AVG cannot remove Trojan horse

gin_jammer · Oct 9, 2015

AVG version 2015.0.6140 has detected "Trojan horse Generic36.BOKP" which it cannot remove from my laptop. Can you help?

FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:08-10-2015
Ran by Ed (administrator) on ED-PC (09-10-2015 17:56:46)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\MountPoints2: {0c055248-2ff0-11e5-bcc9-806e6f6e6963} - D:\setup.EXE /AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-07-22]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 65.32.5.111 65.32.5.112

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toast.net/start
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

FireFox:
========
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [250800 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [222640 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-07-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [207328 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [189872 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [230832 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 17:56 - 2015-10-09 17:57 - 00006752 _____ C:\Users\Ed\Desktop\FRST.txt
2015-10-09 17:54 - 2015-10-09 17:56 - 00000000 ____D C:\FRST
2015-10-09 17:53 - 2015-10-09 17:53 - 01698304 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2015-10-09 17:47 - 2015-10-09 17:47 - 00065999 _____ C:\Users\Ed\Desktop\farbar-recovery-scan-tool.htm
2015-10-09 17:45 - 2015-10-09 17:45 - 00000207 _____ C:\Windows\tweaking.com-regbackup-ED-PC-Windows-7-Home-Premium-(32-bit).dat
2015-10-09 17:45 - 2015-10-09 17:45 - 00000000 ____D C:\RegBackup
2015-10-09 17:44 - 2015-10-09 17:44 - 00002188 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-10-09 17:44 - 2015-10-09 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-10-09 17:44 - 2015-10-09 17:44 - 00000000 ____D C:\Program Files\Tweaking.com
2015-10-09 17:41 - 2015-10-09 17:41 - 04687448 _____ (Tweaking.com) C:\Users\Ed\Desktop\tweaking.com_registry_backup_setup.exe
2015-10-05 14:15 - 2015-10-07 08:56 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2015-10-05 09:45 - 2015-10-05 09:44 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151005-094520.backup
2015-09-28 15:09 - 2015-09-28 15:09 - 00000000 ____D C:\Users\Ed\AppData\LocalLow\Temp
2015-09-17 12:35 - 2015-09-17 12:35 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-09-17 12:35 - 2015-09-17 12:35 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-09-17 12:34 - 2015-09-17 12:34 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg
2015-09-11 17:24 - 2015-09-11 17:24 - 01452382 _____ C:\Users\Ed\Documents\S&P 500.wmf
2015-09-09 10:30 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-09 10:30 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-09 10:29 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-09 10:29 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-09 10:29 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 10:29 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-09 10:29 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-09 10:29 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-09 10:29 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-09 10:29 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-09 10:29 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-09 10:29 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-09 10:29 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-09 10:29 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-09 10:29 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 10:29 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-09 10:29 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-09 10:29 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-09 10:29 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-09 10:29 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-09 10:29 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-09 10:29 - 2015-07-22 13:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-09 10:29 - 2015-07-22 13:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-09 10:29 - 2015-07-22 13:57 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-09 10:29 - 2015-07-22 13:57 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-09 10:29 - 2015-07-22 13:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-09 10:29 - 2015-07-22 13:53 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-09 10:29 - 2015-07-22 13:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-09 10:29 - 2015-07-22 13:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-09 10:29 - 2015-07-22 13:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-09 10:29 - 2015-07-22 13:52 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-09 10:29 - 2015-07-22 13:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-09 10:29 - 2015-07-22 13:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-09 10:29 - 2015-07-22 13:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-09 10:29 - 2015-07-22 13:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-09 10:29 - 2015-07-22 12:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-09 10:29 - 2015-07-22 12:34 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-09 10:29 - 2015-07-22 12:34 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-09 10:29 - 2015-07-22 12:33 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-09 10:29 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-09 10:29 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-09 10:29 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-09 10:29 - 2015-06-25 05:48 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-09 10:29 - 2015-06-25 05:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 10:29 - 2015-06-25 05:44 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-09 10:01 - 2015-09-09 10:01 - 00000340 _____ C:\Windows\Tasks\0915avUpdateInfo.job
2015-09-09 10:01 - 2015-09-09 10:01 - 00000000 ____D C:\ProgramData\Avg_Update_0915av

