Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to open any applications in Windows 7 except for browser


  • This topic is locked This topic is locked
12 replies to this topic

#1 Stefkom2

Stefkom2

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 03:49 AM

Good Morning,

 

I am unable to open any files in windows 7 (I can view them in windows explorer). I recently had a false positive for nemreq.a which was probably something else- there is no other sign of ransomware. This issue may be a virus though. When I ry and open a programme I receive the following message

 

"The application was unable to start correctly (0x0000005). Click OK to close the application." I cannot run an exe programme to instore Rkill or any exe programmes

 

Please can you help?

 

I need my computr to function for my job so any help will be greatly appreciated

 

Best Wishes

 

Steve

 



BC AdBot (Login to Remove)

 


#2 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 03:51 AM

When I try and open an antivirus programme I receive the reply that "The Extended Attributes are inconsistent". 



#3 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 04:21 AM

Can't open system restore either- extended attributes are inconsistent again



#4 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 05:04 AM

I restarted the computer and it undertook a disc check after which I was able to open two documents- I thoght tyhe problem was solved but the issue has now returned.  The same messages appear. Please help is there is anyone out there who knows what steps to take.



#5 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 05:29 AM

System restore isn't working- I have received the following message "System restore does not appear to be functioning correctly on this system.A Volume Service Shadow Copy component encountered an unexpected error. Check the application event log for more information. (0x80042302)



#6 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 06:06 AM

I am in safe mode with networking now. The message re Microsoft Office programmes is different- it says I interrrupted a repair attempt and the license can't be verified. I can open Microsoft docs in Open Office and edit them and I can open my antivirus programmes. So the problem occurs when I am in normal mode. I am running a scan with Emsisoft Emergenvy will then try one with Trojan Killer. Any thoughts gratefully received. 



#7 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 08:12 AM

Tried a system restore in safe mode- didn't help- Trojan Killer failed to detect anything. Please can anyone help?



#8 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 08:57 AM

Cured after a system restore which finally worked (previously I'd used an earlier restore point this time I used most recent) 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 25 January 2017 - 10:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I can check you current situation. Run this tool and post the logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

#10 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 25 January 2017 - 11:51 AM

Hi, thank you so much for your help I have done as you asked

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017
Ran by Geoff (administrator) on GEOFF-PC (25-01-2017 16:41:54)
Running from C:\Users\Geoff\Downloads
Loaded Profiles: UpdatusUser & Geoff (Available Profiles: UpdatusUser & Geoff & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(ABBYY Production LLC) C:\Program Files (x86)\ABBYY PDF Transformer+\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(© 2015 Microsoft Corporation) C:\Users\Geoff\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-01-09] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-01-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [516296 2016-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AVGUI.exe [9523496 2017-01-20] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-05-30] (Glarysoft Ltd)
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-01] (Piriform Ltd)
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\...\Run: [GoogleChromeAutoLaunch_8E456BB18B8827DC1C98524EAB7B7C9F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\...\Run: [BingSvc] => C:\Users\Geoff\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2016-05-24] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2016-05-24] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2016-05-24] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
BootExecute: autocheck autochk *  
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3FC9ED83-A011-46F1-8C22-83A93FAE17C8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C78DE897-BEB1-452F-A82F-73D30EC4B283}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.inklineglobal.com
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://google.inklineglobal.com/google_mb.html
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://google.inklineglobal.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-785650546-1832744181-4140763645-1001 -> {F813F595-1DA6-4476-915D-E3C2FDF0B758} URL = hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:3144322079&ie=ISO-8859-1&sa=Search&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: No Name -> {4f426332-14d3-4383-abd6-ab0af916a73c} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-785650546-1832744181-4140763645-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-785650546-1832744181-4140763645-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
 
