Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Reply
 
Topic Tools
  #1  
Old May 24th, 2017, 06:29 PM
kickers kickers is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
slllllllllloooooowwwwwww computer

Please help am running windows 7 and the past few weeks my computer has been running real slow..what to do? Thank You
Reply With Quote


  #2  
Old May 26th, 2017, 01:13 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,072
Howdy kickers,


Let's take a look.



To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


If you know how, it's best to disable your antivirus while doing these steps.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old June 13th, 2017, 02:44 AM
kickers kickers is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
fst

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017
Ran by Debbie (administrator) on DEBBIE-PC (11-06-2017 23:35:22)
Running from C:\Users\Debbie\Desktop
Loaded Profiles: Debbie & UpdatusUser (Available Profiles: Debbie & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent_x64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService .exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
( ) C:\Windows\System32\lxdacoms.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_ 0_0_171_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-144859163-3101515412-1175464348-1001\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\S-1-5-21-144859163-3101515412-1175464348-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [456224 2010-07-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BA4EE3B1-E485-46FC-88E6-D5D1F7BF8524}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/fromdoctopdf/ttab02ie/index.html?n=7839E897&p2=^Y6^xpu005^TTAB02^us&ptb= 4E5D4E96-301E-44DC-9591-03631FEF66D1&si=2004&coid=674224b75f12457eac48cf91 55905eeb
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {32CDCC52-BC6F-47B4-AFFA-3781CB945611} URL =
SearchScopes: HKLM -> {A526E8A3-451D-4A8B-8ADD-B93DA7CD69AF} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-144859163-3101515412-1175464348-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-144859163-3101515412-1175464348-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-144859163-3101515412-1175464348-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} hxxp://cdn3.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Songbird2\Profiles \onzt21q8.default [2013-12-11]
FF NetworkProxy: Songbird2\Profiles\onzt21q8.default -> no_proxies_on", "127.0.0.1;localhost"
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\concerts@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest .com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest. com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest. com [not found]
FF HKU\S-1-5-21-144859163-3101515412-1175464348-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_ 171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_ 171.dll [2017-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1. dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgames player.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-144859163-3101515412-1175464348-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Debbie\AppData\Local\Google\Update\1.3.24 .15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-144859163-3101515412-1175464348-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Debbie\AppData\Local\Google\Update\1.3.24 .15\npGoogleUpdate3.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]
CHR Extension: (Google Slides) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-08-14]
CHR Extension: (Google Docs) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-08-14]
CHR Extension: (Google Drive) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-08-14]
CHR Extension: (YouTube) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-08-14]
CHR Extension: (Google Sheets) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-08-14]
CHR Extension: (Google Docs Offline) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-08-14]
CHR Extension: (Gmail) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-08-14]
CHR Extension: (Chrome Media Router) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-08-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe [626208 2009-08-10] ()
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 lxda_device; C:\Windows\system32\lxdacoms.exe [566192 2007-04-26] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-02-23] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2017-06-07] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 23:35 - 2017-06-11 23:36 - 00017662 _____ C:\Users\Debbie\Desktop\FRST.txt
2017-06-11 23:35 - 2017-06-11 23:35 - 00000000 ____D C:\FRST
2017-06-11 23:34 - 2017-06-11 23:34 - 02438656 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2017-06-11 23:23 - 2017-06-11 23:23 - 00000000 ____D C:\Users\Debbie\AppData\Local\{615E4DED-1288-4B5E-8739-D929A32B79DD}
2017-06-11 22:56 - 2017-06-11 22:56 - 00125952 _____ C:\Users\Debbie\Desktop\debmat.PSproj