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 17:20 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-09 17:20 - 2009-07-14 00:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-09 17:14 - 2015-07-21 14:40 - 01828782 _____ C:\Windows\WindowsUpdate.log
2015-10-09 12:43 - 2015-07-21 16:09 - 00000000 ____D C:\ProgramData\MFAData
2015-10-09 08:25 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 08:25 - 2009-07-14 00:39 - 00050103 _____ C:\Windows\setupact.log
2015-10-08 17:22 - 2015-07-21 17:29 - 00240880 _____ C:\Windows\IE11_main.log
2015-10-08 06:59 - 2015-07-22 18:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 06:52 - 2015-08-10 16:54 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-29 09:54 - 2015-07-25 10:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-29 09:54 - 2015-07-25 10:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-17 12:35 - 2015-07-21 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-12 11:23 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-09-11 17:22 - 2015-09-01 14:00 - 00000000 ____D C:\TEMP
2015-09-10 16:05 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-10 15:37 - 2009-07-14 00:53 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-10 10:59 - 2010-11-20 17:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 00:01 - 2009-07-14 00:33 - 00278024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 00:00 - 2011-04-11 22:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 17:49 - 2015-07-21 15:43 - 00000000 ____D C:\Windows\system32\MRT

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-01 13:49

==================== End of FRST.txt ============================

Addition.txt follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:08-10-2015
Ran by Ed (2015-10-09 17:57:22)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4435 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

22-09-2015 08:13:58 Windows Update
22-09-2015 08:46:55 Windows Update
22-09-2015 16:39:14 Windows Update
25-09-2015 11:05:28 Windows Update
26-09-2015 07:37:03 Windows Update
27-09-2015 14:28:20 Windows Update
27-09-2015 16:00:55 Windows Update
28-09-2015 16:29:44 Windows Update
29-09-2015 10:46:30 Windows Update
29-09-2015 16:05:50 Windows Update
01-10-2015 10:09:21 Windows Update
01-10-2015 11:15:29 Windows Update
01-10-2015 16:29:03 Windows Update
02-10-2015 11:15:56 Windows Update
02-10-2015 18:05:18 Windows Update
03-10-2015 21:30:50 Windows Update
05-10-2015 09:43:19 Windows Update
05-10-2015 10:40:51 Windows Update
05-10-2015 14:33:26 Windows Update
06-10-2015 15:24:48 Windows Update
06-10-2015 16:58:59 Windows Update
07-10-2015 21:39:55 Windows Update
08-10-2015 17:21:48 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2015-10-05 09:45 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E842815-25EC-4680-92FB-0323E671FFC9} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {29224B2F-948C-4EC2-9AB0-A21C0304A29E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\0915avUpdateInfo.job => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-16 20:11 - 2013-01-15 00:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-25 13:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-25 13:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-25 13:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 15751 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61EA1F3F-8266-4D1B-B088-DE4F26244D3F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B24444F-1A9A-4A78-9645-5074030A84BA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{28B30718-FFF9-424B-AD86-5F0C708DD0F0}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{F71A4611-11D8-416D-81C9-7C6917234A6B}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{AAFD0C5F-5A83-46F6-A945-74C1B8E4D02F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{DA1F11F0-6E6B-4606-83B7-70C813A2CB03}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{3870632C-19C3-436D-9682-E6256DEEAE19}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{8433D890-7632-4CF1-84E4-E34346161D3D}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 09:02:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c34

Start Time: 01d1028da700905b

Termination Time: 109

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (10/09/2015 08:25:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/08/2015 06:53:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2015 03:35:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WINWORD.EXE version 9.0.0.2717 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 698

Start Time: 01d1013742fa90c5

Termination Time: 0

Application Path: C:\Program Files\Microsoft Office\Office\WINWORD.EXE

Report Id: 934346e7-6d2a-11e5-bfc8-00226817a818

Error: (10/07/2015 08:11:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 05:51:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2015 01:24:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/04/2015 09:10:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/03/2015 09:00:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/02/2015 04:36:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (10/09/2015 05:23:39 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MOONCHILD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0B48741.
The master browser is stopping or an election is being forced.

