This topic is lockedOk, post the new FRST64 logs
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93097 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
101 replies to this topic
#16
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 July 2016 - 08:56 AM
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#17
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 12:10 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Bud Parker (administrator) on BUDS-GATEWAY (28-07-2016 12:57:13)
Running from C:\Users\Bud Parker\Desktop
Loaded Profiles: Bud Parker (Available Profiles: Bud Parker)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Atomic Alarm Clock\timeserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sonix Technology Co., Ltd.) C:\Windows\PLFSetL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Savard Software) C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\ProgramData\Lamzap\Lamzap.exe
() C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
() C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe
() C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Quinnware) C:\Program Files (x86)\Quintessential Player\QCDPlayer.exe
(CBS Software) C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2010-02-12] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [1609728 2014-06-10] ()
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [SpeedConnectStartUp] => C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe [605184 2016-05-25] (CBS Software)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-03-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Lamzap\Trisjob.dll => C:\ProgramData\Lamzap\Trisjob.dll [363008 2016-07-28] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\UniKeytom.dll => C:\ProgramData\Lamzap\UniKeytom.dll [257536 2016-07-28] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-07-28]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-07-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedConnect Internet Accelerator.lnk [2016-07-28]
ShortcutTarget: SpeedConnect Internet Accelerator.lnk -> C:\Program Files (x86)\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe (CBS Software)
Startup: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedConnectStartUp.exe [2016-05-25] (CBS Software)
Startup: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLaunch.lnk [2016-07-28]
ShortcutTarget: TurboLaunch.lnk -> C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe (Savard Software)
BootExecute: autocheck autochk * Partizan
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [DhcpNameServer] 192.168.1.254
ManualProxies:
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603164505l03g4z125a4872v290
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRqk6-2J1dDO_JHaLMVOS-w--CGZIVWyy3ULudU-fYP5nBQp2vqq_LS4XumQStFDqrSWsU-x
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
URLSearchHook: [S-1-5-21-2712942507-1312882600-3786330889-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: StartPage - English
FF SelectedSearchEngine: Google
FF Homepage: C:\\ProgramData\\Lamzaps\\ff.HP
FF Keyword.URL: hxxps://www.google.com/search?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-10-01] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_1.xml [2016-06-28]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_10.xml [2016-07-12]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_11.xml [2016-07-14]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_12.xml [2016-07-16]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_13.xml [2016-07-17]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_14.xml [2016-07-19]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_15.xml [2016-07-21]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_16.xml [2016-07-22]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_17.xml [2016-07-24]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_18.xml [2016-07-25]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_19.xml [2016-07-26]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_2.xml [2016-06-28]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_3.xml [2016-06-29]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_4.xml [2016-06-30]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_5.xml [2016-07-01]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_6.xml [2016-07-04]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_7.xml [2016-07-05]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_8.xml [2016-07-06]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_9.xml [2016-07-11]
FF Extension: DownThemAll! - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-05-24]
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\fvdmedia@gmail.com [2016-06-01]
FF Extension: LastPass - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\support@lastpass.com [2016-06-20]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\pavel.sherbakov@gmail.com [2016-07-14]
FF Extension: Zoom Page - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\zoompage@DW-dev.xpi [2016-07-26]
FF Extension: Emoji Keyboard - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\@emojikeyboard.xpi [2016-06-21]
FF Extension: Simple Popup Blocker - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\@simplepopupblocker.xpi [2016-05-24]
FF Extension: AdBlocker Ultimate - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-05-24]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\fbp-signed@fbpurity.com.xpi [2016-07-25]
FF Extension: Ghostery - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\firefox@ghostery.com.xpi [2016-07-09]
FF Extension: Xmarks - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\foxmarks@kei.com [2016-05-25]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}] - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_FF.xpi
FF Extension: VideoGet FireFox extension - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_FF.xpi [2014-06-12] [not signed]
FF HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
S3 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [684032 2016-07-28] () [File not signed]
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-10-01] (Nitro PDF Software)
S4 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2009-08-28] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe [17920 2016-07-28] () [File not signed]
R2 Sumdrill; C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe [8192 2016-07-28] () [File not signed]
R2 Toughstreet; C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe [8704 2016-07-28] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Greg_Service; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [38112 2014-08-22] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S2 CDRPDACC; C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys [5273 2005-12-05] (Arrowkey) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-01] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [31832 2016-02-22] (ELAN Microelectronic Corp.)