FireFox:
========
FF DefaultProfile: tw332mrl.default
FF ProfilePath: C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default [2017-01-25]
FF user.js: detected! => C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\user.js [2016-05-27]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tw332mrl.default -> SearchMyWeb
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\tw332mrl.default -> hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tw332mrl.default -> SearchMyWeb
FF Keyword.URL: Mozilla\Firefox\Profiles\tw332mrl.default -> hxxp://www.google.com/cse?cx=partner-pub-6697027465779297:7461124956&ie=ISO-8859-1&sa=Search&q=
FF NetworkProxy: Mozilla\Firefox\Profiles\tw332mrl.default -> type", 0
FF Extension: (Bing Search) - C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-11-15]
FF Extension: (Email Extractor) - C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\Extensions\emailExtractor@penzil.com.xpi [2016-04-29]
FF Extension: (DotVPN — better than VPN.) - C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\Extensions\firefox@dotvpn.com.xpi [2016-11-10]
FF Extension: (Panda Security Toolbar) - C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi [2016-04-26]
FF SearchPlugin: C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\searchplugins\bing-.xml [2016-11-15]
FF SearchPlugin: C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\searchplugins\inkline.xml [2011-09-23]
FF HKLM-x32\...\Firefox\Extensions: [4lffxtbr@BibleTriviaTime_4l.com] - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-01-25]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-01-17] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR DefaultSearchKeyword: Default -> hma
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Profile: C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default [2017-01-25]
CHR Extension: (Google Drive) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-25]
CHR Extension: (Hola Video Accelerator) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\chgpmaaockmdehmidghebcjafhihlgha [2016-11-22]
CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2016-12-11]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2016-12-11]
CHR Extension: (Image Downloader) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2016-09-28]
CHR Extension: (Adobe Acrobat) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-17]
CHR Extension: (Toolkit For Facebook) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcachklhcihfinmagjnlomehfdhndhep [2016-12-08]
CHR Extension: (Google Docs Offline) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-09-29]
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-01-20]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2017-01-14]
CHR Extension: (Pinterest Save Button) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-03]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-12-11]
CHR Extension: (Email Extractor) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdianbbpnakhcmfkcckaboohfgnngfcc [2017-01-20]
CHR Extension: (Webarchive) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfljpkcacgcnnnipmdlgmlnmckmcpoef [2016-06-19]
CHR Extension: (DotVPN — a better way to VPN) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2016-12-29]
CHR Extension: (Skype) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-22]
CHR Extension: (Product Hunt) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\likjafohlgffamccflcidmedfongmkee [2016-03-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-25]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Buffer) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2017-01-25]
CHR Extension: (Simple EPUB Reader) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhbgcchcbdjdenibfmjofobklkkhofc [2016-03-09]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-09-04]
CHR Extension: (Chrome Media Router) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKU\S-1-5-21-785650546-1832744181-4140763645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Geoff\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-05-24]
CHR HKU\S-1-5-21-785650546-1832744181-4140763645-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
 