Error: (10/09/2015 02:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 02:34:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 02:34:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 02:34:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (10/09/2015 12:51:59 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MOONCHILD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0B48741.
The master browser is stopping or an election is being forced.

Error: (10/09/2015 11:06:18 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer MOONCHILD
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9E83D762-23C5-409C-B0E5-D0B48741.
The master browser is stopping or an election is being forced.

Error: (10/09/2015 08:26:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (10/09/2015 08:26:23 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (10/09/2015 08:25:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 56%
Total physical RAM: 1944.03 MB
Available physical RAM: 838.63 MB
Total Virtual: 3888.06 MB
Available Virtual: 2499.94 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:264.76 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

aswMBR follows:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-10-09 18:08:47
-----------------------------
18:08:47.000 OS Version: Windows 6.1.7601 Service Pack 1
18:08:47.000 Number of processors: 2 586 0x170A
18:08:47.000 ComputerName: ED-PC UserName: Ed
18:09:07.155 Initialize success
18:09:07.343 VM: initialized successfully
18:09:07.343 VM: Intel CPU BiosDisabled
18:10:43.493 AVAST engine defs: 15100900
18:11:58.108 The log file has been saved successfully to "C:\Users\Ed\Desktop\aswMBR.txt"

Regards,

Ed

Juliet · Oct 10, 2015

AVG version 2015.0.6140 has detected "Trojan horse Generic36.BOKP"

By chance, can you post the file/folder it says it detected this in?

~~~~

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``

1. Open up Malwarebytes and you will be on the Dashboard
2. Click on the History Tab
3. Then click on Application Logs
4. Double click on the SCAN LOG (Not Protection Log ) you just ran
5. When it opens it will look like this

6. Then click on Export
7. On the drop down list click on Copy to Clipboard
8. Then paste the log back into this thread

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select
Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~
please post
Malwarebytes log
AdwCleaner[CX].txt
JRT.txt

gin_jammer · Oct 12, 2015

AVG did not report which file Generic Trojan horse was detected in. Only reported: "access denied"

Following your instructions step by step, I had a few problems and didn't always get what I expected.

MBAM Scan Log follows:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/12/2015
Scan Time: 4:34 PM
Logfile: MBAM Scan Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.12.03
Rootkit Database: v2015.10.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ed

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304205
Time Elapsed: 5 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.MindSpark, HKLM\SOFTWARE\HowToSimplified_8e, Quarantined, [878c1f375b301f17137dc8fa70949967],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

After AdwCleaner Scan, I got no option to click Report, so did not reboot at that point.

Ran JRT, and JRT.txt follows:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x86
Ran by Ed on Mon 10/12/2015 at 17:24:08.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\Tasks\0915avUpdateInfo.job

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Avg_Update_0915av

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/12/2015 at 17:28:21.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards,

Ed

Juliet · Oct 12, 2015

AVG did not report which file Generic Trojan horse was detected in. Only reported: "access denied"

This could be many things but, AVG is doing it's job which doesn't necessarily mean there is an infection.

Since running these tools has it shown an alert again?

See if you can locate this
AdwCleaner[CX].txt

if you find it copy and paste it in your next reply.

~~~~~~~
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click

. If no threats were found, skip the next two bullet points.
Click

and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to

and click

.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

gin_jammer · Oct 13, 2015

I could not find AdwCleaner[CX].txt.

After my last post, I ran an AVG scan, and it found nothing. In disbelief, I ran it again, and it again found nothing. Does that mean my system is clean?

Should I now continue with your last instruction or not?

Regards,

Ed

Juliet · Oct 14, 2015

Should I now continue with your last instruction or not?

Yes, let's make sure it wasn't some sort of fluke.

gin_jammer · Oct 18, 2015

The ESET scan ran for 28 minutes, which surprised me since the last time I used ESET the scan ran for hours. It reported nothing. I ran another AVG scan, which also reported nothing.