2017-06-11 22:45 - 2017-06-11 22:45 - 01373546 _____ C:\Users\Debbie\Desktop\297219784071546.htm
2017-06-11 22:14 - 2017-06-11 22:14 - 00000000 ____D C:\Program Files (x86)\MysticIsland.net
2017-06-11 18:01 - 2017-06-11 18:01 - 00000553 _____ C:\Users\UpdatusUser\Desktop\Mystic Island.lnk
2017-06-11 18:01 - 2017-06-11 18:01 - 00000553 _____ C:\Users\Debbie\Desktop\Mystic Island.lnk
2017-06-11 18:01 - 2017-06-11 18:01 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Mystic Island Gaming Park
2017-06-11 18:01 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.011
2017-06-11 18:01 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00C
2017-06-11 18:01 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00D
2017-06-11 18:01 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00F
2017-06-11 18:01 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00E
2017-06-11 18:01 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.010
2017-06-11 18:01 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2017-06-10 23:32 - 2017-06-10 23:32 - 00000000 __SHD C:\Users\Debbie\AppData\Roaming\wyUpdate AU
2017-06-10 23:32 - 2017-06-10 23:32 - 00000000 ____D C:\Users\Debbie\AppData\Local\Mystic_Island
2017-06-10 15:26 - 2017-06-10 15:26 - 00000000 ____D C:\Users\Debbie\AppData\Local\FromDocToPDFTooltab
2017-06-08 14:01 - 2017-06-08 14:02 - 46809448 _____ (MysticIsland.net) C:\Users\Debbie\Documents\setup110r5.exe
2017-06-06 10:14 - 2017-06-06 10:39 - 00000000 ____D C:\ProgramData\Mystic Island
2017-06-06 10:14 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00B
2017-06-06 10:14 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2017-06-06 10:14 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.007
2017-06-06 10:14 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.009
2017-06-06 10:14 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.008
2017-06-06 10:14 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00A
2017-06-06 10:13 - 2017-06-11 18:04 - 00000000 ____D C:\Program Files (x86)\Mystic Island
2017-06-06 10:13 - 2017-06-11 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystic Island Gaming Park
2017-06-06 10:13 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2017-06-06 10:13 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2017-06-06 10:13 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2017-06-06 10:13 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2017-06-06 10:13 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2017-06-06 10:13 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2017-06-06 10:13 - 1998-09-11 09:14 - 00021504 _____ () C:\Windows\SysWOW64\WBCustomizer.dll
2017-06-06 10:13 - 1997-12-22 15:47 - 00080896 _____ (Dolphin Systems Inc.) C:\Windows\SysWOW64\Dssock32.ocx
2017-06-06 10:12 - 2017-06-06 10:12 - 13475060 _____ C:\Users\Debbie\Desktop\mystic386b.exe
2017-06-05 09:49 - 2017-06-07 09:49 - 00013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2017-06-05 09:48 - 2017-06-08 15:06 - 00000000 ____D C:\Users\Debbie\AppData\Local\SlimWare Utilities Inc
2017-06-01 10:35 - 2017-06-01 13:47 - 02267136 _____ C:\Users\Debbie\Desktop\My Project (1).PSproj
2017-05-28 10:30 - 2017-05-28 10:30 - 00000128 _____ C:\Windows\wininit.ini
2017-05-28 10:30 - 2017-05-28 10:30 - 00000000 ____D C:\Users\Debbie\AppData\Local\Downloaded Installers
2017-05-25 07:47 - 2017-05-25 07:47 - 00000000 ____D C:\Windows\Minidump
2017-05-24 14:36 - 2017-05-24 14:36 - 04110280 _____ C:\Users\Debbie\Desktop\adwcleaner_6.047.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 10:03 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-11 10:03 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-09 15:12 - 2014-09-17 14:25 - 00000000 ____D C:\Users\Debbie\AppData\Local\CrashDumps
2017-06-08 15:46 - 2011-12-12 12:42 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-08 15:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-08 15:09 - 2012-07-06 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-08 14:03 - 2014-09-27 14:45 - 00000000 ____D C:\Users\Debbie\AppData\Local\Downloaded Installations
2017-06-07 07:35 - 2012-07-06 11:23 - 00000000 ____D C:\Program Files (x86)\HP
2017-06-05 09:53 - 2009-07-14 01:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-05 09:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-05 09:48 - 2009-07-07 04:14 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-04 01:00 - 2014-09-25 14:55 - 00000000 ____D C:\Users\Debbie\AppData\Local\ElevatedDiagnostics
2017-05-30 16:45 - 2010-11-20 23:27 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-25 07:47 - 2009-07-07 04:11 - 00301373 ____N C:\Windows\Minidump\052517-20264-01.dmp
2017-05-24 14:42 - 2013-04-12 03:03 - 00000000 ____D C:\Users\UpdatusUser
2017-05-24 14:39 - 2016-03-09 16:44 - 00000000 ____D C:\AdwCleaner
2017-05-24 03:08 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 03:01 - 2011-09-15 20:11 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-20 15:10 - 2017-01-26 13:34 - 00000000 ____D C:\Users\Debbie\Desktop\New folder