Opera: 
=======
OPR Extension: (Unlimited Free VPN - Hola) - C:\Users\Geoff\AppData\Roaming\Opera Software\Opera Stable\Extensions\ekmmelpnmfdegjhnmadddcfjcahpajnm [2017-01-10]
OPR Extension: (DotVPN — a better way to VPN) - C:\Users\Geoff\AppData\Roaming\Opera Software\Opera Stable\Extensions\hiegahbgoabbpoieploedhfnobmpgbeg [2016-08-06]
OPR Extension: (RelevantKnowledge) - C:\Users\Geoff\AppData\Roaming\Opera Software\Opera Stable\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2016-06-07]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [9461280 2016-12-29] (Emsisoft Ltd)
R2 ABBYY.Licensing.PDFTransformer.Classic.4.0; C:\Program Files (x86)\ABBYY PDF Transformer+\NetworkLicenseServer.exe [962256 2014-12-02] (ABBYY Production LLC)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [260080 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 AVG Firewall; C:\Program Files (x86)\AVG\Antivirus\afwServ.exe [275616 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [6183576 2017-01-20] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1255272 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-09] (Dropbox, Inc.)
R2 DbxSvc; C:\windows\system32\DbxSvc.exe [46400 2017-01-04] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [161000 2016-05-24] (Prosoftnet)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 avgbdisk; C:\windows\system32\drivers\avgbdiska.sys [165624 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgbidsdriver; C:\windows\system32\drivers\avgbidsdrivera.sys [311592 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgbidsh; C:\windows\system32\drivers\avgbidsha.sys [192096 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgblog; C:\windows\system32\drivers\avgbloga.sys [336920 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgbuniv; C:\windows\system32\drivers\avgbuniva.sys [50848 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\windows\system32\drivers\avgHwid.sys [39288 2017-01-20] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\windows\system32\drivers\avgMonFlt.sys [127072 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgNetNd6; C:\windows\System32\DRIVERS\avgNetNd6.sys [29944 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgNetSec; C:\windows\system32\drivers\avgNetSec.sys [456936 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgRdr; C:\windows\system32\drivers\avgRdr2.sys [101624 2017-01-20] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\windows\system32\drivers\avgRvrt.sys [75664 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgSnx; C:\windows\system32\drivers\avgSnx.sys [992488 2017-01-20] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\windows\system32\drivers\avgSP.sys [555152 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgStm; C:\windows\system32\drivers\avgStm.sys [163512 2017-01-20] (AVG Technologies CZ, s.r.o.)
S3 avgVmm; C:\windows\system32\drivers\avgVmm.sys [311472 2017-01-20] (AVG Technologies CZ, s.r.o.)
R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
R1 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [20160 2015-09-02] (Glarysoft Ltd)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-20] (Windows ® 2003 DDK 3790 provider)
R2 SGDrv; C:\windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16640 2014-02-11] (Windows ® Win 7 DDK provider)
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [29624 2016-03-28] (CyberLink Corp.)
S1 akxfkaqf; \??\C:\windows\system32\drivers\akxfkaqf.sys [X]
S1 bqttgamn; \??\C:\windows\system32\drivers\bqttgamn.sys [X]
S1 cmlzaqvf; \??\C:\windows\system32\drivers\cmlzaqvf.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 fgweazal; \??\C:\windows\system32\drivers\fgweazal.sys [X]
S1 fiexjgrx; \??\C:\windows\system32\drivers\fiexjgrx.sys [X]
S1 ftoilzns; \??\C:\windows\system32\drivers\ftoilzns.sys [X]
S1 hsawiwhl; \??\C:\windows\system32\drivers\hsawiwhl.sys [X]
S1 imiqihnr; \??\C:\windows\system32\drivers\imiqihnr.sys [X]
S1 jpamqptv; \??\C:\windows\system32\drivers\jpamqptv.sys [X]
S1 lfbvvrss; \??\C:\windows\system32\drivers\lfbvvrss.sys [X]
S1 pclerbrr; \??\C:\windows\system32\drivers\pclerbrr.sys [X]
S1 rgjfzwxb; \??\C:\windows\system32\drivers\rgjfzwxb.sys [X]
S1 whzniidn; \??\C:\windows\system32\drivers\whzniidn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-25 16:41 - 2017-01-25 16:44 - 00037244 _____ C:\Users\Geoff\Downloads\FRST.txt
2017-01-25 16:41 - 2017-01-25 16:41 - 02420736 _____ (Farbar) C:\Users\Geoff\Downloads\FRST64.exe
2017-01-25 16:41 - 2017-01-25 16:41 - 00000000 ____D C:\FRST
2017-01-25 14:04 - 2017-01-20 17:01 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgD9B.tmp
2017-01-25 14:04 - 2017-01-20 17:00 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgA5C.tmp