R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-07-28] (Malwarebytes)
R0 FlashBoot; C:\Windows\System32\DRIVERS\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-14] (REALiX™)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-07-28] (Malwarebytes)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-07-26] (Greatis Software)
S3 rp24msdrv; C:\Windows\System32\drivers\rp24msdrv.sys [28416 2010-12-01] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2010-02-12] ()
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2009-08-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2009-08-28] (Symantec Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-11-12] (Western Digital Technologies)
R2 WinVd32; C:\Windows\WinVd32.sys [197728 2016-03-31] ()
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.007\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.007\EX64.SYS [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S1 rcpjibrp; \??\C:\Windows\system32\drivers\rcpjibrp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-28 12:42 - 2016-07-28 12:42 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Donice
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\Users\Bud Parker\Vaiatech
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\ProgramData\Lamzaps
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\ProgramData\Lamzap
2016-07-28 10:44 - 2016-07-28 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2016-07-28 10:44 - 2016-07-28 10:44 - 00000000 ____D C:\Program Files (x86)\Greatis
2016-07-28 10:38 - 2016-07-28 10:38 - 00000000 ____D C:\ProgramData\Indigo-code
2016-07-28 10:35 - 2016-07-28 12:37 - 00000000 ____D C:\Users\TEMP
2016-07-28 10:27 - 2016-07-28 10:27 - 00000000 ____D C:\Windows\Flextouch
2016-07-28 10:26 - 2016-07-28 10:26 - 00000000 ____D C:\Users\Bud Parker\Technotouch
2016-07-28 10:26 - 2016-07-28 10:26 - 00000000 ____D C:\Users\Bud Parker\Stantexon
2016-07-28 10:05 - 2016-07-28 10:05 - 18438761 _____ C:\Users\Bud Parker\Downloads\unhackme-pdf.zip
2016-07-28 09:16 - 2016-07-28 09:16 - 00000000 ____D C:\ProgramData\Donice
2016-07-28 09:15 - 2016-07-28 12:41 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-07-28 09:07 - 2016-07-28 09:07 - 00001081 _____ C:\Users\Bud Parker\Desktop\57 quarantined MBAM 29Jul16.txt
2016-07-27 22:08 - 2016-07-28 12:43 - 00000217 _____ C:\Users\Bud Parker\Desktop\search,safefinder.txt
2016-07-27 21:57 - 2016-07-27 21:57 - 05330311 _____ C:\Users\Bud Parker\Desktop\Internet explorer, Mozilla firefox, remove safe finder,Snapdo, Search virus malware.MP4
2016-07-27 20:25 - 2016-07-27 20:25 - 00000000 _____ C:\Users\Bud Parker\Desktop\mbam-setup-2.2.1.1043(2).exe
2016-07-27 20:01 - 2016-07-27 20:01 - 00006863 _____ C:\Users\Bud Parker\Desktop\JRT.txt
2016-07-27 19:47 - 2016-07-27 19:47 - 01610560 _____ (Malwarebytes) C:\Users\Bud Parker\Desktop\JRT.exe
2016-07-27 19:30 - 2016-07-27 19:30 - 00000000 ____D C:\Program Files\Stripcity
2016-07-27 19:18 - 2016-07-27 19:15 - 03712064 _____ C:\Users\Bud Parker\Desktop\AdwCleaner.exe
2016-07-27 19:15 - 2016-07-27 19:15 - 03712064 _____ C:\Users\Bud Parker\Downloads\AdwCleaner.exe
2016-07-27 19:06 - 2016-07-27 16:43 - 05198336 _____ (AVAST Software) C:\Users\Bud Parker\Desktop\aswMBR.exe