==================== Files in the root of some directories =======

2014-04-22 08:59 - 2014-04-22 00:39 - 0197000 _____ () C:\Program Files (x86)\8eres.dll
2013-12-19 14:15 - 2014-08-28 00:32 - 0000148 _____ () C:\Users\Debbie\AppData\Roaming\WB.CFG
2012-07-06 11:23 - 2017-06-08 15:45 - 0028828 _____ () C:\ProgramData\hpzinstall.log
2016-05-11 15:09 - 2016-05-11 15:09 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-11 15:09 - 2016-05-11 15:09 - 0005008 _____ () C:\ProgramData\olmshzqo.mcy

Some files in TEMP:
====================
2016-02-19 19:30 - 2016-01-22 02:09 - 1314328 _____ (Microsoft Corporation) C:\Users\Debbie\AppData\Local\Temp\dllnt_dump.dll
2017-06-11 10:46 - 1999-06-25 08:55 - 0149504 _____ () C:\Users\Debbie\AppData\Local\Temp\GLB1A2B.EXE
2016-07-20 09:25 - 2016-07-20 09:25 - 0741440 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-22 07:20 - 2016-10-22 07:20 - 0737856 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-21 08:20 - 2017-01-21 08:20 - 0739904 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-22 07:20 - 2017-04-22 07:20 - 0739904 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-04-23 07:20 - 2016-06-25 07:20 - 0739904 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-03-03 05:50 - 2015-07-29 16:08 - 0681097 _____ (SQLite Development Team) C:\Users\Debbie\AppData\Local\Temp\sqlite3.dll
2016-05-11 15:09 - 2016-05-11 15:09 - 0429280 _____ () C:\Users\Debbie\AppData\Local\Temp\xuninst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-02 02:10

