspx

The above may or may not help....fingers crossed on that one.

We have another option. You can do a system restore point to a date before these issues started.
I've had to do this with my own computer and worked very well for me.
http://www.sevenforums.com/tutorials/700-system-restore.html

gin_jammer
2015-11-18, 01:21
I tried a couple of things I found on the technet.microsoft site, but nothing had any effect. IE11 still crashes whenever I right-click on C:.

I tried the earliest System Restore Point available, but there was no effect on IE11, so I did an UNDO on that Restore.

IE11 says it is:
Version 11.0.9600.17843
Update Versions: 11.0.20 (KB3058515) but I can find no record of that Update having been installed. How about if I go into Internet Options and click on Reset IE Settings?

gin_jammer
2015-11-18, 01:24
Or...if I Uninstall IE11, will system automatically revert to IE10, or do something else that I don't want to do?

Juliet
2015-11-18, 03:55
let's try that

http://windows.microsoft.com/en-us/internet-explorer/reset-ie-settings#ie=ie-11

gin_jammer
2015-11-18, 13:59
I'm not sure which you meant: Reset IE Settings, or Uninstall IE11?

Juliet
2015-11-18, 15:28
I think you can do both but the link I supplied was to try and reset settings in IE.

gin_jammer
2015-11-18, 20:56
Following instructions on the link you sent, I reset IE Settings, and then restarted laptop. There was no immediate effect on Windows Explorer crashing. Some time later, I saw a pop-up informing that IE 11 had been downloaded. I re-tested Windows Explorer, but saw no change.

I then tried to Uninstall IE11. However, on the list of Installed Updates, IE11 does NOT appear, so I couldn't delete it.

I looked for an alternative Uninstall technique, and found the Elevated Command Prompt method. I tried that, but afterwards had NO BROWSER and had to run System Restore to recover IE11.

Juliet
2015-11-18, 21:49
yikes

https://support.microsoft.com/en-us/kb/2872074
the above is a good article on Checklist before you install Internet Explorer 11

I have no idea whats got turned upside down.

Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

gin_jammer
2015-11-19, 15:37
FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-11-2015
Ran by Ed (administrator) on ED-PC (19-11-2015 08:28:24)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_245_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-07-22]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 65.32.5.111 65.32.5.112