Juliet · Oct 18, 2015

gin_jammer said:
The ESET scan ran for 28 minutes, which surprised me since the last time I used ESET the scan ran for hours. It reported nothing. I ran another AVG scan, which also reported nothing.

The Eset scan surprises me too.

OK, let's watch it for a day or two, come back and give me an update. If all is still good we'll remove tools and quarantine folders.

Juliet · Oct 29, 2015

Glad we could help.

Since this issue appears resolved ... this Topic is closed.

Juliet · Nov 11, 2015

Topic re-opened.

Ed
Post the new logs here.

gin_jammer · Nov 12, 2015

FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by Ed (administrator) on ED-PC (12-11-2015 02:52:14)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\MountPoints2: {0c055248-2ff0-11e5-bcc9-806e6f6e6963} - D:\setup.EXE /AUTORUN
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-07-22]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 65.32.5.111 65.32.5.112

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toast.net/start

FireFox:
========
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [156080 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [256432 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-08-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [192944 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 eapihdrv; \??\C:\Users\Ed\AppData\Local\Temp\ehdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 02:52 - 2015-11-12 02:52 - 00007537 _____ C:\Users\Ed\Desktop\FRST.txt
2015-11-12 02:47 - 2015-11-12 02:47 - 01702400 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2015-11-11 18:18 - 2015-11-11 18:18 - 00000000 ____D C:\New folder
2015-11-01 15:15 - 2015-11-01 15:15 - 00000340 _____ C:\Windows\Tasks\1015avUpdateInfo.job
2015-11-01 15:15 - 2015-11-01 15:15 - 00000000 ____D C:\ProgramData\Avg_Update_1015av
2015-10-24 10:55 - 2015-10-24 10:55 - 00000000 ____D C:\Users\Ed\AppData\Roaming\AVG
2015-10-24 10:51 - 2015-10-24 10:53 - 00000000 ____D C:\ProgramData\Avg
2015-10-24 10:40 - 2015-10-24 12:08 - 00000000 ____D C:\Users\Ed\AppData\Local\AvgSetupLog
2015-10-21 16:24 - 2015-10-21 16:24 - 00229296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-10-21 16:14 - 2015-10-21 16:14 - 00192944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-10-21 14:20 - 2015-11-12 02:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-19 08:06 - 2015-10-19 08:06 - 00256432 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-10-18 11:00 - 2015-10-18 11:00 - 00000000 ____D C:\Program Files\ESET
2015-10-15 08:04 - 2015-09-18 12:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 08:04 - 2015-09-18 12:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 08:04 - 2015-09-18 12:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 08:04 - 2015-09-18 12:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-13 14:36 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-13 14:36 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 14:36 - 2015-09-28 22:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 14:36 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 14:36 - 2015-09-28 21:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 14:36 - 2015-09-28 21:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 14:36 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 14:36 - 2015-09-28 21:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 14:36 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 14:36 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 14:36 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 14:36 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 14:36 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 14:36 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 14:36 - 2015-09-28 20:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 14:36 - 2015-09-28 20:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 14:36 - 2015-09-28 20:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 14:36 - 2015-09-15 12:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 14:36 - 2015-09-15 12:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 14:36 - 2015-09-15 12:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 14:36 - 2015-09-15 12:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 14:36 - 2015-09-15 12:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 14:36 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 14:36 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 14:35 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 14:35 - 2015-10-01 12:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 14:35 - 2015-10-01 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 14:35 - 2015-09-25 12:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 14:35 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 14:35 - 2015-09-25 12:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 14:35 - 2015-09-25 12:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 14:35 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 14:35 - 2015-09-25 12:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 14:35 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 14:35 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 01:29 - 2015-10-13 01:29 - 00875720 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-12 02:52 - 2015-10-09 16:54 - 00000000 ____D C:\FRST
2015-11-12 02:48 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-12 02:48 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-12 02:47 - 2015-07-25 09:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-12 02:47 - 2015-07-25 09:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-12 02:42 - 2015-07-21 13:40 - 01750765 _____ C:\Windows\WindowsUpdate.log
2015-11-12 02:39 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-12 02:39 - 2009-07-13 23:39 - 00052903 _____ C:\Windows\setupact.log
2015-11-11 19:00 - 2015-07-21 14:43 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 18:59 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-11-11 18:57 - 2015-07-21 14:43 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 18:55 - 2015-07-21 16:29 - 00310080 _____ C:\Windows\IE11_main.log
2015-11-11 18:54 - 2010-11-20 16:01 - 00774004 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 18:52 - 2015-07-21 15:09 - 00000000 ____D C:\ProgramData\MFAData
2015-11-11 18:48 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-11-11 18:47 - 2015-07-25 12:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-11 18:47 - 2015-07-22 17:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-11 18:47 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Ed\Desktop\Unused Icons
2015-11-11 18:47 - 2015-07-21 13:41 - 00000000 ____D C:\Users\Ed
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ____D C:\Windows\ShellNew
2015-11-11 18:47 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-04 16:42 - 2015-07-21 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-04 16:41 - 2015-07-21 15:16 - 00000000 ___HD C:\$AVG
2015-11-04 16:40 - 2015-09-17 11:34 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg
2015-10-29 08:55 - 2015-07-22 08:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-24 12:32 - 2009-07-13 21:04 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151108-095805.backup
2015-10-24 10:57 - 2010-11-20 16:48 - 00088004 _____ C:\Windows\PFRO.log
2015-10-24 10:56 - 2015-07-21 15:14 - 00000000 ____D C:\Program Files\AVG
2015-10-24 10:55 - 2015-07-21 15:18 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-16 06:23 - 2015-07-21 14:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-16 06:23 - 2015-07-21 14:47 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-14 11:31 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-10-14 09:22 - 2015-09-01 13:00 - 00000000 ____D C:\TEMP