2017-01-25 14:04 - 2017-01-20 16:43 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg103F.tmp
2017-01-25 14:04 - 2017-01-20 16:43 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg108E.tmp
2017-01-25 14:04 - 2017-01-20 16:43 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg1244.tmp
2017-01-25 14:04 - 2017-01-20 16:43 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgFA1.tmp
2017-01-25 14:04 - 2017-01-20 16:43 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgE29.tmp
2017-01-25 14:04 - 2017-01-20 16:43 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgFD1.tmp
2017-01-25 14:04 - 2017-01-20 16:43 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgF14.tmp
2017-01-25 14:04 - 2017-01-20 16:42 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgCEE.tmp
2017-01-25 14:04 - 2017-01-20 16:42 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgBB4.tmp
2017-01-25 14:04 - 2017-01-20 16:42 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgC22.tmp
2017-01-25 14:04 - 2017-01-20 16:42 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgA1C.tmp
2017-01-25 14:04 - 2017-01-20 16:42 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgD4C.tmp
2017-01-25 14:03 - 2017-01-20 16:43 - 00397800 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\avgBoot.exe
2017-01-25 14:01 - 2017-01-25 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-25 13:40 - 2017-01-20 17:01 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg97EF.tmp
2017-01-25 13:40 - 2017-01-20 17:00 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9442.tmp
2017-01-25 13:40 - 2017-01-20 16:43 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9EF6.tmp
2017-01-25 13:40 - 2017-01-20 16:43 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgA0AC.tmp
2017-01-25 13:40 - 2017-01-20 16:43 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgA1C6.tmp
2017-01-25 13:40 - 2017-01-20 16:43 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9AC0.tmp
2017-01-25 13:40 - 2017-01-20 16:43 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg98EA.tmp
2017-01-25 13:40 - 2017-01-20 16:43 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9D40.tmp
2017-01-25 13:40 - 2017-01-20 16:43 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg99D5.tmp
2017-01-25 13:40 - 2017-01-20 16:42 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg96C5.tmp
2017-01-25 13:40 - 2017-01-20 16:42 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg950E.tmp
2017-01-25 13:40 - 2017-01-20 16:42 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg95E9.tmp
2017-01-25 13:40 - 2017-01-20 16:42 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9396.tmp
2017-01-25 13:40 - 2017-01-20 16:42 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg96F5.tmp
2017-01-25 11:21 - 2017-01-25 14:22 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-01-25 09:48 - 2017-01-25 09:48 - 00003288 ____N C:\bootsqm.dat
2017-01-24 18:34 - 2017-01-25 13:01 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2017-01-20 18:08 - 2017-01-25 13:25 - 00000000 ____D C:\ProgramData\panda_url_filtering
2017-01-20 18:08 - 2017-01-25 13:25 - 00000000 ____D C:\Program Files\Panda Security URL Filtering
2017-01-20 18:07 - 2017-01-25 13:25 - 00000000 ____D C:\Users\Geoff\AppData\LocalLow\pandasecuritytb
2017-01-20 18:07 - 2017-01-25 13:25 - 00000000 ____D C:\Program Files (x86)\pandasecuritytb
2017-01-20 18:07 - 2017-01-20 18:07 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\Panda Security
2017-01-20 18:04 - 2017-01-25 13:25 - 00000000 ____D C:\Program Files (x86)\Panda Security
2017-01-20 17:56 - 2017-01-20 18:07 - 00000000 ____D C:\ProgramData\Panda Security
2017-01-20 17:34 - 2017-01-20 17:00 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg928E.tmp
2017-01-20 17:34 - 2017-01-20 16:43 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9D22.tmp
2017-01-20 17:34 - 2017-01-20 16:43 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9D91.tmp
2017-01-20 17:34 - 2017-01-20 16:43 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9F37.tmp
2017-01-20 17:34 - 2017-01-20 16:43 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9BE8.tmp
2017-01-20 17:34 - 2017-01-20 16:43 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9A03.tmp
2017-01-20 17:34 - 2017-01-20 16:43 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9CA5.tmp
2017-01-20 17:34 - 2017-01-20 16:43 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9A90.tmp
2017-01-20 17:34 - 2017-01-20 16:42 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg95AC.tmp
2017-01-20 17:34 - 2017-01-20 16:42 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg930B.tmp
2017-01-20 17:34 - 2017-01-20 16:42 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg950F.tmp