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toast.net/start

FireFox:
========
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [156080 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [256432 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-08-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [192944 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 eapihdrv; \??\C:\Users\Ed\AppData\Local\Temp\ehdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 08:24 - 2015-11-19 08:24 - 00000000 ____D C:\Users\Ed\Desktop\FRST-OlderVersion
2015-11-19 08:13 - 2015-11-19 08:13 - 29720784 _____ (Microsoft Corporation) C:\Users\Ed\Desktop\IE11-Windows6.1-x86-en-us.exe
2015-11-17 19:44 - 2015-11-17 19:43 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151117-194404.backup
2015-11-17 19:43 - 2015-11-08 09:58 - 00450771 _____ C:\Windows\system32\Drivers\etc\hosts.20151117-194329.backup
2015-11-16 06:57 - 2015-11-16 06:57 - 00012611 _____ C:\Users\Ed\Desktop\MTB.txt
2015-11-16 06:54 - 2015-11-16 06:54 - 00891392 _____ (Farbar) C:\Users\Ed\Desktop\MiniToolBox.exe
2015-11-14 13:34 - 2015-11-14 13:34 - 00002100 _____ C:\Users\Ed\Documents\Registry backup 14nov2015.reg
2015-11-14 13:10 - 2015-11-14 12:54 - 30932992 _____ C:\Windows\system32\config\components.old
2015-11-14 12:56 - 2015-11-15 21:20 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-11-14 12:53 - 2015-11-14 12:53 - 20715632 _____ (Tweaking.com) C:\Users\Ed\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-11-12 16:47 - 2015-11-17 17:22 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-12 16:47 - 2015-11-15 21:20 - 00002124 _____ C:\Users\Ed\Desktop\Tweaking.com - Windows Repair.lnk
2015-11-12 13:48 - 2015-11-17 17:18 - 00000000 ____D C:\Users\Ed\AppData\Roaming\TaxCut
2015-11-12 13:48 - 2015-11-12 13:48 - 00001994 _____ C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-11-12 13:47 - 2015-11-17 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-11-12 13:46 - 2015-11-17 17:22 - 00000000 ____D C:\Program Files\PDF995
2015-11-12 13:46 - 2015-11-17 17:18 - 00000000 ____D C:\Program Files\HRBlock2014
2015-11-12 13:46 - 2015-11-12 13:46 - 00000000 ____D C:\Users\Ed\Documents\HRBlock
2015-11-12 13:45 - 2015-11-17 17:18 - 00000000 ____D C:\ProgramData\TaxCut
2015-11-12 03:36 - 2015-11-03 12:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 03:09 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-12 03:09 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-12 03:09 - 2015-10-29 12:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-12 03:09 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-12 03:09 - 2015-10-13 11:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 03:09 - 2015-10-13 11:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 03:08 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-12 03:08 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 03:08 - 2015-10-19 19:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 03:08 - 2015-10-19 19:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-12 03:08 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-12 03:08 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-12 03:08 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-12 03:08 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-12 03:08 - 2015-10-19 19:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-12 03:08 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-12 03:08 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-12 03:08 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-12 03:08 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-12 03:08 - 2015-10-19 18:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-12 03:08 - 2015-10-19 18:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 03:08 - 2015-10-19 18:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 03:08 - 2015-10-12 23:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-12 03:07 - 2015-10-20 12:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-12 03:07 - 2015-10-20 12:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-12 03:07 - 2015-10-20 12:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-12 03:07 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-12 03:07 - 2015-10-20 12:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-12 03:07 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-12 03:07 - 2015-10-01 12:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-12 03:07 - 2015-09-23 08:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 03:07 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:52 - 2015-11-19 08:28 - 00007560 _____ C:\Users\Ed\Desktop\FRST.txt
2015-11-12 02:47 - 2015-11-19 08:24 - 01378816 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2015-11-11 18:18 - 2015-11-11 18:18 - 00000000 ____D C:\New folder
2015-11-01 15:15 - 2015-11-01 15:15 - 00000340 _____ C:\Windows\Tasks\1015avUpdateInfo.job
2015-11-01 15:15 - 2015-11-01 15:15 - 00000000 ____D C:\ProgramData\Avg_Update_1015av
2015-10-24 10:55 - 2015-10-24 10:55 - 00000000 ____D C:\Users\Ed\AppData\Roaming\AVG
2015-10-24 10:51 - 2015-10-24 10:53 - 00000000 ____D C:\ProgramData\Avg
2015-10-24 10:40 - 2015-10-24 12:08 - 00000000 ____D C:\Users\Ed\AppData\Local\AvgSetupLog
2015-10-21 16:24 - 2015-10-21 16:24 - 00229296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-10-21 16:14 - 2015-10-21 16:14 - 00192944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-10-21 14:20 - 2015-11-19 07:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 08:28 - 2015-10-09 16:54 - 00000000 ____D C:\FRST
2015-11-19 08:05 - 2015-07-21 13:40 - 01400490 _____ C:\Windows\WindowsUpdate.log
2015-11-19 07:00 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 07:00 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 06:52 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 06:52 - 2009-07-13 23:39 - 00054505 _____ C:\Windows\setupact.log
2015-11-18 21:46 - 2015-07-21 16:29 - 00344476 _____ C:\Windows\IE11_main.log
2015-11-18 20:55 - 2015-07-21 15:09 - 00000000 ____D C:\ProgramData\MFAData
2015-11-18 16:05 - 2015-07-26 18:21 - 00063808 _____ C:\Users\Ed\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-18 09:11 - 2015-07-21 13:41 - 00000000 ____D C:\Users\Ed
2015-11-18 09:09 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-11-18 09:09 - 2009-07-13 21:37 - 00000000 __RSD C:\Windows\Media
2015-11-18 09:09 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-17 17:24 - 2011-04-11 21:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-17 17:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-11-17 17:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-11-17 17:22 - 2015-07-25 12:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-17 17:22 - 2015-07-22 17:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-17 17:22 - 2015-07-21 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-17 17:22 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2015-11-17 17:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-11-17 17:18 - 2015-10-09 16:44 - 00000000 ____D C:\Program Files\Tweaking.com
2015-11-17 08:06 - 2009-07-13 23:33 - 00282232 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-16 14:46 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-14 09:37 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Ed\Desktop\Unused Icons
2015-11-12 02:47 - 2015-07-25 09:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-12 02:47 - 2015-07-25 09:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-11 19:00 - 2015-07-21 14:43 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 18:57 - 2015-07-21 14:43 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ____D C:\Windows\ShellNew
2015-11-04 16:41 - 2015-07-21 15:16 - 00000000 ___HD C:\$AVG
2015-11-04 16:40 - 2015-09-17 11:34 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg
2015-10-29 08:55 - 2015-07-22 08:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-24 12:32 - 2009-07-13 21:04 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151108-095805.backup
2015-10-24 10:57 - 2010-11-20 16:48 - 00088004 _____ C:\Windows\PFRO.log
2015-10-24 10:56 - 2015-07-21 15:14 - 00000000 ____D C:\Program Files\AVG
2015-10-24 10:55 - 2015-07-21 15:18 - 00000000 ____D C:\Program Files\Common Files\AV