==================== End of FRST.txt ============================
Reply With Quote
  #4  
Old June 13th, 2017, 02:45 AM
kickers kickers is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
addt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017
Ran by Debbie (11-06-2017 23:36:53)
Running from C:\Users\Debbie\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-14 20:35:13)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-144859163-3101515412-1175464348-500 - Administrator - Disabled)
Debbie (S-1-5-21-144859163-3101515412-1175464348-1000 - Administrator - Enabled) => C:\Users\Debbie
Guest (S-1-5-21-144859163-3101515412-1175464348-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-144859163-3101515412-1175464348-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions ŕ distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.03.3003 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0221.2011 - Acer Incorporated)
Flash Player Pro V5.4 (HKLM-x32\...\Flash Player Pro_is1) (Version: - FlashPlayerPro.com)
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 1.0 - Blue Labs, LLC)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-144859163-3101515412-1175464348-1000\...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060F0}) (Version: 7.0.600 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mystic Island Casino (HKLM-x32\...\{C09280E9-C208-4438-933B-579B9BBFFE53}) (Version: 1.10.0000 - MysticIsland.net)
Mystic Island v3.86 (HKLM-x32\...\Mystic Island v3.86) (Version: - )
Neat (HKLM-x32\...\Neat) (Version: 5.5.2.7 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.5 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.5.2.7 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.5 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.4 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7316 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6684 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
SmartDraw 2012 (HKLM-x32\...\SmartDraw 2012) (Version: - SmartDraw.com)
The Print Shop 3.0 Deluxe (HKLM-x32\...\{49B3B2D8-3429-492D-BAB5-5542048D5030}) (Version: 3.0.6 - Encore)
The Print Shop 3.0 Fonts (HKLM-x32\...\{2C3060F6-F0DC-4F63-A70F-2070BE57EEDC}) (Version: 1.0 - Encore)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-08-10 19:01 - 2009-08-10 19:01 - 00626208 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
2009-08-10 19:00 - 2009-08-10 19:00 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.d ll
2009-08-10 19:01 - 2009-08-10 19:01 - 00578592 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase .dll
2009-08-10 19:01 - 2009-08-10 19:01 - 00206880 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2013-09-21 06:24 - 2013-06-25 12:08 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2010-02-28 05:33 - 2010-02-28 05:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2013-04-12 03:02 - 2013-01-31 05:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [118]
AlternateDataStreams: C:\ProgramData\TEMP:B9000539 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-144859163-3101515412-1175464348-1000\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-02-19 19:21 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BE357E37-9C27-4A6F-B6A0-E419414D17A3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B17E6805-35EB-47BF-AA20-DDD0A69F8A80}] => (Allow) LPort=2869
FirewallRules: [{A81C3C55-CE89-4131-A8FC-71151D2CAD43}] => (Allow) LPort=1900
FirewallRules: [{53A6FFD9-F922-4A55-B4FA-61D8D6857B47}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{9381C372-7838-47F9-B83C-85AB316C517F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AEE5192C-F04D-4F61-A1D3-A7A561AE29F5}] => (Allow) C:\Windows\System32\lxdacoms.exe
FirewallRules: [{8AB9C8A4-2DE9-49D6-8B05-E3B455AB8752}] => (Allow) C:\Windows\System32\lxdacoms.exe
FirewallRules: [{FB136E93-09D0-4E5A-88D0-75E4873E9596}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{DFFB6A7C-82DE-40E9-ABC4-32E0427FBEFB}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{41CC433D-00F0-46F6-AC00-F29622BDCB6A}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{D4A796B6-5A9D-42AE-88FF-E344F4248CDD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{90583F21-8A32-432F-AEED-C4AFCD283E8D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6C29CC21-22B3-4B65-9813-9C29828D1546}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\7zS46E6\HPDiagn osticCoreUI.exe
FirewallRules: [{41769EFC-2EA2-4C2F-B599-79E1B66226F3}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\7zS46E6\HPDiagn osticCoreUI.exe
FirewallRules: [{10873C50-1A2B-4BE3-8A64-4525FF9833F8}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\7zS4CBF\hppiw.e xe
FirewallRules: [{C6AB512D-3B58-4512-B1FB-02E8FCE78CFC}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\7zS4CBF\hppiw.e xe
FirewallRules: [{784ED75B-6CA2-48DD-8214-85150B8FA961}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\7zS4EDD\hppiw.e xe
FirewallRules: [{A28D8707-D539-424B-99F1-2873B513FB05}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\7zS4EDD\hppiw.e xe
FirewallRules: [TCP Query User{2654584A-704B-49FB-BF01-C5727EA0DC22}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{0702E934-FA03-4AC6-84A8-CEC27B7317CA}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{09B58C06-E9EA-40A0-A48C-266EA4FB8570}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3BADBF65-7BDA-46ED-9401-138A083A7B85}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C7BF89E7-4C20-48BA-A315-5208900B1B73}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{99D6F12B-1575-42E6-9F22-B0D715F3D71B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F6BCCDE2-7439-4805-8F0E-B00CD1793D9A}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\nsgA8A4.tmp\Ins taller-10522282.exe
FirewallRules: [{ACE9BCC5-6B96-450B-A118-927F59936D67}] => (Allow) C:\Users\Debbie\AppData\Local\Temp\nsgA8A4.tmp\Ins taller-10522282.exe
FirewallRules: [{EA97FDED-98A5-4083-89F1-8F8C30BDCA4F}] => (Allow) C:\Users\Debbie\AppData\Local\Chromium\Application \chrome.exe

