AVG cannot remove Trojan horse

Status
Not open for further replies.
well, glad the mouse got better then, seems like we jumped from one thing to another.

Please run SFC (System File Checker)
Please run System File Checker sfc /scannow...
Below is a good tutorial
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html


NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'

You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.

~~~~~~~~~~~~~~~~~~~`

Please download MiniToolBox http://www.bleepingcomputer.com/download/minitoolbox/
save it to your desktop and run it.

Checkmark the following check-boxes:

Flush DNS
List last 10 Event Viewer log
List Installed Programs
List Devices
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 
With Elevated Command Prompt, ran sfc /scannow and got: Windows Resource Protection did not find any integrity violations.

Ran MiniToolBox and got MTB.txt (NOT Result.txt), which follows:

MiniToolBox by Farbar Version: 02-11-2015
Ran by Ed (administrator) on 16-11-2015 at 06:57:53
Running from "C:\Users\Ed\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Model: 2716WM5 Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/16/2015 06:10:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x1460
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/16/2015 06:09:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xa88
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/16/2015 06:09:16 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:26:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xcd4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:25:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xecc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:25:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xf64
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:24:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xca4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/15/2015 09:24:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:19:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:15:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/16/2015 06:37:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:11 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:37:10 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:31:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:31:20 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:20:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:20:32 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:16:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/16/2015 06:16:19 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


Microsoft Office Sessions:
=========================
Error: (11/16/2015 06:10:07 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188146001d1205f4fcaa5c9C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll97de960c-8c52-11e5-bcb7-00226817a818

Error: (11/16/2015 06:09:37 AM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188a8801d1205f3284303bC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll85d4e6e9-8c52-11e5-bcb7-00226817a818

Error: (11/16/2015 06:09:16 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:26:04 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188cd401d1201613321317C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll62062a66-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:25:32 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188ecc01d120160cd1231bC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4ed7b1fb-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:25:21 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188f6401d12015fff61d96C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll4871ff3f-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:24:57 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d6727a7SHELL32.dll6.1.7601.1895255c39c76c00000050004b188ca401d12015ead4e9f9C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll3a5a62b6-8c09-11e5-ba8e-00226817a818

Error: (11/15/2015 09:24:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:19:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/15/2015 09:15:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Refresh Manager (HKLM\...\{AC76BA86-0804-1033-1959-001824161310}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AVG (HKLM\...\{8D70C10A-4314-4ED2-ABE8-23F45AE36F89}) (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (HKLM\...\{290CF037-215E-4A66-8CCC-31DCD7E0693F}) (Version: 16.0.4455 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FMW 1 (HKLM\...\{F1EA36EA-6E73-465A-BCCB-F758EFD165A2}) (Version: 1.22.2 - AVG Technologies) Hidden
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.6.3 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

========================= Devices: ================================

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_20CA17AA&REV_11\4&132DB2BD&0&04F0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_8086&DEV_2A44&SUBSYS_20E617AA&REV_07\3&E89B380&0&18
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_20C917AA&REV_11\4&132DB2BD&0&03F0
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 
I want you to manually search for critical windows updates.

Go to and click on the Microsoft Orb, click on All Programs, then windows updates.
Let it scan and let's see if all critical updates have finished.

let me know.

I may have to send you to a tech forum to help with the Explorer crashes.
 
Checked for Updates, and tried to install 1 Important Update. As usual, IE 11 failed to Install, which it's been doing for some time. However, when I open IE, it says it IS IE 11.

See Attachment.
 

Attachments

  • Windows update.jpg
    Windows update.jpg
    95 KB · Views: 4
KB3097877
you manually uninstalled the above update correct?

There should had been a revised version ready to download and install afterwards?

Please run chkdsk /r

Chkdsk /r checks for bad sectors on the hdd and recovers any readable information.

Click on the Start orb and type in cmd in the Search programs and files box. When cmd is seen in Programs above the Search box right click on it, then click on Run as administrator.

