Topic: slllllllllloooooowwwwwww computer
View Single Post
  #3  
Old June 13th, 2017, 02:44 AM
kickers kickers is offline
Senior Member
  
Join Date: Apr 2006
O/S: Windows XP Home
Location: Mt. Airy, Nc
Posts: 482
fst
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-06-2017
Ran by Debbie (administrator) on DEBBIE-PC (11-06-2017 23:35:22)
Running from C:\Users\Debbie\Desktop
Loaded Profiles: Debbie & UpdatusUser (Available Profiles: Debbie & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent_x64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService .exe
(Acer Incorporated) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
( ) C:\Windows\System32\lxdacoms.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_25_ 0_0_171_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [827392 2006-09-19] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-144859163-3101515412-1175464348-1001\...\RunOnce: [ScrSav] => C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe [154144 2010-07-29] ()
HKU\S-1-5-21-144859163-3101515412-1175464348-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\eMachines.scr [456224 2010-07-29] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{BA4EE3B1-E485-46FC-88E6-D5D1F7BF8524}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp.myway.com/fromdoctopdf/ttab02ie/index.html?n=7839E897&p2=^Y6^xpu005^TTAB02^us&ptb= 4E5D4E96-301E-44DC-9591-03631FEF66D1&si=2004&coid=674224b75f12457eac48cf91 55905eeb
HKU\S-1-5-21-144859163-3101515412-1175464348-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {32CDCC52-BC6F-47B4-AFFA-3781CB945611} URL =
SearchScopes: HKLM -> {A526E8A3-451D-4A8B-8ADD-B93DA7CD69AF} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-144859163-3101515412-1175464348-1000 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-144859163-3101515412-1175464348-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-12] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-12] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-144859163-3101515412-1175464348-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} hxxp://cdn3.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

FireFox:
========
FF ProfilePath: C:\Users\Debbie\AppData\Roaming\Songbird2\Profiles \onzt21q8.default [2013-12-11]
FF NetworkProxy: Songbird2\Profiles\onzt21q8.default -> no_proxies_on", "127.0.0.1;localhost"
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\albumart@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\concerts@songbirdnest.co m [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\gonzo@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\philips-addon-manager@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\pinkmartini@songbirdnest .com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\purplerain@songbirdnest. com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\sharing@songbirdnest.com [not found]
FF Extension: (No Name) - C:\Program Files (x86)\Songbird\extensions\soundboard@songbirdnest. com [not found]
FF HKU\S-1-5-21-144859163-3101515412-1175464348-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_ 171.dll [2017-05-10] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_ 171.dll [2017-05-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1. dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-01-26] (NVIDIA Corporation)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgames player.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-144859163-3101515412-1175464348-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Debbie\AppData\Local\Google\Update\1.3.24 .15\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-144859163-3101515412-1175464348-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Debbie\AppData\Local\Google\Update\1.3.24 .15\npGoogleUpdate3.dll [No File]