2017-01-20 17:34 - 2017-01-20 16:42 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9193.tmp
2017-01-20 17:34 - 2017-01-20 16:42 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg9688.tmp
2017-01-20 17:23 - 2017-01-20 17:01 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgCE0.tmp
2017-01-20 17:23 - 2017-01-20 17:00 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg5BA.tmp
2017-01-20 17:23 - 2017-01-20 16:43 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg106E.tmp
2017-01-20 17:23 - 2017-01-20 16:43 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg1139.tmp
2017-01-20 17:23 - 2017-01-20 16:43 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg1198.tmp
2017-01-20 17:23 - 2017-01-20 16:43 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgFB0.tmp
2017-01-20 17:23 - 2017-01-20 16:43 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgDEA.tmp
2017-01-20 17:23 - 2017-01-20 16:43 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg100F.tmp
2017-01-20 17:23 - 2017-01-20 16:43 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgF42.tmp
2017-01-20 17:23 - 2017-01-20 16:42 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgBE4.tmp
2017-01-20 17:23 - 2017-01-20 16:42 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg637.tmp
2017-01-20 17:23 - 2017-01-20 16:42 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg790.tmp
2017-01-20 17:23 - 2017-01-20 16:42 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avg4FD.tmp
2017-01-20 17:23 - 2017-01-20 16:42 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgC33.tmp
2017-01-20 17:01 - 2017-01-20 17:00 - 00456936 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgNetSec.sys
2017-01-20 17:00 - 2017-01-20 17:00 - 00029944 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgNetNd6.sys
2017-01-20 16:56 - 2017-01-25 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2017-01-20 16:56 - 2017-01-20 16:56 - 00000944 _____ C:\Users\Public\Desktop\Trojan Killer.lnk
2017-01-20 16:55 - 2017-01-20 16:56 - 00000000 ____D C:\Program Files\GridinSoft Trojan Killer
2017-01-20 16:55 - 2017-01-20 16:55 - 00000000 ____D C:\ProgramData\GridinSoft
2017-01-20 16:48 - 2017-01-20 17:26 - 00000000 _____ C:\windows\SysWOW64\last.dump
2017-01-20 16:47 - 2017-01-20 16:49 - 45821304 _____ (GridinSoft LLC) C:\Users\Geoff\Downloads\gtk-2.2.2.2-setup.exe
2017-01-20 16:47 - 2017-01-20 16:47 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\AVG
2017-01-20 16:44 - 2017-01-25 14:05 - 00003920 _____ C:\windows\System32\Tasks\Antivirus Emergency Update
2017-01-20 16:44 - 2017-01-20 17:01 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSnx.sys
2017-01-20 16:44 - 2017-01-20 17:00 - 00992488 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgsnx.sys.148493170068201
2017-01-20 16:44 - 2017-01-20 16:43 - 00555152 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgSP.sys
2017-01-20 16:44 - 2017-01-20 16:43 - 00311472 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgVmm.sys
2017-01-20 16:44 - 2017-01-20 16:43 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgStm.sys
2017-01-20 16:44 - 2017-01-20 16:43 - 00127072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgMonFlt.sys
2017-01-20 16:44 - 2017-01-20 16:43 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRdr2.sys
2017-01-20 16:44 - 2017-01-20 16:43 - 00075664 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgRvrt.sys
2017-01-20 16:44 - 2017-01-20 16:43 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgHwid.sys
2017-01-20 16:44 - 2017-01-20 16:42 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbloga.sys
2017-01-20 16:44 - 2017-01-20 16:42 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsdrivera.sys
2017-01-20 16:44 - 2017-01-20 16:42 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbidsha.sys
2017-01-20 16:44 - 2017-01-20 16:42 - 00165624 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbdiska.sys
2017-01-20 16:44 - 2017-01-20 16:42 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgbuniva.sys
2017-01-20 16:36 - 2017-01-25 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2017-01-20 16:36 - 2017-01-20 16:36 - 00000984 _____ C:\Users\Public\Desktop\AVG.lnk
2017-01-20 16:29 - 2017-01-25 13:42 - 00003590 _____ C:\windows\System32\Tasks\AVG EUpdate Task
2017-01-20 16:28 - 2017-01-20 16:37 - 00000000 ____D C:\Program Files (x86)\AVG
2017-01-20 15:02 - 2017-01-25 13:24 - 00000000 ____D C:\ProgramData\Avg
2017-01-20 15:02 - 2017-01-20 16:46 - 00000000 ____D C:\Users\Geoff\AppData\Local\AvgSetupLog
2017-01-20 15:02 - 2017-01-20 15:02 - 00000000 ____D C:\Users\Geoff\AppData\Local\Avg
2017-01-20 14:56 - 2017-01-20 14:56 - 03449304 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Geoff\Downloads\AVG_Protection_Free_1598.exe