==================== Restore Points =========================

17-05-2017 03:52:13 Windows Update
21-05-2017 03:51:10 Windows Update
24-05-2017 03:00:13 Windows Update
27-05-2017 03:48:44 Windows Update
30-05-2017 07:59:46 Windows Update
03-06-2017 03:49:04 Windows Update
06-06-2017 09:59:53 Windows Update
08-06-2017 14:03:41 Installed Mystic Island Casino.
08-06-2017 15:06:19 Removed DriverUpdate
10-06-2017 06:12:21 Windows Update
11-06-2017 10:47:48 Removed Mystic Island Casino.
11-06-2017 22:13:48 Installed Mystic Island Casino.

==================== Faulty Device Manager Devices =============

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/11/2017 10:40:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18666 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e8

Start Time: 01d2e21f1fc98de0

Termination Time: 1543

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/09/2017 11:27:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
Faulting module name: MSHTML.dll, version: 11.0.9600.18666, time stamp: 0x58f3218f
Exception code: 0xc0000005
Fault offset: 0x006b750b
Faulting process id: 0x1080
Faulting application start time: 0x01d2e08fe0fd5e60
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: 28f61928-4d28-11e7-93d1-f80f4121c140

Error: (06/07/2017 08:15:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
Faulting module name: MSHTML.dll, version: 11.0.9600.18666, time stamp: 0x58f3218f
Exception code: 0xc0000005
Fault offset: 0x00fbfe19
Faulting process id: 0x1724
Faulting application start time: 0x01d2df87a83c5940
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: ee1b43b8-4b7a-11e7-93d1-f80f4121c140

Error: (06/05/2017 10:48:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
Faulting module name: MSHTML.dll, version: 11.0.9600.18666, time stamp: 0x58f3218f
Exception code: 0xc0000005
Fault offset: 0x004d6405
Faulting process id: 0x53c
Faulting application start time: 0x01d2de049a372f48
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\system32\MSHTML.dll
Report Id: 05de96e0-49fe-11e7-93d1-f80f4121c140

Error: (06/05/2017 09:49:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (06/04/2017 09:28:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18666 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 25f0

Start Time: 01d2dd35d61f9588

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/04/2017 09:24:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18666 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1fe8

Start Time: 01d2dd356d283f08

Termination Time: 1575

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/04/2017 09:21:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18666 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a68

Start Time: 01d2dd3523b74828

Termination Time: 18

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/03/2017 06:36:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18666, time stamp: 0x58f30f27
Faulting module name: Flash32_25_0_0_171.ocx, version: 25.0.0.171, time stamp: 0x590169a6
Exception code: 0x40000015
Fault offset: 0x0075b9a1
Faulting process id: 0x15a8
Faulting application start time: 0x01d2d7e6ab1454e0
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\SysWOW64\Macromed\Flash\Flash32_25_0_0_ 171.ocx
Report Id: 8f9e3d98-4848-11e7-89a1-f80f4121c140

Error: (06/02/2017 09:08:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18666 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12fc

Start Time: 01d2db9b75e9a938

Termination Time: 1605

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:


System errors:
=============
Error: (06/09/2017 03:14:03 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (06/06/2017 03:09:14 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (06/06/2017 03:04:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (06/02/2017 08:28:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (05/25/2017 07:47:31 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa80021c8660, 0xfffff80004461740). A dump was saved in: C:\Windows\Minidump\052517-20264-01.dmp. Report Id: 052517-20264-01.

