Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

potientially downloaded malware - stupid downloading

Started by duthkiss , Sep 06 2016 11:31 PM

can someone help

This topic is locked

#1
duthkiss

Posted 06 September 2016 - 11:31 PM

New Member

Member
8 posts

I was watching a programme online which didn't have subtitles so I stupidly downloaded from the page on the link below.

http://www.opensubtitles.org/e...

I then opened firefox online and was redirected to what appeared to be russian/ east european page. I used Malwarebytes which seemed to help and re-downloaded firefox.

It doesn't open those pages anymore but I do find that I'm getting alot more redirects and increased pages opening up for random scams. Also when I open my westpac online banking its an blank page. I have changed my online banking password and can get on using my Ipad, nothing sinister appears to have happened there but it is still concerning.

I have downloaded the Fabar rescue file and scanned. I don't understand any of the out comes as I only have a basic computer skills.

can someone have a look?

thanks Duthkiss

#2
zep516

Posted 08 September 2016 - 05:56 PM

Trusted Helper

Malware Removal
8,093 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Duthkiss post the log reports and we can take a look at things.

#3
duthkiss

Posted 08 September 2016 - 08:30 PM

New Member

Topic Starter
Member
8 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Andrew (administrator) on ANDREW-PC (07-09-2016 17:15:10)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew (Available Profiles: Andrew & UpdatusUser & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Andrew\AppData\Roaming\BitTorrent\BitTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Philips Display\SmartControl\dthtml.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(BitTorrent Inc.) C:\Users\Andrew\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
(BitTorrent Inc.) C:\Users\Andrew\AppData\Roaming\BitTorrent\updates\7.9.8_42450\utorrentie.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VX1000] => C:\WINDOWS\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-11-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5015040 2012-02-11] (VIA)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM-x32\...\Run: [DT PLP] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121456 2010-05-17] ()
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1252411361-2510147038-848604133-1000\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-20] (Spotify Ltd)
HKU\S-1-5-21-1252411361-2510147038-848604133-1000\...\Run: [BitTorrent] => C:\Users\Andrew\AppData\Roaming\BitTorrent\BitTorrent.exe [2140680 2016-08-13] (BitTorrent Inc.)
HKU\S-1-5-21-1252411361-2510147038-848604133-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29488256 2016-07-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1252411361-2510147038-848604133-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1252411361-2510147038-848604133-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1252411361-2510147038-848604133-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-1252411361-2510147038-848604133-1000\...\RunOnce: [Uninstall C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andrew\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-08-16] (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-01-23]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{026baef2-6c89-487a-8a89-52213d5c5e8b}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{456cd6f0-812e-4205-aeda-f6a132684f2b}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{80213817-18bb-48c4-9c2a-adeeb017c84b}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-24] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-24] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
DPF: HKLM-x32 {D2E09CB2-4464-441D-8F76-49FD93007355} hxxps://images.eastmedradiology.co.nz/web3/WebClientLoader.ocx
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-24] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\e6yfpmet.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Extension: (Blur) - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\e6yfpmet.default\Extensions\[email protected] [2016-08-09]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll => No File
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-27]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-04]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-04]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-05]
CHR Extension: (Skype) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-07-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-05]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2981056 2016-08-11] (Microsoft Corporation)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [121456 2010-05-17] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AE3000; C:\Windows\System32\drivers\AE3000w764.sys [1717824 2012-03-02] (Ralink Technology Corp.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 17:15 - 2016-09-07 17:15 - 00022424 _____ C:\Users\Andrew\Downloads\FRST.txt
2016-09-07 17:15 - 2016-09-07 17:15 - 00000000 ____D C:\FRST
2016-09-07 17:14 - 2016-09-07 17:14 - 02397696 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2016-09-06 13:19 - 2016-09-06 13:19 - 00009152 _____ C:\Users\Andrew\Downloads\printForm (8).pdf
2016-08-30 21:28 - 2016-08-30 21:28 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-30 21:28 - 2016-08-30 21:28 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-30 21:27 - 2016-08-30 21:27 - 00242136 _____ C:\Users\Andrew\Downloads\Firefox Setup Stub 48.0.2.exe
2016-08-30 20:45 - 2016-08-30 20:45 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-08-30 20:45 - 2016-08-30 20:45 - 00002153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-08-28 14:21 - 2016-08-28 14:21 - 00009166 _____ C:\Users\Andrew\Downloads\printForm (7).pdf
2016-08-28 14:16 - 2016-08-28 14:16 - 00009235 _____ C:\Users\Andrew\Downloads\printForm (6).pdf
2016-08-27 10:44 - 2016-08-30 21:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 18:41 - 2016-08-23 18:41 - 00009174 _____ C:\Users\Andrew\Downloads\printForm (5).pdf
2016-08-23 18:34 - 2016-08-23 18:34 - 00009199 _____ C:\Users\Andrew\Downloads\printForm (4).pdf
2016-08-19 19:02 - 2016-08-19 19:02 - 00009178 _____ C:\Users\Andrew\Downloads\printForm (3).pdf
2016-08-19 18:54 - 2016-08-19 18:54 - 00009119 _____ C:\Users\Andrew\Downloads\printForm (2).pdf
2016-08-16 17:11 - 2016-08-16 17:11 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-08-16 17:02 - 2016-08-16 17:02 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-13 08:17 - 2016-09-05 17:52 - 00000000 ____D C:\Users\Andrew\AppData\LocalLow\BitTorrent