2016-07-27 18:54 - 2016-07-28 12:38 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-07-27 18:54 - 2016-07-27 18:54 - 00001908 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-07-27 18:54 - 2016-07-27 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-07-27 18:54 - 2016-07-27 18:54 - 00000000 ____D C:\Program Files\Malwarebytes
2016-07-27 18:38 - 2016-07-27 18:54 - 00001904 _____ C:\Users\Bud Parker\Desktop\sc-cleaner.txt
2016-07-27 18:24 - 2016-07-27 18:24 - 02050596 _____ C:\Users\Bud Parker\Downloads\tweaking.com_simple_system_tweaker_portable.zip
2016-07-27 18:17 - 2016-07-27 18:18 - 37457368 _____ (Malwarebytes ) C:\Users\Bud Parker\Downloads\MBARW_Setup.exe
2016-07-27 17:47 - 2016-07-27 17:49 - 00060039 _____ C:\Users\Bud Parker\Desktop\Addition.txt
2016-07-27 17:43 - 2016-07-28 12:58 - 00028819 _____ C:\Users\Bud Parker\Desktop\FRST.txt
2016-07-27 17:43 - 2016-07-28 12:57 - 00000000 ____D C:\FRST
2016-07-27 17:39 - 2016-07-27 17:39 - 00002082 _____ C:\Users\Bud Parker\Desktop\aswMBR27Jul16Bud.txt
2016-07-27 17:39 - 2016-07-27 17:39 - 00000512 _____ C:\Users\Bud Parker\Desktop\MBR.dat
2016-07-27 16:50 - 2016-07-27 16:46 - 02394112 _____ (Farbar) C:\Users\Bud Parker\Desktop\FRST64.exe
2016-07-27 16:45 - 2016-07-27 16:46 - 02394112 _____ (Farbar) C:\Users\Bud Parker\Downloads\FRST64.exe
2016-07-27 16:43 - 2016-07-27 16:43 - 05198336 _____ (AVAST Software) C:\Users\Bud Parker\Downloads\aswMBR.exe
2016-07-27 13:43 - 2016-07-28 09:10 - 00000000 ____D C:\Windows\kongreen
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\Users\Bud Parker\Lamdex
2016-07-27 13:42 - 2016-07-27 13:42 - 00000000 ____D C:\Program Files\Common Files\Quotom
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Program Files\Common Files\Dongphase
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Program Files\Canesolozap
2016-07-27 13:29 - 2016-07-27 13:29 - 00000000 ____D C:\ProgramData\Quotezoom
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\Users\Bud Parker\Kon-bam
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\ProgramData\Overtechi
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\Program Files\Common Files\O-techno
2016-07-27 13:20 - 2016-07-27 13:20 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Codelane
2016-07-27 13:08 - 2016-07-26 15:14 - 03712064 _____ C:\Users\Bud Parker\Desktop\adwcleaner_5.201.exe
2016-07-27 11:05 - 2016-07-28 12:40 - 00000000 ____D C:\ProgramData\Bluetex
2016-07-27 11:05 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\Quocane
2016-07-27 11:05 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\Donquote
2016-07-27 11:03 - 2016-07-27 11:03 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\E-zoplex
2016-07-27 10:19 - 2016-07-27 10:48 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-27 09:23 - 2016-07-27 09:23 - 22851472 _____ (Malwarebytes ) C:\Users\Bud Parker\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Users\Bud Parker\doubleholding
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Vivacon
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Program Files\Sumdrill
2016-07-27 09:03 - 2016-07-27 09:03 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Subcorporation
2016-07-27 08:55 - 2016-07-27 08:55 - 00483683 _____ C:\Users\Bud Parker\Desktop\regrunlog.txt
2016-07-27 08:04 - 2016-07-27 08:04 - 00000000 ____D C:\Windows\unolab