Error: (05/25/2017 07:47:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:46:02 AM on ‎5/‎25/‎2017 was unexpected.

Error: (05/24/2017 02:38:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (05/24/2017 02:38:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

Error: (05/24/2017 02:38:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/24/2017 02:38:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-02-19 18:20:41.739
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-19 18:20:41.646
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-19 18:20:41.552
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-02-19 18:20:41.458
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-08 10:20:53.861
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-08 10:20:53.705
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-08 10:20:53.565
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-08 10:20:53.424
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-01 22:39:08.352
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-09-01 22:39:08.274
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD Athlon(tm) II X2 220 Processor
Percentage of memory in use: 72%
Total physical RAM: 2815.37 MB
Available physical RAM: 779.42 MB
Total Virtual: 5896.9 MB
Available Virtual: 1550.98 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:911.88 GB) (Free:856.27 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: 35D5C1F3)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #5  
Old June 14th, 2017, 08:23 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,072
Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change". Do not use Revo to uninstall these please.

Flash Player Pro V5.4
FromDocToPDF Internet Explorer Homepage and New Tab


-------------

Go to Start, Search, type notepad in the Search box, and hit Enter. In the open Notepad text box, copy and past the following (inside the Code box):

Code:
start
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BA4EE3B1-E485-46FC-88E6-D5D1F7BF8524}: [DhcpNameServer] 172.20.10.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/fromdoctopdf/ttab02ie/index.html?n=7839E897&p2=^Y6^xpu005^TTAB02^us&ptb= 4E5D4E96-301E-44DC-9591-03631FEF66D1&si=2004&coid=674224b75f12457eac48cf91 55905eeb
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {32CDCC52-BC6F-47B4-AFFA-3781CB945611} URL =
SearchScopes: HKLM -> {A526E8A3-451D-4A8B-8ADD-B93DA7CD69AF} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-144859163-3101515412-1175464348-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-144859163-3101515412-1175464348-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF NetworkProxy: Songbird2\Profiles\onzt21q8.default -> no_proxies_on", "127.0.0.1;localhost"
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\concerts@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest .com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest. com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest. com [not found]
FF HKU\S-1-5-21-144859163-3101515412-1175464348-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-02-23] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2017-06-11 23:23 - 2017-06-11 23:23 - 00000000 ____D C:\Users\Debbie\AppData\Local\{615E4DED-1288-4B5E-8739-D929A32B79DD}
2017-06-11 18:01 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.011
2017-06-11 18:01 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00C
2017-06-11 18:01 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00D
2017-06-11 18:01 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00F
2017-06-11 18:01 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00E
2017-06-11 18:01 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.010
2017-06-06 10:14 - 2017-06-06 10:39 - 00000000 ____D C:\ProgramData\Mystic Island
2017-06-06 10:14 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00B
2017-06-06 10:14 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2017-06-06 10:14 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.007
2017-06-06 10:14 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.009
2017-06-06 10:14 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.008
2017-06-06 10:14 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00A
2017-06-06 10:13 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2017-06-06 10:13 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2017-06-06 10:13 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2017-06-06 10:13 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2017-06-06 10:13 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2017-06-06 10:13 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-04-22 08:59 - 2014-04-22 00:39 - 0197000 _____ () C:\Program Files (x86)\8eres.dll
2016-05-11 15:09 - 2016-05-11 15:09 - 0005008 _____ () C:\ProgramData\olmshzqo.mcy
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [118]
AlternateDataStreams: C:\ProgramData\TEMP:B9000539 [133]
IE trusted site: HKU\S-1-5-21-144859163-3101515412-1175464348-1000\...\localhost -> localhost
end
Save it to C:\Users\Debbie\Desktop (the same location as FRST.exe) as fixlist.txt

Then open FRST, and click the Fix button. Once it is done a text will open - post that back here please.