2016-08-11 16:24 - 2016-08-03 23:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-11 16:24 - 2016-08-03 23:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-11 16:24 - 2016-08-03 23:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-11 16:24 - 2016-08-03 22:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-11 16:24 - 2016-08-03 22:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-11 16:24 - 2016-08-03 22:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-11 16:24 - 2016-08-03 22:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-11 16:24 - 2016-08-03 22:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-11 16:24 - 2016-08-03 22:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-11 16:24 - 2016-08-03 22:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-11 16:24 - 2016-08-03 22:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-11 16:24 - 2016-08-03 22:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-11 16:24 - 2016-08-03 22:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-11 16:24 - 2016-08-03 22:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-11 16:24 - 2016-08-03 22:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-11 16:24 - 2016-08-03 22:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-11 16:24 - 2016-08-03 22:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-11 16:24 - 2016-08-03 22:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-11 16:24 - 2016-08-03 22:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-11 16:24 - 2016-08-03 22:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-11 16:24 - 2016-08-03 22:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-11 16:24 - 2016-08-03 22:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-11 16:24 - 2016-08-03 22:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-11 16:24 - 2016-08-03 22:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-11 16:24 - 2016-08-03 22:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-11 16:24 - 2016-08-03 22:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-11 16:24 - 2016-08-03 21:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-11 16:24 - 2016-08-03 21:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-11 16:24 - 2016-08-03 21:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-11 16:24 - 2016-08-03 21:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-11 16:24 - 2016-08-03 21:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-11 16:24 - 2016-08-03 21:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-11 16:24 - 2016-08-03 21:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-11 16:24 - 2016-08-03 21:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-11 16:24 - 2016-08-03 21:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-11 16:24 - 2016-08-03 21:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-11 16:24 - 2016-08-03 21:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-11 16:24 - 2016-08-03 21:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-11 16:24 - 2016-08-03 21:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-11 16:24 - 2016-08-03 21:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-11 16:24 - 2016-08-03 21:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-11 16:24 - 2016-08-03 21:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-11 16:24 - 2016-08-03 21:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-11 16:24 - 2016-08-03 21:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-11 16:24 - 2016-08-03 21:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-11 16:24 - 2016-08-03 21:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-11 16:24 - 2016-08-03 21:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-11 16:24 - 2016-08-03 21:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-11 16:24 - 2016-08-03 21:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-11 16:24 - 2016-08-03 21:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-11 16:24 - 2016-08-03 21:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-11 16:24 - 2016-08-03 21:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-11 16:24 - 2016-08-03 21:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-11 16:24 - 2016-08-03 21:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-11 16:24 - 2016-08-03 21:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-11 16:24 - 2016-08-03 21:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-11 16:24 - 2016-08-03 21:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-11 16:24 - 2016-08-03 21:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-11 16:24 - 2016-08-03 21:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-11 16:24 - 2016-08-03 21:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-11 16:24 - 2016-08-03 21:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-11 16:24 - 2016-08-03 21:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-11 16:24 - 2016-08-03 21:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-11 16:24 - 2016-08-03 21:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-11 16:24 - 2016-08-03 21:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-11 16:24 - 2016-08-03 21:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-11 16:24 - 2016-08-03 21:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-11 16:24 - 2016-08-03 21:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-11 16:24 - 2016-08-03 21:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-11 16:24 - 2016-08-03 21:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-11 16:24 - 2016-08-03 21:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-11 16:24 - 2016-08-03 21:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-11 16:24 - 2016-08-03 21:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-11 16:24 - 2016-08-03 21:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-11 16:24 - 2016-08-03 21:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-11 16:24 - 2016-08-03 21:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-11 16:24 - 2016-08-03 21:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-11 16:24 - 2016-08-03 21:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-11 16:24 - 2016-08-03 21:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-11 16:24 - 2016-08-03 21:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-11 16:24 - 2016-08-03 21:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-11 16:24 - 2016-08-03 21:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-11 16:24 - 2016-08-03 21:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-11 16:24 - 2016-08-03 21:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-11 16:24 - 2016-08-03 21:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-11 16:24 - 2016-08-03 21:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-11 16:24 - 2016-08-03 17:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-11 16:24 - 2016-08-03 17:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-11 16:24 - 2016-08-03 17:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-11 16:24 - 2016-08-03 17:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-11 16:24 - 2016-08-03 17:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-11 16:24 - 2016-08-03 17:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-11 16:24 - 2016-08-03 17:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-11 16:24 - 2016-08-03 17:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-11 16:24 - 2016-08-03 17:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-11 16:24 - 2016-08-03 17:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-11 16:24 - 2016-08-03 16:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-11 16:24 - 2016-08-03 16:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-11 16:24 - 2016-08-03 16:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-11 16:24 - 2016-08-03 16:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-11 16:24 - 2016-08-03 16:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-11 16:24 - 2016-08-03 16:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-11 16:24 - 2016-08-03 16:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-11 16:24 - 2016-08-03 16:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-11 16:24 - 2016-08-03 16:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-11 16:24 - 2016-08-03 16:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-11 16:24 - 2016-08-03 16:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-11 16:24 - 2016-08-03 16:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-11 16:24 - 2016-08-03 16:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-11 16:24 - 2016-08-03 16:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-11 16:24 - 2016-08-03 16:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-11 16:24 - 2016-08-03 16:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-11 16:24 - 2016-08-03 16:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-11 16:24 - 2016-08-03 16:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-11 16:24 - 2016-08-03 16:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-11 16:24 - 2016-08-03 16:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-11 16:24 - 2016-08-03 16:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-11 16:24 - 2016-08-03 16:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-11 16:24 - 2016-08-03 16:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-11 16:24 - 2016-08-03 16:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-11 16:24 - 2016-08-03 16:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-11 16:24 - 2016-08-03 16:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-11 16:24 - 2016-08-03 16:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-11 16:24 - 2016-08-03 16:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-11 16:24 - 2016-08-03 16:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-11 16:24 - 2016-08-03 16:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-11 16:24 - 2016-08-03 16:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-11 16:24 - 2016-08-03 16:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-11 16:24 - 2016-08-03 16:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 17:13 - 2013-05-18 18:40 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\BitTorrent
2016-09-07 17:11 - 2013-05-06 20:00 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 16:52 - 2013-04-30 08:16 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-07 16:27 - 2016-03-24 14:27 - 00000911 _____ C:\WINDOWS\Tasks\EPSON XP-420 Series Update {97E5D7E0-4358-4877-BF4A-3CA940D70ECB}.job
2016-09-07 14:19 - 2016-07-26 09:24 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{81132DC1-D427-4707-AB74-5892B7EE6771}
2016-09-07 10:11 - 2013-05-06 20:00 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-06 18:14 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-06 03:35 - 2013-05-02 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-05 21:25 - 2014-07-12 18:13 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-05 18:03 - 2015-10-30 19:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-05 17:56 - 2016-06-02 15:54 - 01009736 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 17:56 - 2015-10-30 19:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-05 17:52 - 2016-03-31 14:22 - 00000000 ___RD C:\Users\Andrew\iCloudDrive
2016-09-05 17:52 - 2013-04-30 12:52 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2016-09-05 17:50 - 2016-02-14 01:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-05 17:50 - 2013-04-30 07:47 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-01 14:33 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 14:33 - 2015-10-30 19:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 14:20 - 2013-04-29 19:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-30 21:20 - 2015-10-30 19:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-08-30 21:19 - 2015-10-30 18:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-30 20:49 - 2013-05-11 13:16 - 00000000 ____D C:\Users\Andrew\Desktop\Clinic
2016-08-30 20:37 - 2015-01-23 15:10 - 00000000 ____D C:\ACC Invoices
2016-08-24 16:38 - 2015-10-30 19:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 18:48 - 2013-04-30 12:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-19 18:48 - 2013-04-30 12:51 - 00000000 ____D C:\ProgramData\Skype
2016-08-16 18:31 - 2016-07-25 11:28 - 00055624 _____ C:\Users\Andrew\Desktop\ACC HAND BOOK - for Peer Group Meeting.pptx
2016-08-16 17:11 - 2016-06-02 15:55 - 00000000 ____D C:\Users\DefaultAppPool
2016-08-16 17:02 - 2016-06-02 16:41 - 00002366 _____ C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-16 17:02 - 2014-02-12 14:39 - 00000000 ___RD C:\Users\Andrew\SkyDrive
2016-08-15 21:17 - 2016-06-02 16:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\Packages
2016-08-15 21:16 - 2014-07-12 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-15 21:16 - 2014-07-12 18:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-15 21:16 - 2013-05-19 18:45 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-13 09:53 - 2013-04-30 14:52 - 00921624 _____ C:\img2-001.raw
2016-08-13 08:25 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 07:56 - 2016-02-14 01:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 03:31 - 2016-02-14 01:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 03:31 - 2015-10-30 19:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 20:08 - 2015-04-08 08:30 - 00000000 ____D C:\Users\Andrew\Desktop\Otahuhu Leopards
2016-08-11 16:54 - 2015-10-30 19:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 16:54 - 2013-08-15 11:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 16:49 - 2013-05-09 19:43 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-05 19:36