Type in chkdsk c:/r then press Enter. Please notice the space between the chkdsk and the /r

You will receieve the message "CHKDSK cannot be run because it is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? <Y/N>"

Type in Y and press Enter.

Restart your computer to start the scan.

This will take a while to run, please be patient and allow it to complete the scan.

reboot and post back here to let me know if anything improves.
 
Last edited:
No, I have not manually uninstalled KB3097877. I'm unsure how to go about manually uninstalling an Update. Assuming I need to do that, can you get me started?
 
yes
Go to the Microsoft ORB and click on that
Go to All Programs, then click on Windows Update.
A window should open, in the left pane you'll see where it says "View Update History"
Click on that, next when that window opens, look for see "Installed Updates", it then changes to yet another window. Let it load because it can take a couple of minutes.
Using the Scroll bar on the right, scroll down to where you see Microsoft Windows, locate Security update KB3097877 right click on that and follow the prompts.
It might take a reboot.

let me know how it goes.
 
Manually removed Update KB3097877. Then, checked for new Updates and found two: KB3097877 and IE 11 (latter has been failing repeatedly for weeks even though IE says it's already IE 11).

Installed Updates, and only KB3097877 was successful. IE 11 Update failed again.

Ran chkdsk c:/r. After reboot, ran Windows Explorer. It opened, but crashed as soon as I right-clicked on C: Pop-up said Windows Explorer has stopped working, searching for a solution... After a moment, new pop-up said Windows Explorer was restarting, but it did not.
 
I tried a couple of things I found on the technet.microsoft site, but nothing had any effect. IE11 still crashes whenever I right-click on C:.

I tried the earliest System Restore Point available, but there was no effect on IE11, so I did an UNDO on that Restore.

IE11 says it is:
Version 11.0.9600.17843
Update Versions: 11.0.20 (KB3058515) but I can find no record of that Update having been installed. How about if I go into Internet Options and click on Reset IE Settings?
 
I think you can do both but the link I supplied was to try and reset settings in IE.
 
Following instructions on the link you sent, I reset IE Settings, and then restarted laptop. There was no immediate effect on Windows Explorer crashing. Some time later, I saw a pop-up informing that IE 11 had been downloaded. I re-tested Windows Explorer, but saw no change.

I then tried to Uninstall IE11. However, on the list of Installed Updates, IE11 does NOT appear, so I couldn't delete it.

I looked for an alternative Uninstall technique, and found the Elevated Command Prompt method. I tried that, but afterwards had NO BROWSER and had to run System Restore to recover IE11.
 
yikes

https://support.microsoft.com/en-us/kb/2872074
the above is a good article on Checklist before you install Internet Explorer 11

I have no idea whats got turned upside down.

  • Right-Click FRST.exe / FRST64.exe and select
    AVOiBNU.jpg
    Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
 
FRST.txt follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-11-2015
Ran by Ed (administrator) on ED-PC (19-11-2015 08:28:24)
Running from C:\Users\Ed\Desktop
Loaded Profiles: Ed (Available Profiles: Ed)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
(Lenovo) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_245_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2015-08-07]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-07-22]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
Tcpip\..\Interfaces\{9E83D762-23C5-409C-B0E5-D0B48741C9B3}: [DhcpNameServer] 65.32.5.111 65.32.5.112

Internet Explorer:
==================
HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.toast.net/start

FireFox:
========
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [862632 2015-11-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [156080 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [256432 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [231344 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-08-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [192944 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [36784 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