2017-01-20 14:51 - 2017-01-20 14:51 - 00221662 _____ C:\Users\Geoff\Downloads\MicrosoftProgram_Install_and_Uninstall.meta.diagcab
2017-01-20 14:30 - 2017-01-20 14:30 - 00000000 _____ C:\autoexec.bat
2017-01-20 14:24 - 2017-01-20 14:24 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Geoff\Downloads\SpyHunter-Installer.exe
2017-01-18 16:15 - 2017-01-18 16:15 - 03399030 _____ C:\Users\Geoff\Downloads\re.zip
2017-01-12 19:14 - 2017-01-12 19:14 - 00046192 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys
2017-01-12 19:14 - 2017-01-12 19:14 - 00046192 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys
2017-01-12 19:14 - 2017-01-12 19:14 - 00046192 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys
2017-01-11 08:46 - 2017-01-05 18:55 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-01-11 08:46 - 2017-01-05 18:55 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-01-11 08:46 - 2017-01-05 18:52 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-01-11 08:46 - 2017-01-05 18:52 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-01-11 08:46 - 2017-01-05 17:43 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-01-11 08:46 - 2017-01-05 17:42 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-01-11 08:46 - 2017-01-05 17:32 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-01-11 08:46 - 2017-01-05 17:25 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-01-11 08:46 - 2017-01-05 17:24 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-01-11 08:46 - 2017-01-05 17:24 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-01-11 08:46 - 2017-01-05 17:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-01-11 08:46 - 2017-01-05 17:23 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-01-11 08:46 - 2017-01-05 17:19 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-01-05 13:54 - 2017-01-05 13:54 - 01136591 _____ C:\Users\Geoff\Downloads\ENI (3).pdf
2017-01-05 13:54 - 2017-01-05 13:54 - 01136591 _____ C:\Users\Geoff\Downloads\ENI (2).pdf
2017-01-05 13:53 - 2017-01-05 13:53 - 01136591 _____ C:\Users\Geoff\Downloads\ENI (1).pdf
2017-01-04 06:29 - 2017-01-04 06:29 - 00003365 _____ C:\Users\Geoff\Downloads\sales_comp.xls
2017-01-04 05:25 - 2017-01-04 05:25 - 00046400 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe
2017-01-03 17:50 - 2017-01-03 17:50 - 01136591 _____ C:\Users\Geoff\Downloads\ENI.pdf
2017-01-03 13:56 - 2017-01-03 13:56 - 00289082 _____ C:\Users\Geoff\Downloads\Укр_тексти (1).rar
2017-01-03 09:45 - 2017-01-03 09:45 - 00095351 _____ C:\Users\Geoff\Downloads\2_12KLPBF revised (2).pdf
2017-01-03 09:45 - 2017-01-03 09:45 - 00095351 _____ C:\Users\Geoff\Downloads\2_12KLPBF revised (1).pdf
2017-01-03 09:44 - 2017-01-03 09:45 - 00095351 _____ C:\Users\Geoff\Downloads\2_12KLPBF revised.pdf
2017-01-03 09:42 - 2017-01-03 09:42 - 00289082 _____ C:\Users\Geoff\Downloads\Укр_тексти.rar
2016-12-31 20:16 - 2016-12-31 20:16 - 00000000 ____D C:\Users\Public\Documents\Cyberlink
2016-12-31 20:10 - 2016-12-31 20:12 - 00000000 ____D C:\ProgramData\PDVD
2016-12-31 20:10 - 2016-12-31 20:10 - 00002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD.lnk
2016-12-31 20:10 - 2016-12-31 20:10 - 00002361 _____ C:\Users\Public\Desktop\CyberLink PowerDVD 16.lnk
2016-12-31 20:10 - 2016-12-31 20:10 - 00000109 ___SH C:\Users\Public\Desktop\desktop.ini
2016-12-31 20:10 - 2016-12-31 20:10 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2016-12-31 19:56 - 2016-12-31 19:56 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2016-12-31 19:56 - 2016-12-31 19:56 - 00000000 ____D C:\ProgramData\install_clap
2016-12-31 19:53 - 2016-12-31 19:55 - 170442640 _____ C:\Users\Geoff\Documents\PowerDVD_16.0.1510.60_Trial_DVD160104-04.exe
2016-12-31 19:52 - 2016-12-31 19:53 - 01040152 _____ (CyberLink) C:\Users\Geoff\Downloads\CyberLink_PowerDVD_Downloader.exe
2016-12-31 19:35 - 2016-12-31 20:14 - 00000000 ____D C:\Users\Geoff\Documents\CyberLink
2016-12-31 14:39 - 2016-12-31 14:39 - 00289077 _____ C:\Users\Geoff\Downloads\Cold Spark 29th December.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-25 16:10 - 2015-09-05 18:33 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2017-01-25 16:09 - 2015-12-09 10:47 - 00000906 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-25 14:19 - 2012-09-14 14:50 - 00000000 ____D C:\Users\Geoff\AppData\Local\CrashDumps
2017-01-25 14:06 - 2009-07-14 03:20 - 00000000 ____D C:\windows\inf
2017-01-25 14:05 - 2015-09-02 18:48 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-01-25 14:01 - 2015-12-09 10:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-25 13:57 - 2016-04-21 11:38 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-01-25 13:57 - 2016-04-21 11:38 - 00001997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-01-25 13:55 - 2009-07-14 04:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-25 13:55 - 2009-07-14 04:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-25 13:47 - 2014-01-24 15:37 - 00000000 ____D C:\Users\Geoff\AppData\Local\Adobe
