AVG cannot remove Trojan horse

[Juliet]

well, glad the mouse got better then, seems like we jumped from one thing to another.

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow...
Below is a good tutorial
http://www.sevenforums.com/tutorials...e-checker.html


NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'

You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.

~~~~~~~~~~~~~~~~~~~`

Please download MiniToolBox http://www.bleepingcomputer.com/download/minitoolbox/
save it to your desktop and run it.

Checkmark the following check-boxes:

Flush DNS
List last 10 Event Viewer log
List Installed Programs
List Devices
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

[gin_jammer]

With Elevated Command Prompt, ran sfc /scannow and got: Windows Resource Protection did not find any integrity violations.

Ran MiniToolBox and got MTB.txt (NOT Result.txt), which follows:

MiniToolBox by Farbar Version: 02-11-2015
Ran by Ed (administrator) on 16-11-2015 at 06:57:53
Running from "C:\Users\Ed\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Model: 2716WM5 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2015 06:10:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x1460
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/16/2015 06:09:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xa88
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/16/2015 06:09:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:26:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xcd4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:25:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xecc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:25:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xf64
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:24:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xca4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:24:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:19:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:15:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/16/2015 06:37:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:31:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:31:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:20:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:20:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:16:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:16:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (11/16/2015 06:10:07 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188146001d1205f4fcaa5c9C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll97de960c-8c52-11e5-bcb7-00226817a818

Error: (11/16/2015 06:09:37 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188a8801d1205f3284303bC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll85d4e6e9-8c52-11e5-bcb7-00226817a818

Error: (11/16/2015 06:09:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:26:04 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188cd401d1201613321317C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll62062a66-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:25:32 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188ecc01d120160cd1231bC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4ed7b1fb-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:25:21 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188f6401d12015fff61d96C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4871ff3f-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:24:57 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188ca401d12015ead4e9f9C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll3a5a62b6-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:24:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:19:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:15:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824161310}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AVG (HKLM\...\{8D70C10A-4314-4ED2-ABE8-23F45AE36F89}) (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{290CF037-215E-4A66-8CCC-31DCD7E0693F}) (Version: 16.0.4455 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FMW 1 (HKLM\...\{F1EA36EA-6E73-465A-BCCB-F758EFD165A2}) (Version: 1.22.2 - AVG Technologies) Hidden
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.6.3 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

========================= Devices: ================================

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&132DB2BD&0&04F0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&E89B380&0&18
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&132DB2BD&0&03F0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

[Juliet]

I want you to manually search for critical windows updates.

Go to and click on the Microsoft Orb, click on All Programs, then windows updates.
Let it scan and let's see if all critical updates have finished.

let me know.

I may have to send you to a tech forum to help with the Explorer crashes.

[gin_jammer]

Checked for Updates, and tried to install 1 Important Update. As usual, IE 11 failed to Install, which it's been doing for some time. However, when I open IE, it says it IS IE 11.

See Attachment.

[Juliet]

KB3097877
you manually uninstalled the above update correct?

There should had been a revised version ready to download and install afterwards?

Please run chkdsk /r

Chkdsk /r checks for bad sectors on the hdd and recovers any readable information.

Click on the Start orb and type in cmd in the Search programs and files box. When cmd is seen in Programs above the Search box right click on it, then click on Run as administrator.

Type in chkdsk c:/r then press Enter. Please notice the space between the chkdsk and the /r

You will receieve the message "CHKDSK cannot be run because it is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N>"

Type in Y and press Enter.

Restart your computer to start the scan.

This will take a while to run, please be patient and allow it to complete the scan.

reboot and post back here to let me know if anything improves.

[gin_jammer]

No, I have not manually uninstalled KB3097877. I'm unsure how to go about manually uninstalling an Update. Assuming I need to do that, can you get me started?

[Juliet]

yes
Go to the Microsoft ORB and click on that
Go to All Programs, then click on Windows Update.
A window should open, in the left pane you'll see where it says "View Update History"
Click on that, next when that window opens, look for see "Installed Updates", it then changes to yet another window. Let it load because it can take a couple of minutes.
Using the Scroll bar on the right, scroll down to where you see Microsoft Windows, locate Security update KB3097877 right click on that and follow the prompts.
It might take a reboot.

let me know how it goes.

[gin_jammer]

Manually removed Update KB3097877. Then, checked for new Updates and found two: KB3097877 and IE 11 (latter has been failing repeatedly for weeks even though IE says it's already IE 11).

Installed Updates, and only KB3097877 was successful. IE 11 Update failed again.

Ran chkdsk c:/r. After reboot, ran Windows Explorer. It opened, but crashed as soon as I right-clicked on C: Pop-up said Windows Explorer has stopped working, searching for a solution... After a moment, new pop-up said Windows Explorer was restarting, but it did not.

[Juliet]

See if you can manually download and install IE 11 update from this site
https://technet.microsoft.com/en-us/.../dn321445.aspx

The above may or may not help....fingers crossed on that one.

We have another option. You can do a system restore point to a date before these issues started.
I've had to do this with my own computer and worked very well for me.
http://www.sevenforums.com/tutorials...m-restore.html

[gin_jammer]

I tried a couple of things I found on the technet.microsoft site, but nothing had any effect. IE11 still crashes whenever I right-click on C:.

I tried the earliest System Restore Point available, but there was no effect on IE11, so I did an UNDO on that Restore.

IE11 says it is:
Version 11.0.9600.17843
Update Versions: 11.0.20 (KB3058515) but I can find no record of that Update having been installed. How about if I go into Internet Options and click on Reset IE Settings?