S3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
S3 eapihdrv; \??\C:\Users\Ed\AppData\Local\Temp\ehdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 08:24 - 2015-11-19 08:24 - 00000000 ____D C:\Users\Ed\Desktop\FRST-OlderVersion
2015-11-19 08:13 - 2015-11-19 08:13 - 29720784 _____ (Microsoft Corporation) C:\Users\Ed\Desktop\IE11-Windows6.1-x86-en-us.exe
2015-11-17 19:44 - 2015-11-17 19:43 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151117-194404.backup
2015-11-17 19:43 - 2015-11-08 09:58 - 00450771 _____ C:\Windows\system32\Drivers\etc\hosts.20151117-194329.backup
2015-11-16 06:57 - 2015-11-16 06:57 - 00012611 _____ C:\Users\Ed\Desktop\MTB.txt
2015-11-16 06:54 - 2015-11-16 06:54 - 00891392 _____ (Farbar) C:\Users\Ed\Desktop\MiniToolBox.exe
2015-11-14 13:34 - 2015-11-14 13:34 - 00002100 _____ C:\Users\Ed\Documents\Registry backup 14nov2015.reg
2015-11-14 13:10 - 2015-11-14 12:54 - 30932992 _____ C:\Windows\system32\config\components.old
2015-11-14 12:56 - 2015-11-15 21:20 - 00000550 _____ C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2015-11-14 12:53 - 2015-11-14 12:53 - 20715632 _____ (Tweaking.com) C:\Users\Ed\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-11-12 16:47 - 2015-11-17 17:22 - 00000000 ____D C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-12 16:47 - 2015-11-15 21:20 - 00002124 _____ C:\Users\Ed\Desktop\Tweaking.com - Windows Repair.lnk
2015-11-12 13:48 - 2015-11-17 17:18 - 00000000 ____D C:\Users\Ed\AppData\Roaming\TaxCut
2015-11-12 13:48 - 2015-11-12 13:48 - 00001994 _____ C:\Users\Public\Desktop\H&R Block 2014.lnk
2015-11-12 13:47 - 2015-11-17 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-11-12 13:46 - 2015-11-17 17:22 - 00000000 ____D C:\Program Files\PDF995
2015-11-12 13:46 - 2015-11-17 17:18 - 00000000 ____D C:\Program Files\HRBlock2014
2015-11-12 13:46 - 2015-11-12 13:46 - 00000000 ____D C:\Users\Ed\Documents\HRBlock
2015-11-12 13:45 - 2015-11-17 17:18 - 00000000 ____D C:\ProgramData\TaxCut
2015-11-12 03:36 - 2015-11-03 12:46 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 03:09 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-12 03:09 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-12 03:09 - 2015-10-29 12:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-12 03:09 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-12 03:09 - 2015-10-13 11:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-12 03:09 - 2015-10-13 11:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-12 03:08 - 2015-10-19 19:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-11-12 03:08 - 2015-10-19 19:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-12 03:08 - 2015-10-19 19:52 - 00138176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-12 03:08 - 2015-10-19 19:52 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-12 03:08 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-12 03:08 - 2015-10-19 19:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-12 03:08 - 2015-10-19 19:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-12 03:08 - 2015-10-19 19:45 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-12 03:08 - 2015-10-19 19:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-12 03:08 - 2015-10-19 19:44 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-12 03:08 - 2015-10-19 19:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-12 03:08 - 2015-10-19 19:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-12 03:08 - 2015-10-19 19:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-12 03:08 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-12 03:08 - 2015-10-19 18:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-12 03:08 - 2015-10-19 18:28 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-12 03:08 - 2015-10-19 18:28 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-12 03:08 - 2015-10-12 23:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-12 03:07 - 2015-10-20 12:46 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-12 03:07 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-12 03:07 - 2015-10-20 12:45 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-12 03:07 - 2015-10-20 12:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-12 03:07 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-12 03:07 - 2015-10-20 12:45 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-12 03:07 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-12 03:07 - 2015-10-01 12:50 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-12 03:07 - 2015-09-23 08:09 - 00371920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-12 03:07 - 2015-09-23 08:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-12 02:52 - 2015-11-19 08:28 - 00007560 _____ C:\Users\Ed\Desktop\FRST.txt