2017-01-25 13:44 - 2016-11-19 09:11 - 00000000 ____D C:\Users\Geoff\AppData\LocalLow\Mozilla
2017-01-25 13:39 - 2016-05-25 10:10 - 00000000 ____D C:\ProgramData\IDrive
2017-01-25 13:36 - 2016-04-05 14:53 - 00000000 ___RD C:\Users\Geoff\Creative Cloud Files
2017-01-25 13:35 - 2016-04-05 14:53 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-25 13:32 - 2015-10-16 09:12 - 00000000 ____D C:\Users\Guest
2017-01-25 13:32 - 2011-08-13 04:23 - 00000000 ____D C:\Users\UpdatusUser
2017-01-25 13:30 - 2011-11-26 17:39 - 00100384 _____ C:\Users\Geoff\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-25 13:28 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-25 13:27 - 2011-11-26 17:23 - 00000000 ____D C:\Users\Geoff
2017-01-25 13:25 - 2016-04-07 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-25 13:25 - 2015-11-12 10:44 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-25 13:25 - 2015-09-05 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-25 13:25 - 2015-09-05 06:36 - 00000000 ____D C:\Program Files\CCleaner
2017-01-25 13:25 - 2015-08-11 09:44 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2017-01-25 13:25 - 2009-07-14 03:20 - 00000000 ____D C:\windows\registration
2017-01-25 13:24 - 2011-08-13 05:25 - 00000000 ____D C:\ProgramData\CyberLink
2017-01-25 13:23 - 2015-09-05 19:20 - 00000000 ____D C:\EEK
2017-01-20 18:07 - 2009-07-14 03:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2017-01-20 18:07 - 2009-07-14 03:20 - 00000000 ____D C:\windows\system32\GroupPolicy
2017-01-20 17:18 - 2015-12-09 12:20 - 00000000 ___RD C:\Users\Geoff\Dropbox
2017-01-20 16:38 - 2015-08-11 10:27 - 00000000 ____D C:\Users\Geoff\AppData\Local\ElevatedDiagnostics
2017-01-20 14:23 - 2016-05-12 11:44 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-20 14:23 - 2016-04-14 13:46 - 00000000 ____D C:\Users\Geoff\AppData\Roaming\Hola
2017-01-20 14:23 - 2011-11-26 17:30 - 00001413 _____ C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-20 10:11 - 2015-08-11 09:44 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-20 10:01 - 2015-09-07 09:01 - 00000510 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task bd45eb8b-32c7-4e96-8609-f31bdbc534a0.job
2017-01-20 05:44 - 2015-09-07 09:01 - 00000510 _____ C:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5de18dd1-1e7e-4437-ace0-c11e77a98639.job
2017-01-19 05:51 - 2015-08-05 12:21 - 00000000 ____D C:\Users\Geoff\Documents\SK Action PLan
2017-01-15 15:20 - 2009-07-14 03:20 - 00000000 ____D C:\windows\rescache
2017-01-15 13:29 - 2015-09-05 18:11 - 00000000 ____D C:\Users\Geoff\Documents\Registry Back Ups
2017-01-14 07:38 - 2013-08-15 12:54 - 00000000 ____D C:\windows\system32\MRT
2017-01-14 07:32 - 2012-10-08 19:49 - 135657872 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-01-13 17:12 - 2015-08-11 09:44 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-09 16:40 - 2009-07-14 05:08 - 00032608 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-01-03 14:30 - 2015-09-05 18:44 - 00000000 ____D C:\ProgramData\Emsisoft
2017-01-01 13:09 - 2009-07-14 04:45 - 05009632 _____ C:\windows\system32\FNTCACHE.DAT
2016-12-31 20:14 - 2011-11-26 17:23 - 00000000 ___RD C:\Users\Geoff\Videos
2016-12-31 20:14 - 2011-11-26 17:23 - 00000000 ___RD C:\Users\Geoff\Pictures
2016-12-31 20:14 - 2011-11-26 17:23 - 00000000 ___RD C:\Users\Geoff\Music
2016-12-31 20:10 - 2011-08-13 04:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-31 20:10 - 2009-07-14 04:54 - 00001916 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-31 20:09 - 2015-12-08 14:23 - 00000000 ____D C:\Users\Geoff\AppData\Local\CyberLink
2016-12-31 20:09 - 2009-07-14 03:20 - 00000000 __RSD C:\windows\Fonts
2016-12-31 20:09 - 2009-07-14 02:34 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-31 20:09 - 2009-07-14 02:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-31 20:05 - 2011-08-13 05:25 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-12-31 19:55 - 2011-11-26 17:23 - 00000000 ___RD C:\Users\Geoff\Documents
2016-12-29 07:35 - 2009-07-14 05:13 - 00791242 _____ C:\windows\system32\PerfStringBackup.INI
2016-12-29 07:35 - 2009-07-14 02:36 - 00671394 _____ C:\windows\system32\perfh009.dat
2016-12-29 07:35 - 2009-07-14 02:36 - 00130846 _____ C:\windows\system32\perfc009.dat
2016-12-29 07:07 - 2015-09-17 13:39 - 00000000 ____D C:\Users\Geoff\AppData\Local\bvxvdxvx
2016-12-28 16:54 - 2015-08-05 12:26 - 00000000 ____D C:\Users\Geoff\Documents\Kalyna Language Press
 