Chrome:
=======
CHR Profile: C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default [2016-10-17]
CHR Extension: (Google Slides) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-08-14]
CHR Extension: (Google Docs) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-08-14]
CHR Extension: (Google Drive) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-08-14]
CHR Extension: (YouTube) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-08-14]
CHR Extension: (Google Sheets) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-08-14]
CHR Extension: (Google Docs Offline) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-08-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-08-14]
CHR Extension: (Gmail) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-08-14]
CHR Extension: (Chrome Media Router) - C:\Users\Debbie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-08-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots) [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt. exe [626208 2009-08-10] ()
R2 GREGService; C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService .exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Live Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [244624 2011-01-31] (Acer Incorporated)
R2 lxda_device; C:\Windows\system32\lxdacoms.exe [566192 2007-04-26] ( )
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [206880 2009-08-10] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [49584 2016-02-23] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\wg111v2.sys [340992 2007-12-26] (NETGEAR Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13920 2017-06-07] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 23:35 - 2017-06-11 23:36 - 00017662 _____ C:\Users\Debbie\Desktop\FRST.txt
2017-06-11 23:35 - 2017-06-11 23:35 - 00000000 ____D C:\FRST
2017-06-11 23:34 - 2017-06-11 23:34 - 02438656 _____ (Farbar) C:\Users\Debbie\Desktop\FRST64.exe
2017-06-11 23:23 - 2017-06-11 23:23 - 00000000 ____D C:\Users\Debbie\AppData\Local\{615E4DED-1288-4B5E-8739-D929A32B79DD}
2017-06-11 22:56 - 2017-06-11 22:56 - 00125952 _____ C:\Users\Debbie\Desktop\debmat.PSproj
2017-06-11 22:45 - 2017-06-11 22:45 - 01373546 _____ C:\Users\Debbie\Desktop\297219784071546.htm
2017-06-11 22:14 - 2017-06-11 22:14 - 00000000 ____D C:\Program Files (x86)\MysticIsland.net
2017-06-11 18:01 - 2017-06-11 18:01 - 00000553 _____ C:\Users\UpdatusUser\Desktop\Mystic Island.lnk
2017-06-11 18:01 - 2017-06-11 18:01 - 00000553 _____ C:\Users\Debbie\Desktop\Mystic Island.lnk
2017-06-11 18:01 - 2017-06-11 18:01 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Mystic Island Gaming Park
2017-06-11 18:01 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.011
2017-06-11 18:01 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00C
2017-06-11 18:01 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00D
2017-06-11 18:01 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00F
2017-06-11 18:01 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00E
2017-06-11 18:01 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.010
2017-06-11 18:01 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2017-06-10 23:32 - 2017-06-10 23:32 - 00000000 __SHD C:\Users\Debbie\AppData\Roaming\wyUpdate AU
2017-06-10 23:32 - 2017-06-10 23:32 - 00000000 ____D C:\Users\Debbie\AppData\Local\Mystic_Island
2017-06-10 15:26 - 2017-06-10 15:26 - 00000000 ____D C:\Users\Debbie\AppData\Local\FromDocToPDFTooltab
2017-06-08 14:01 - 2017-06-08 14:02 - 46809448 _____ (MysticIsland.net) C:\Users\Debbie\Documents\setup110r5.exe
2017-06-06 10:14 - 2017-06-06 10:39 - 00000000 ____D C:\ProgramData\Mystic Island
2017-06-06 10:14 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00B
2017-06-06 10:14 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.006
2017-06-06 10:14 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.007
2017-06-06 10:14 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.009
2017-06-06 10:14 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.008
2017-06-06 10:14 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.00A
2017-06-06 10:13 - 2017-06-11 18:04 - 00000000 ____D C:\Program Files (x86)\Mystic Island
2017-06-06 10:13 - 2017-06-11 18:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystic Island Gaming Park
2017-06-06 10:13 - 2001-03-13 15:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.005
2017-06-06 10:13 - 2001-03-13 15:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2017-06-06 10:13 - 2001-03-13 15:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2017-06-06 10:13 - 2001-03-13 15:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2017-06-06 10:13 - 2001-03-13 15:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2017-06-06 10:13 - 2000-08-20 22:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.004
2017-06-06 10:13 - 1998-09-11 09:14 - 00021504 _____ () C:\Windows\SysWOW64\WBCustomizer.dll
2017-06-06 10:13 - 1997-12-22 15:47 - 00080896 _____ (Dolphin Systems Inc.) C:\Windows\SysWOW64\Dssock32.ocx
2017-06-06 10:12 - 2017-06-06 10:12 - 13475060 _____ C:\Users\Debbie\Desktop\mystic386b.exe
2017-06-05 09:49 - 2017-06-07 09:49 - 00013920 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2017-06-05 09:48 - 2017-06-08 15:06 - 00000000 ____D C:\Users\Debbie\AppData\Local\SlimWare Utilities Inc
2017-06-01 10:35 - 2017-06-01 13:47 - 02267136 _____ C:\Users\Debbie\Desktop\My Project (1).PSproj
2017-05-28 10:30 - 2017-05-28 10:30 - 00000128 _____ C:\Windows\wininit.ini
2017-05-28 10:30 - 2017-05-28 10:30 - 00000000 ____D C:\Users\Debbie\AppData\Local\Downloaded Installers
2017-05-25 07:47 - 2017-05-25 07:47 - 00000000 ____D C:\Windows\Minidump
2017-05-24 14:36 - 2017-05-24 14:36 - 04110280 _____ C:\Users\Debbie\Desktop\adwcleaner_6.047.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-11 10:03 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-11 10:03 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-09 15:12 - 2014-09-17 14:25 - 00000000 ____D C:\Users\Debbie\AppData\Local\CrashDumps
2017-06-08 15:46 - 2011-12-12 12:42 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-08 15:10 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-06-08 15:09 - 2012-07-06 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-06-08 14:03 - 2014-09-27 14:45 - 00000000 ____D C:\Users\Debbie\AppData\Local\Downloaded Installations
2017-06-07 07:35 - 2012-07-06 11:23 - 00000000 ____D C:\Program Files (x86)\HP
2017-06-05 09:53 - 2009-07-14 01:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-05 09:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-05 09:48 - 2009-07-07 04:14 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-04 01:00 - 2014-09-25 14:55 - 00000000 ____D C:\Users\Debbie\AppData\Local\ElevatedDiagnostics
2017-05-30 16:45 - 2010-11-20 23:27 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-25 07:47 - 2009-07-07 04:11 - 00301373 ____N C:\Windows\Minidump\052517-20264-01.dmp
2017-05-24 14:42 - 2013-04-12 03:03 - 00000000 ____D C:\Users\UpdatusUser
2017-05-24 14:39 - 2016-03-09 16:44 - 00000000 ____D C:\AdwCleaner
2017-05-24 03:08 - 2013-08-15 03:01 - 00000000 ____D C:\Windows\system32\MRT
2017-05-24 03:01 - 2011-09-15 20:11 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-20 15:10 - 2017-01-26 13:34 - 00000000 ____D C:\Users\Debbie\Desktop\New folder