Some files in TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\avg-a015582c-1361-4525-b287-fa3a1a145370.exe
C:\Users\Ed\AppData\Local\Temp\avguirn_081829176199.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-10 09:57

==================== End of FRST.txt ============================

Addition.txt follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by Ed (2015-11-12 02:52:57)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4455 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

29-10-2015 15:34:20 Windows Update
30-10-2015 05:31:22 Windows Update
30-10-2015 06:03:07 Windows Update
01-11-2015 15:15:12 Windows Update
01-11-2015 17:19:13 Windows Update
02-11-2015 14:46:51 Windows Update
02-11-2015 16:09:06 Windows Update
02-11-2015 19:34:32 Windows Update
04-11-2015 16:37:13 Windows Update
05-11-2015 05:22:43 Windows Update
05-11-2015 10:55:25 Windows Update
05-11-2015 13:09:44 Windows Update
05-11-2015 16:39:49 Windows Update
05-11-2015 20:58:05 Windows Update
06-11-2015 11:14:03 Windows Update
08-11-2015 05:58:39 Windows Update
08-11-2015 11:39:16 Windows Update
09-11-2015 18:51:39 Windows Update
10-11-2015 12:40:19 Windows Update
11-11-2015 07:15:04 Windows Update
11-11-2015 18:44:58 Restore Operation
11-11-2015 18:52:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-11-08 09:58 - 00450771 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9F7842C1-875A-4B83-8AF5-FC70D5457E41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2014-01-16 19:11 - 2013-01-14 23:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-25 12:53 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-25 12:53 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-25 12:53 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-24 10:51 - 2015-10-24 10:40 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61EA1F3F-8266-4D1B-B088-DE4F26244D3F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B24444F-1A9A-4A78-9645-5074030A84BA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC8C4175-2F17-4693-B6D5-7CA81FDEA919}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{8C5147FC-B773-4348-849A-16B2304D8535}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E581DDF9-5119-4FE2-95B4-927D1E3890A2}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{4A26A062-57E2-432F-9DFC-519F92185DF3}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{281ED8C6-EF35-4F56-B20A-461CB176C0BE}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{0D6D5B17-7D80-483E-B67F-C648C3FBC5A1}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{A908C295-5AAF-4F2F-8AD1-D52A14EFEC60}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{49DE1C6F-8974-4C2D-A006-748022507B95}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/12/2015 02:39:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 06:54:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xc48
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/11/2015 06:48:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 05:09:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/11/2015 05:06:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x5609fdaf
Exception code: 0xc015000f
Fault offset: 0x0008433e
Faulting process id: 0xbd8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/11/2015 05:06:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xbd8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/11/2015 09:28:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 01:58:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 07:16:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2015 07:35:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB3107998).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3101246).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3092601).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3101746).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3101722).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3097877).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3081320).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3100213).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB3102810).

Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 59%
Total physical RAM: 1944.03 MB
Available physical RAM: 783.24 MB
Total Virtual: 3888.06 MB
Available Virtual: 2641.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:263.6 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Juliet · Nov 12, 2015

Looking over the logs I don't think this is related to malware but rather windows system errors.

I did find the update related to a few problems located below in the log you posted but, I think you were having problems before this was released for updates.
Error: (11/11/2015 07:00:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB3097877).

And if I read it right, updates from yesterday all failed?

name="AplusWebMaster" post="872876" timestamp="1447320935"]
FYI...

MS15-115 / re-released ...
- https://technet.microsoft.com/library/security/MS15-115
V2.0 (November 11, 2015): Bulletin revised to inform customers running Windows 7 that the 3097877 update has been re-released to address an issue that caused crashes for some customers when they viewed certain emails. Customers who previously installed update 3097877 should -reinstall- the update to correct this known issue. See Microsoft Knowledge Base Article 3097877* for more information.

* https://support.microsoft.com/en-us/kb/3097877
Last Review: 11/11/2015 22:26:00 - Rev: 2.0 - "... Issues in this security update: We are aware of reports of crashes in all supported versions of Microsoft Outlook that occur when users are reading certain emails after this update is installed..."

~~~~~~~~~~~~~~

Do all your USB Ports work ?

Also please download Windows Repair (all in one) from here

Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

NEXT
On the the Start Repairs tab => Click the Start

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

gin_jammer · Nov 12, 2015

4 out of 15 Windows Updates failed on 11/11, however, today (11/12) they (plus one or two more) were successful.

I've tried my wireless keyboard and mouse on two USB ports, and on both they exhibit intermittent problems. For example, briefly keyboard/mouse is fine, then cursor suddenly won't move easily, or when a mouse button is pushed, it's as if nothing happened, or the mouse might act as if I were holding that button down (dragging/highlighting stuff I don't want to drag or highlight).

When that starts, I can usually stop it with ESC on the laptop keyboard.

I'll try the next instructions you sent, and then report.

gin_jammer · Nov 12, 2015

Windows Update 3097877 successful.

Juliet · Nov 12, 2015

Did you try Windows Repair (all in one)?

Also, does your mouse require a battery?

gin_jammer · Nov 12, 2015

Tweaking.COM seriously recommends running Windows Repair in Safe Mode with Networking. You didn't mention that, so is it important?

gin_jammer · Nov 12, 2015

I'll put a new batty in Mouse just to make sure.

gin_jammer · Nov 12, 2015

Will wait to hear from you regarding Safe Mode before I run Windows Repair.

Juliet · Nov 12, 2015

I would think safe mode would be good since thats where less applications are likely to interfere.

gin_jammer · Nov 16, 2015

I'm not having success. I performed a Registry Backup, and then ran Windows Repair. It ran for 21.5 hours before I stopped it. I ran another Registry Backup, and then attempted Windows Repair again. This time, I got a pop-up saying Registry Backup either had error or failed.

Meanwhile, the sluggish mouse problem I originally reported is now not noticeable, however Windows Explorer restarts itself when I attempt to right-click on C: drive to look at Properties.

AVG cannot remove Trojan horse

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

New member

Security Expert-emeritus

Security Expert-emeritus

Security Expert-emeritus

New member

Security Expert-emeritus

New member

New member

Security Expert-emeritus

New member

New member

New member

Security Expert-emeritus

New member