==================== Files in the root of some directories =======
 
2015-04-14 16:28 - 2015-04-14 16:28 - 0004387 _____ () C:\Users\Geoff\AppData\Roaming\ksYGLJ2y8evzmuIc6hrifh
2015-04-19 12:20 - 2015-04-19 12:20 - 0005872 _____ () C:\Users\Geoff\AppData\Roaming\Xw3LPyEptnS9UR53yWkX
2015-09-02 08:21 - 2015-09-04 09:01 - 0104011 _____ () C:\Users\Geoff\AppData\Local\ars.cache
2015-09-02 08:21 - 2015-09-04 09:01 - 0535523 _____ () C:\Users\Geoff\AppData\Local\census.cache
2015-09-02 08:06 - 2015-09-02 08:06 - 0000036 _____ () C:\Users\Geoff\AppData\Local\housecall.guid.cache
2015-09-02 08:15 - 2015-09-04 08:56 - 0000010 _____ () C:\Users\Geoff\AppData\Local\sponge.last.runtime.cache
2016-12-14 21:38 - 2016-12-14 21:38 - 0000000 _____ () C:\Users\Geoff\AppData\Local\{259ACE5B-6413-4911-9DFF-1B19442706AC}
2016-04-02 13:42 - 2016-04-02 16:10 - 0000051 _____ () C:\ProgramData\spds90.txt
2011-08-13 05:31 - 2011-08-13 05:32 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-08-13 05:26 - 2011-08-13 05:26 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-08-13 05:29 - 2011-08-13 05:30 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-13 05:26 - 2011-08-13 05:29 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-08-13 05:30 - 2011-08-13 05:31 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-13 15:37
 
==================== End of FRST.txt ============================

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 28 January 2017 - 10:32 AM


Remove this program via the Control Panel >Programs > Programs and Features.
SpeeditupFree (HKLM-x32\...\SpeeditupFree) (Version: 10.25 - MicroSmarts LLC) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:

(© 2015 Microsoft Corporation) C:\Users\Geoff\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-785650546-1832744181-4140763645-1001\...\Run: [BingSvc] => C:\Users\Geoff\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts-x32: Restriction <======= ATTENTION
BHO-x32: No Name -> {4f426332-14d3-4383-abd6-ab0af916a73c} -> No File
Toolbar: HKU\S-1-5-21-785650546-1832744181-4140763645-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-785650546-1832744181-4140763645-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF user.js: detected! => C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\user.js [2016-05-27]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tw332mrl.default -> SearchMyWeb
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tw332mrl.default -> SearchMyWeb
FF Extension: (Panda Security Toolbar) - C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\tw332mrl.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}.xpi [2016-04-26]
FF HKLM-x32\...\Firefox\Extensions: [4lffxtbr@BibleTriviaTime_4l.com] - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.267\pepflashplayer.dll => No File
CHR Extension: (Betternet Unlimited Free VPN Proxy) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm [2017-01-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Chrome Media Router) - C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
S1 akxfkaqf; \??\C:\windows\system32\drivers\akxfkaqf.sys [X]
S1 bqttgamn; \??\C:\windows\system32\drivers\bqttgamn.sys [X]
S1 cmlzaqvf; \??\C:\windows\system32\drivers\cmlzaqvf.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 fgweazal; \??\C:\windows\system32\drivers\fgweazal.sys [X]
S1 fiexjgrx; \??\C:\windows\system32\drivers\fiexjgrx.sys [X]
S1 ftoilzns; \??\C:\windows\system32\drivers\ftoilzns.sys [X]
S1 hsawiwhl; \??\C:\windows\system32\drivers\hsawiwhl.sys [X]
S1 imiqihnr; \??\C:\windows\system32\drivers\imiqihnr.sys [X]
S1 jpamqptv; \??\C:\windows\system32\drivers\jpamqptv.sys [X]
S1 lfbvvrss; \??\C:\windows\system32\drivers\lfbvvrss.sys [X]
S1 pclerbrr; \??\C:\windows\system32\drivers\pclerbrr.sys [X]
S1 rgjfzwxb; \??\C:\windows\system32\drivers\rgjfzwxb.sys [X]
S1 whzniidn; \??\C:\windows\system32\drivers\whzniidn.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


If still unable to run any programs I suggest you do a restore of the system prior to a date that the problem started.

These are the last 3 points is see on your Addition.txt file.
25-01-2017 13:42:54 Device Driver Package Install: AVG Technologies Network Service
25-01-2017 14:05:17 Device Driver Package Install: AVG Technologies Network Service
25-01-2017 14:11:51 Windows Update

If you can and if the problem started on or about Jan 25 I would choose a date prior to Jan 25th.

p.s.
As you can see from this artilce and many others the solutioj may not be simple.
http://www.eassos.com/how-to/fix-error-code-0xc0000005.php

#12 Stefkom2

Stefkom2
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:59 PM

Posted 30 January 2017 - 05:47 AM

Hi thank you Nasdaq I did a system restore and it's okay now but I have subsequently had a BSOD. I will remove SpeeitupFree b



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,528 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 30 January 2017 - 08:08 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users