==================== Files in the root of some directories =======

2014-04-22 08:59 - 2014-04-22 00:39 - 0197000 _____ () C:\Program Files (x86)\8eres.dll
2013-12-19 14:15 - 2014-08-28 00:32 - 0000148 _____ () C:\Users\Debbie\AppData\Roaming\WB.CFG
2012-07-06 11:23 - 2017-06-08 15:45 - 0028828 _____ () C:\ProgramData\hpzinstall.log
2016-05-11 15:09 - 2016-05-11 15:09 - 0000016 _____ () C:\ProgramData\mntemp
2016-05-11 15:09 - 2016-05-11 15:09 - 0005008 _____ () C:\ProgramData\olmshzqo.mcy

Some files in TEMP:
====================
2016-02-19 19:30 - 2016-01-22 02:09 - 1314328 _____ (Microsoft Corporation) C:\Users\Debbie\AppData\Local\Temp\dllnt_dump.dll
2017-06-11 10:46 - 1999-06-25 08:55 - 0149504 _____ () C:\Users\Debbie\AppData\Local\Temp\GLB1A2B.EXE
2016-07-20 09:25 - 2016-07-20 09:25 - 0741440 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u101-windows-au.exe
2016-10-22 07:20 - 2016-10-22 07:20 - 0737856 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-21 08:20 - 2017-01-21 08:20 - 0739904 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-04-22 07:20 - 2017-04-22 07:20 - 0739904 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-04-23 07:20 - 2016-06-25 07:20 - 0739904 _____ (Oracle Corporation) C:\Users\Debbie\AppData\Local\Temp\jre-8u91-windows-au.exe
2016-03-03 05:50 - 2015-07-29 16:08 - 0681097 _____ (SQLite Development Team) C:\Users\Debbie\AppData\Local\Temp\sqlite3.dll
2016-05-11 15:09 - 2016-05-11 15:09 - 0429280 _____ () C:\Users\Debbie\AppData\Local\Temp\xuninst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-02 02:10

==================== End of FRST.txt ============================
Reply With Quote