2015-11-12 02:47 - 2015-11-19 08:24 - 01378816 _____ (Farbar) C:\Users\Ed\Desktop\FRST.exe
2015-11-11 18:18 - 2015-11-11 18:18 - 00000000 ____D C:\New folder
2015-11-01 15:15 - 2015-11-01 15:15 - 00000340 _____ C:\Windows\Tasks\1015avUpdateInfo.job
2015-11-01 15:15 - 2015-11-01 15:15 - 00000000 ____D C:\ProgramData\Avg_Update_1015av
2015-10-24 10:55 - 2015-10-24 10:55 - 00000000 ____D C:\Users\Ed\AppData\Roaming\AVG
2015-10-24 10:51 - 2015-10-24 10:53 - 00000000 ____D C:\ProgramData\Avg
2015-10-24 10:40 - 2015-10-24 12:08 - 00000000 ____D C:\Users\Ed\AppData\Local\AvgSetupLog
2015-10-21 16:24 - 2015-10-21 16:24 - 00229296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-10-21 16:14 - 2015-10-21 16:14 - 00192944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2015-10-21 14:20 - 2015-11-19 07:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 08:28 - 2015-10-09 16:54 - 00000000 ____D C:\FRST
2015-11-19 08:05 - 2015-07-21 13:40 - 01400490 _____ C:\Windows\WindowsUpdate.log
2015-11-19 07:00 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-19 07:00 - 2009-07-13 23:34 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-19 06:52 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 06:52 - 2009-07-13 23:39 - 00054505 _____ C:\Windows\setupact.log
2015-11-18 21:46 - 2015-07-21 16:29 - 00344476 _____ C:\Windows\IE11_main.log
2015-11-18 20:55 - 2015-07-21 15:09 - 00000000 ____D C:\ProgramData\MFAData
2015-11-18 16:05 - 2015-07-26 18:21 - 00063808 _____ C:\Users\Ed\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-18 09:11 - 2015-07-21 13:41 - 00000000 ____D C:\Users\Ed
2015-11-18 09:09 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\Offline Web Pages
2015-11-18 09:09 - 2009-07-13 21:37 - 00000000 __RSD C:\Windows\Media
2015-11-18 09:09 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-17 17:24 - 2011-04-11 21:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-17 17:24 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2015-11-17 17:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-11-17 17:22 - 2015-07-25 12:53 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-11-17 17:22 - 2015-07-22 17:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-17 17:22 - 2015-07-21 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-17 17:22 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2015-11-17 17:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-11-17 17:18 - 2015-10-09 16:44 - 00000000 ____D C:\Program Files\Tweaking.com
2015-11-17 08:06 - 2009-07-13 23:33 - 00282232 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-16 14:46 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-14 09:37 - 2015-07-21 15:26 - 00000000 ____D C:\Users\Ed\Desktop\Unused Icons
2015-11-12 02:47 - 2015-07-25 09:29 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-12 02:47 - 2015-07-25 09:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-11 19:00 - 2015-07-21 14:43 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 18:57 - 2015-07-21 14:43 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-11 18:47 - 2011-04-11 21:24 - 00000000 ____D C:\Windows\ShellNew
2015-11-04 16:41 - 2015-07-21 15:16 - 00000000 ___HD C:\$AVG
2015-11-04 16:40 - 2015-09-17 11:34 - 00000000 ____D C:\Users\Ed\AppData\Local\Avg
2015-10-29 08:55 - 2015-07-22 08:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-24 12:32 - 2009-07-13 21:04 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20151108-095805.backup
2015-10-24 10:57 - 2010-11-20 16:48 - 00088004 _____ C:\Windows\PFRO.log
2015-10-24 10:56 - 2015-07-21 15:14 - 00000000 ____D C:\Program Files\AVG
2015-10-24 10:55 - 2015-07-21 15:18 - 00000000 ____D C:\Program Files\Common Files\AV

Some files in TEMP:
====================
C:\Users\Ed\AppData\Local\Temp\avguirn_08624668065.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 09:57

==================== End of FRST.txt ============================

Addition.txt follows:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-11-2015
Ran by Ed (2015-11-19 08:28:49)
Running from C:\Users\Ed\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-07-21 18:41:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3659970256-991337627-2867597209-500 - Administrator - Disabled)
Ed (S-1-5-21-3659970256-991337627-2867597209-1001 - Administrator - Enabled) => C:\Users\Ed
Guest (S-1-5-21-3659970256-991337627-2867597209-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3659970256-991337627-2867597209-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop 5.0.2 (HKLM\...\Adobe Photoshop 5.0.2) (Version: 5.0 - Adobe Systems, Inc.)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4460 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
FMW 1 (Version: 1.32.2 - AVG Technologies) Hidden
H&R Block Deluxe + Efile 2014 (HKLM\...\{C89CA854-CE87-4CC6-A79F-86E0D7FB0B32}) (Version: 14.04.7401 - HRB Technology, LLC.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visio Professional 2002 [English] (HKLM\...\{90510409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.0.525 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.1.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.55 - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.2.2 - Tweaking.com)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.6.3 - Tweaking.com)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

15-11-2015 22:06:27 Windows Update
16-11-2015 08:20:38 Windows Update
16-11-2015 09:56:24 Windows Update
16-11-2015 10:00:02 Windows Update
16-11-2015 10:01:35 Windows Update
16-11-2015 12:11:40 Windows Update
16-11-2015 14:47:37 Windows Update
16-11-2015 17:54:07 Windows Update
17-11-2015 06:28:55 Windows Modules Installer
17-11-2015 07:45:17 Windows Update
17-11-2015 10:54:09 Windows Update
17-11-2015 16:56:40 Restore Operation
17-11-2015 17:09:07 Windows Update
17-11-2015 17:15:53 Restore Operation
17-11-2015 21:23:02 Windows Update
18-11-2015 07:22:44 Windows Update
18-11-2015 07:24:06 Windows Update
18-11-2015 07:40:46 Windows Update
18-11-2015 07:41:50 Windows Update
18-11-2015 07:51:17 Windows Update
18-11-2015 08:27:15 Windows Update
18-11-2015 08:27:48 Windows Update
18-11-2015 09:03:23 Windows Modules Installer
18-11-2015 09:03:48 Windows Modules Installer
18-11-2015 09:04:15 Windows Modules Installer
18-11-2015 09:06:57 Restore Operation
18-11-2015 13:22:12 Windows Update
18-11-2015 13:23:35 Windows Update
18-11-2015 14:27:23 Windows Update
18-11-2015 17:58:02 Windows Update
18-11-2015 21:45:44 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2015-11-17 19:44 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F4C501C-34A1-4D9E-B7C6-840AE68FE10A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {2D9C48DE-C694-436F-9123-580EB099AA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-12] (Adobe Systems Incorporated)
Task: {4EEBD237-DBCF-4B4A-A40E-F6ACB68CF00A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9F7842C1-875A-4B83-8AF5-FC70D5457E41} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {CFCCB0B6-5314-49C3-9F2E-CDEB398D885A} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {DCDA5300-1724-4338-B20E-88517EF64AD0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0615piUpdateInfo.job => C:\ProgramData\Avg_Update_0615pi\0615pi_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\1015avUpdateInfo.job => C:\ProgramData\Avg_Update_1015av\1015av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One)Tweaking.com - Windows Repair)Created By Tweaking.com

==================== Loaded Modules (Whitelisted) ==============

2014-01-16 19:11 - 2013-01-14 23:47 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-07-25 12:53 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-25 12:53 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-07-25 12:53 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-07-25 12:53 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-24 10:51 - 2015-10-24 10:40 - 40500224 _____ () C:\Program Files\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.

IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3659970256-991337627-2867597209-1001\...\123simsen.com -> www.123simsen.com

There are 7866 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3659970256-991337627-2867597209-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 65.32.5.111 - 65.32.5.112
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{61EA1F3F-8266-4D1B-B088-DE4F26244D3F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3B24444F-1A9A-4A78-9645-5074030A84BA}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{23658621-CB50-42A5-8B7A-63E236D9DFEF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CC8C4175-2F17-4693-B6D5-7CA81FDEA919}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{8C5147FC-B773-4348-849A-16B2304D8535}] => (Allow) C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{E581DDF9-5119-4FE2-95B4-927D1E3890A2}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{4A26A062-57E2-432F-9DFC-519F92185DF3}] => (Allow) C:\Program Files\AVG\Av\avgnsx.exe
FirewallRules: [{281ED8C6-EF35-4F56-B20A-461CB176C0BE}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{0D6D5B17-7D80-483E-B67F-C648C3FBC5A1}] => (Allow) C:\Program Files\AVG\Av\avgdiagex.exe
FirewallRules: [{A908C295-5AAF-4F2F-8AD1-D52A14EFEC60}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
FirewallRules: [{49DE1C6F-8974-4C2D-A006-748022507B95}] => (Allow) C:\Program Files\AVG\Av\avgemcx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2015 06:52:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 08:52:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 04:05:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 01:21:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 01:18:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x12e8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 01:18:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x15bc
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 09:34:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0x1348
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 09:34:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: SHELL32.dll, version: 6.1.7601.18952, time stamp: 0x55c39c76
Exception code: 0xc0000005
Fault offset: 0x0004b188
Faulting process id: 0xda4
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (11/18/2015 09:31:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 09:11:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:32:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:28:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/19/2015 07:28:01 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (11/18/2015 09:46:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

Error: (11/18/2015 05:58:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 43%
Total physical RAM: 1944.03 MB
Available physical RAM: 1099.21 MB
Total Virtual: 3888.06 MB
Available Virtual: 2632.74 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:294.72 GB) (Free:262.39 GB) NTFS
Drive e: () (Removable) (Total:57.87 GB) (Free:41.8 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 9C948886)
Partition 1: (Active) - (Size=3.4 GB) - (Type=27)
Partition 2: (Not Active) - (Size=294.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 57.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================
 
As far as anything related to malware, there isn't anything. What I think I see now from the last log appears to be probably hardware related.
What brand of computer are you using? (for instance I have a Dell Vostro 3500)
Could be, if you ran a driver system check from the manufacturer for your computer there could be a few driver updates that could be very useful.


We could look in Device Manager to see if any drivers have red flags
http://windows.microsoft.com/en-us/windows/open-device-manager#1TC=windows-7


Update drivers: recommended links
http://windows.microsoft.com/en-us/...ks#update-drivers-recommended-links=windows-7

the issue still persists, then I would suggest you to perform an in-place upgrade or a repair install of the Windows operating system.

How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2

http://support.microsoft.com/kb/2255099

Important: Make sure to back up all your date before performing the repair installation.

Note: After performing In-Place Upgrade, your personal data and installed programs will not be removed but you may need to run Windows Update to install all the available updates for your system to update these system files to the current version.

If your DVD installation disk is prior to Sp1, and you have SP1 installed on your computer, you will need to uninstall SP1 to complete the in-place upgrade and then reinstall the necessary windows updates. This applies if you have SP2 also.
 
This is a Lenovo R500 laptop that originally ran the Vista OS, but was "upgraded" by Joy Systems to run Windows 7 Home Premium. It has a one-year Joy Systems warranty (expiration 2/16). Joy replaced the first battery (so they do honor the warranty). I rather doubt Lenovo would support it now.

Found flags on two Base System Devices and one PCI Simple Communications Controller that do not have drivers installed. Windows Device Manager cannot identify the manufacturer of these devices, or their drivers, and says these three are not using any resources because they “have a problem.”

From MS site, I searched for drivers, but none of the three missing could be found. I plan to call Joy Systems Tech Support to ask for information on these devices and any drivers required.

Suddenly, Windows Explorer is behaving normally, and I’ve tried it several times to see if it’s just being flakey. Therefore, I think everything I originally mentioned on this thread, plus a few, has been resolved (somehow) if you want to close the thread.

Thanks for your help!
 
Suddenly, Windows Explorer is behaving normally
I don't believe you! (joking)
wonder if going into device manager stirred something up?

I researched your laptop and found a couple of things related to these drivers

read over these and see if you think it might relate to your issues.

I plan to call Joy Systems Tech Support to ask for information on these devices and any drivers required
Do that next then.

let me know how it goes, also, we need to remove tools and quarantine folders.

AFZxnZc.jpg
DelFix

  • Please download DelFix or from Here and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
  • Activate UAC
  • Remove disinfection tools
  • Click the Run button.
  • -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
Status
Not open for further replies.
Back
Top