-------------

Download ADWCleaner and run it, then click Scan.

When the scan completes, click Logfile, and copy/paste that back here please. Best not to click Clean - ADWCleaner makes mistakes.
Reply With Quote
  #6  
Old June 15th, 2017, 03:22 PM
kickers kickers is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
fix

not sure of what you want,,,pulled up far recovery and said first was not there what yo want me to fix?
Reply With Quote
  #7  
Old June 15th, 2017, 08:39 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,072
Debbie, this:

Quote:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017
Ran by Debbie (11-06-2017 23:36:53)
Running from C:\Users\Debbie\Desktop
Says that you saved FRST.exe to your desktop, and ran it from there. So you just copy and save the Code contents from my previous post to the desktop as fixlist.txt then run FRST and click Fix.
Reply With Quote
  #8  
Old June 18th, 2017, 01:17 AM
kickers kickers is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
fixq

ok I did all that an clicked fix..
Reply With Quote
  #9  
Old June 18th, 2017, 01:18 AM
kickers kickers is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by Debbie (17-06-2017 20:14:18) Run:1
Running from C:\Users\Debbie\Desktop
Loaded Profiles: Debbie & UpdatusUser (Available Profiles: Debbie & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BA4EE3B1-E485-46FC-88E6-D5D1F7BF8524}: [DhcpNameServer] 172.20.10.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/fromdoctopdf/ttab02ie/index.html?n=7839E897&p2=^Y6^xpu005^TTAB02^us&ptb= 4E5D4E96-301E-44DC-9591-03631FEF66D1&si=2004&coid=674224b75f12457eac48cf91 55905eeb
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {32CDCC52-BC6F-47B4-AFFA-3781CB945611} URL =
SearchScopes: HKLM -> {A526E8A3-451D-4A8B-8ADD-B93DA7CD69AF} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-144859163-3101515412-1175464348-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKU\S-1-5-21-144859163-3101515412-1175464348-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF NetworkProxy: Songbird2\Profiles\onzt21q8.default -> no_proxies_on", "127.0.0.1;localhost"
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\concerts@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest .com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest. com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest. com [not found]
FF HKU\S-1-5-21-144859163-3101515412-1175464348-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-02-23] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
2017-06-11 23:23 - 2017-06-11 23:23 - 00000000 ____D C:\Users\Debbie\AppData\Local\{615E4DED-1288-4B5E-8739-D929A32B79DD}
2017-06-11 18:01 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.011
2017-06-11 18:01 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00C
2017-06-11 18:01 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00D
2017-06-11 18:01 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00F
2017-06-11 18:01 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00E
2017-06-11 18:01 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.010
2017-06-06 10:14 - 2017-06-06 10:39 - 00000000 ____D C:\ProgramData\Mystic Island
2017-06-06 10:14 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00B
2017-06-06 10:14 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2017-06-06 10:14 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.007
2017-06-06 10:14 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.009
2017-06-06 10:14 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.008
2017-06-06 10:14 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00A
2017-06-06 10:13 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2017-06-06 10:13 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2017-06-06 10:13 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2017-06-06 10:13 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2017-06-06 10:13 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2017-06-06 10:13 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2014-04-22 08:59 - 2014-04-22 00:39 - 0197000 _____ () C:\Program Files (x86)\8eres.dll
2016-05-11 15:09 - 2016-05-11 15:09 - 0005008 _____ () C:\ProgramData\olmshzqo.mcy
AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [118]
AlternateDataStreams: C:\ProgramData\TEMP:A31FAD21 [118]
AlternateDataStreams: C:\ProgramData\TEMP:B9000539 [133]