Some files in TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\avguirn_08624668065.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 09:57

==================== End of FRST.txt ============================

Addition.txt follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-11-2015
Ran by Ed (2015-11-19 08:28:49)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4460 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.6.3 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

15-11-2015 22:06:27 Windows Update
16-11-2015 08:20:38 Windows Update
16-11-2015 09:56:24 Windows Update
16-11-2015 10:00:02 Windows Update
16-11-2015 10:01:35 Windows Update
16-11-2015 12:11:40 Windows Update
16-11-2015 14:47:37 Windows Update
16-11-2015 17:54:07 Windows Update
17-11-2015 06:28:55 Windows Modules Installer
17-11-2015 07:45:17 Windows Update
17-11-2015 10:54:09 Windows Update
17-11-2015 16:56:40 Restore Operation
17-11-2015 17:09:07 Windows Update
17-11-2015 17:15:53 Restore Operation
17-11-2015 21:23:02 Windows Update
18-11-2015 07:22:44 Windows Update
18-11-2015 07:24:06 Windows Update
18-11-2015 07:40:46 Windows Update
18-11-2015 07:41:50 Windows Update
18-11-2015 07:51:17 Windows Update
18-11-2015 08:27:15 Windows Update
18-11-2015 08:27:48 Windows Update
18-11-2015 09:03:23 Windows Modules Installer
18-11-2015 09:03:48 Windows Modules Installer
18-11-2015 09:04:15 Windows Modules Installer
18-11-2015 09:06:57 Restore Operation
18-11-2015 13:22:12 Windows Update
18-11-2015 13:23:35 Windows Update
18-11-2015 14:27:23 Windows Update
18-11-2015 17:58:02 Windows Update
18-11-2015 21:45:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-11-17 19:44 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9F7842C1-875A-4B83-8AF5-FC70D5457E41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {CFCCB0B6-5314-49C3-9F2E-CDEB398D885A} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Loaded Modules (Whitelisted) ==============

2014-01-16 19:11 - 2013-01-14 23:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-25 12:53 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-25 12:53 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-25 12:53 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-24 10:51 - 2015-10-24 10:40 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61EA1F3F-8266-4D1B-B088-DE4F26244D3F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B24444F-1A9A-4A78-9645-5074030A84BA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC8C4175-2F17-4693-B6D5-7CA81FDEA919}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{8C5147FC-B773-4348-849A-16B2304D8535}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E581DDF9-5119-4FE2-95B4-927D1E3890A2}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{4A26A062-57E2-432F-9DFC-519F92185DF3}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{281ED8C6-EF35-4F56-B20A-461CB176C0BE}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{0D6D5B17-7D80-483E-B67F-C648C3FBC5A1}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{A908C295-5AAF-4F2F-8AD1-D52A14EFEC60}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{49DE1C6F-8974-4C2D-A006-748022507B95}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2015 06:52:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 08:52:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 04:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 01:21:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 01:18:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x12e8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 01:18:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x15bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 09:34:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x1348
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 09:34:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xda4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 09:31:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 09:11:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:28:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:28:01 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/18/2015 09:46:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

Error: (11/18/2015 05:58:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 43%
Total physical RAM: 1944.03 MB
Available physical RAM: 1099.21 MB
Total Virtual: 3888.06 MB
Available Virtual: 2632.74 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:262.39 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Juliet
2015-11-19, 17:09
As far as anything related to malware, there isn't anything. What I think I see now from the last log appears to be probably hardware related.
What brand of computer are you using? (for instance I have a Dell Vostro 3500)
Could be, if you ran a driver system check from the manufacturer for your computer there could be a few driver updates that could be very useful.