==================== End of FRST.txt ============================

#4
duthkiss

Posted 08 September 2016 - 08:31 PM

New Member

Topic Starter
Member
8 posts

Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/05/2016 05:53:52 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
The password for this account has expired.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/05/2016 05:50:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/05/2016 05:50:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:00:39 PM on ‎9/‎2/‎2016 was unexpected.

Error: (09/05/2016 05:49:59 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256844605682411134048

Error: (09/01/2016 02:23:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (09/01/2016 02:23:33 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
The password for this account has expired.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (09/01/2016 02:21:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/01/2016 02:21:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:43:26 PM on ‎8/‎31/‎2016 was unexpected.

Error: (09/01/2016 02:20:45 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256844605682411134048

CodeIntegrity:
===================================
Date: 2016-09-06 03:35:32.188
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-05 19:36:44.463
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-09-05 18:02:19.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 11:50:26.698
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 18:12:38.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 18:12:38.239
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-01 14:33:53.741
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-31 20:19:58.995
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-08-30 21:40:01.849
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-30 21:13:30.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 49%
Total physical RAM: 8128.28 MB
Available physical RAM: 4138.82 MB
Total Virtual: 16320.28 MB
Available Virtual: 11878.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:563.49 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:137.31 GB) NTFS
Drive e: (EPSON) (CDROM) (Total:0.3 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1D0A3277)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: FD8330DA)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#5
duthkiss

Posted 08 September 2016 - 08:31 PM

New Member

Topic Starter
Member
8 posts

#6
zep516

Posted 08 September 2016 - 08:38 PM

Trusted Helper

Malware Removal
8,093 posts

Hello,

What browser has issues ?

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
Emptytemp:

Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

#7
duthkiss

Posted 09 September 2016 - 09:46 PM

New Member

Topic Starter
Member
8 posts

firefox

#8
zep516

Posted 09 September 2016 - 09:49 PM

Trusted Helper

Malware Removal
8,093 posts

Follow the rest of the instructions in post # 6

#9
duthkiss

Posted 11 September 2016 - 09:52 PM

New Member

Topic Starter
Member
8 posts

thank you that seemed to work a treat. what was actually on there?

#10
zep516

Posted 11 September 2016 - 09:58 PM

Trusted Helper

Malware Removal
8,093 posts

I have no idea because you did not post the log files.

See if there is a log report called C1.TXT here--> C:\AdwCleaner folder. Copy and paste it to your next reply C1.txt

#11
zep516

Posted 23 September 2016 - 02:34 PM

Trusted Helper

Malware Removal
8,093 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.