IE trusted site: HKU\S-1-5-21-144859163-3101515412-1175464348-1000\...\localhost -> localhost
end
*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{BA4EE3B1-E485-46FC-88E6-D5D1F7BF8524}\\DhcpNameServer => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{32CDCC52-BC6F-47B4-AFFA-3781CB945611} => key removed successfully
HKLM\Software\Classes\CLSID\{32CDCC52-BC6F-47B4-AFFA-3781CB945611} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A526E8A3-451D-4A8B-8ADD-B93DA7CD69AF} => key removed successfully
HKLM\Software\Classes\CLSID\{A526E8A3-451D-4A8B-8ADD-B93DA7CD69AF} => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-144859163-3101515412-1175464348-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKLM\Software\Classes\PROTOCOLS\Handler\linkscanne r => key removed successfully
HKLM\Software\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
Firefox Proxy settings were reset.
C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.co m => not found.
C:\Program Files (x86)\Songbird\extensions\concerts@songbirdnest.co m => not found.
C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest .com => not found.
C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest. com => not found.
C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com => path removed successfully
C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest. com => not found.
HKU\S-1-5-21-144859163-3101515412-1175464348-1001\Software\Mozilla\Firefox\Extensions\\smartweb printing@hp.com => value removed successfully
HKLM\System\CurrentControlSet\Services\ZAMSvc => key removed successfully
ZAMSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\hitmanpro37 => key removed successfully
hitmanpro37 => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
catchme => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully
C:\Users\Debbie\AppData\Local\{615E4DED-1288-4B5E-8739-D929A32B79DD} => moved successfully
C:\Windows\SysWOW64\temp.011 => moved successfully
C:\Windows\SysWOW64\temp.00C => moved successfully
C:\Windows\SysWOW64\temp.00D => moved successfully
C:\Windows\SysWOW64\temp.00F => moved successfully
C:\Windows\SysWOW64\temp.00E => moved successfully
C:\Windows\SysWOW64\temp.010 => moved successfully
C:\ProgramData\Mystic Island => moved successfully
C:\Windows\SysWOW64\temp.00B => moved successfully
C:\Windows\SysWOW64\temp.006 => moved successfully
C:\Windows\SysWOW64\temp.007 => moved successfully
C:\Windows\SysWOW64\temp.009 => moved successfully
C:\Windows\SysWOW64\temp.008 => moved successfully
C:\Windows\SysWOW64\temp.00A => moved successfully
C:\Windows\SysWOW64\temp.005 => moved successfully
C:\Windows\SysWOW64\temp.000 => moved successfully
C:\Windows\SysWOW64\temp.001 => moved successfully
C:\Windows\SysWOW64\temp.003 => moved successfully
C:\Windows\SysWOW64\temp.002 => moved successfully
C:\Windows\SysWOW64\temp.004 => moved successfully
C:\Program Files (x86)\8eres.dll => moved successfully
C:\ProgramData\olmshzqo.mcy => moved successfully
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
C:\ProgramData\TEMP => ":A31FAD21" ADS removed successfully.
C:\ProgramData\TEMP => ":B9000539" ADS removed successfully.
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\ZoneMap\Domains\localhost => key removed successfully

==== End of Fixlog 20:14:41 ====
Reply With Quote
  #10  
Old June 18th, 2017, 10:19 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,072
ssues we atill need to correct please.

Then download and run Eset's online scanner. Agree to the prompts, and place a check next to:

Enable detection of potentially unwanted applications

When the scan finishes, have it delete anything it found.

Then post back on any issues we still need to address please.
Reply With Quote
  #11  
Old June 18th, 2017, 10:42 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,072
I wouldn't mind viewing the ADWCleaner log as well.
Reply With Quote
  #12  
Old June 23rd, 2017, 08:54 PM
kickers kickers is offline
Senior Member
 
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
the ther scan said it was fine,,and what adware cleaner yo talkig about I thnk I have already deleted all?
Reply With Quote
  #13  
Old June 23rd, 2017, 11:29 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,072
So how are things running now?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 12:48 PM.