We could look in Device Manager to see if any drivers have red flags
http://windows.microsoft.com/en-us/windows/open-device-manager#1TC=windows-7


Update drivers: recommended links
http://windows.microsoft.com/en-us/windows/update-drivers-recommended-links#update-drivers-recommended-links=windows-7

the issue still persists, then I would suggest you to perform an in-place upgrade or a repair install of the Windows operating system.

How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2

http://support.microsoft.com/kb/2255099

Important: Make sure to back up all your date before performing the repair installation.

Note: After performing In-Place Upgrade, your personal data and installed programs will not be removed but you may need to run Windows Update to install all the available updates for your system to update these system files to the current version.

If your DVD installation disk is prior to Sp1, and you have SP1 installed on your computer, you will need to uninstall SP1 to complete the in-place upgrade and then reinstall the necessary windows updates. This applies if you have SP2 also.

gin_jammer
2015-11-19, 23:22
This is a Lenovo R500 laptop that originally ran the Vista OS, but was "upgraded" by Joy Systems to run Windows 7 Home Premium. It has a one-year Joy Systems warranty (expiration 2/16). Joy replaced the first battery (so they do honor the warranty). I rather doubt Lenovo would support it now.

Found flags on two Base System Devices and one PCI Simple Communications Controller that do not have drivers installed. Windows Device Manager cannot identify the manufacturer of these devices, or their drivers, and says these three are not using any resources because they “have a problem.”

From MS site, I searched for drivers, but none of the three missing could be found. I plan to call Joy Systems Tech Support to ask for information on these devices and any drivers required.

Suddenly, Windows Explorer is behaving normally, and I’ve tried it several times to see if it’s just being flakey. Therefore, I think everything I originally mentioned on this thread, plus a few, has been resolved (somehow) if you want to close the thread.

Thanks for your help!

Juliet
2015-11-20, 00:54
Suddenly, Windows Explorer is behaving normally
I don't believe you! (joking)
wonder if going into device manager stirred something up?

I researched your laptop and found a couple of things related to these drivers

read over these and see if you think it might relate to your issues.


I plan to call Joy Systems Tech Support to ask for information on these devices and any drivers required
Do that next then.

let me know how it goes, also, we need to remove tools and quarantine folders.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

gin_jammer
2015-11-20, 15:04
Did you intend to send me a link to something about the drivers?

Juliet
2015-11-20, 15:53
lol
you ain't going to believe this, yes, I did and forgot to post them....(I sure thought I did)

let me see if I can find them again.

Juliet
2015-11-20, 16:03
There was a wealth of information really.

https://forums.lenovo.com/
Lenovo forums
This is a site where other people ask questions about Lenovo machines

https://support.lenovo.com/us/en/documents/ht003029

https://support.lenovo.com/us/en/documents/tvsu-update
Updating Lenovo Drivers and Applications using ThinkVantage System Update

https://forums.lenovo.com/t5/ThinkPad-L-R-and-SL-series/R500-Driver-problem/td-p/205176
https://forums.lenovo.com/t5/ThinkPad-L-R-and-SL-series/Driver-not-installed-on-PCI-Simple-Communication-Controller/td-p/297922

See if any of the information is those links help :)

gin_jammer
2015-11-20, 18:59
After surfing through the links you sent, I called Joy Systems technical support. The attendant connected to my computer remotely, saw the three flags on the Device Manager, went to one of the same Lenovo sites, and downloaded several drivers. Some did nothing, but he eventually cleared all three missing driver flags.

Installing the missing drivers had no effect on the crashing Windows Explorer. I showed him that, and he said it looked like a software problem and showed me a workaround. If I get tired of that; he suggested I run a System Restore on Startup to reinstall Windows. Since that means downloading and installing WELL over 100 Windows Updates, I think I’ll put that off until I have absolutely nothing else to do because the system is otherwise running fine.

gin_jammer
2015-11-20, 23:30
From my last post, you may have noticed that my Windows Explorer has gone back to its wicked ways...I guess I can live with that.

Juliet
2015-11-21, 00:56
From my last post, you may have noticed that my Windows Explorer has gone back to its wicked ways...I guess I can live with that.

We've done all we can do in the malware removal.

Wish the Tech from Joy Systems could had brought in more joy!

I didn't want to bring up doing a reformat till there was no other options.....I'll have to leave that up to you what you can and cannot live with.

gin_jammer
2015-11-22, 05:42
Fair enough! Thanks for your help. Have a nice Thanksgiving!

Juliet
2015-11-22, 14:17
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.