2016-07-27 08:02 - 2016-07-27 08:02 - 00000000 ____D C:\Users\Bud Parker\Tranzone
2016-07-27 07:33 - 2016-07-27 07:33 - 00000000 ____D C:\Users\Bud Parker\Bigholding
2016-07-27 07:33 - 2016-07-27 07:33 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Zerron
2016-07-27 07:32 - 2016-07-27 10:49 - 00000000 ____D C:\Windows\Saocore
2016-07-27 07:30 - 2016-07-27 07:30 - 00000000 ____D C:\Program Files\Common Files\Joymedbase
2016-07-27 07:25 - 2016-07-28 12:41 - 00001032 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-27 07:23 - 2016-07-27 07:23 - 48521840 _____ C:\Users\Bud Parker\Downloads\Firefox Setup 47.0.1.exe
2016-07-26 22:07 - 2016-07-28 12:35 - 00000000 ____D C:\@RestoreQuarantine
2016-07-26 22:02 - 2016-07-26 22:02 - 00000000 ____D C:\ProgramData\Mathkix
2016-07-26 21:57 - 2016-07-27 08:53 - 00002093 _____ C:\Windows\system32\Partizan.RRI
2016-07-26 17:50 - 2016-07-26 17:50 - 00000000 ____D C:\Program Files\Common Files\Kondrill
2016-07-26 17:15 - 2016-07-26 17:15 - 00000000 ____D C:\Program Files\Flexplex
2016-07-26 17:14 - 2016-07-26 17:14 - 00000000 ____D C:\ProgramData\Freetaway
2016-07-26 17:11 - 2016-07-26 17:11 - 00000000 ____D C:\Users\Bud Parker\Overtechi
2016-07-26 16:36 - 2016-07-28 12:10 - 00000000 ____D C:\ProgramData\RegRun
2016-07-26 16:34 - 2016-07-26 16:34 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2016-07-26 16:33 - 2016-07-28 12:12 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-07-26 16:33 - 2016-07-28 10:44 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-07-26 16:33 - 2016-07-27 11:04 - 00003342 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2016-07-26 16:33 - 2016-07-27 10:47 - 00000978 _____ C:\Users\Bud Parker\Desktop\UnHackMe.lnk
2016-07-26 16:33 - 2016-07-26 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-07-26 16:33 - 2016-07-07 13:06 - 00015016 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2016-07-26 16:33 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-07-26 16:30 - 2016-07-26 16:31 - 18064897 _____ C:\Users\Bud Parker\Downloads\unhackme.zip
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Windows\howtrans
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Users\Bud Parker\Medialam
2016-07-26 16:10 - 2016-07-26 16:10 - 00000000 ____D C:\ProgramData\Techijob
2016-07-26 16:07 - 2016-07-26 16:07 - 00000000 ____D C:\Windows\Kon-bam
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Solo-job
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Common Files\Ronlux
2016-07-26 15:14 - 2016-07-26 15:14 - 03712064 _____ C:\Users\Bud Parker\Downloads\adwcleaner_5.201.exe
2016-07-26 13:18 - 2016-07-26 13:18 - 00000000 ____D C:\ProgramData\Stantexon
2016-07-26 13:17 - 2016-07-28 09:16 - 00000000 ____D C:\Users\Bud Parker\zunfind
2016-07-26 13:15 - 2016-07-28 12:41 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Toughstreet
2016-07-26 13:15 - 2016-07-28 12:41 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Sumdrill
2016-07-26 13:14 - 2016-07-28 12:41 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Ronzafind
2016-07-26 11:46 - 2016-07-26 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2016-07-26 11:44 - 2016-07-26 14:19 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2016-07-26 11:18 - 2016-07-26 11:19 - 52437728 _____ (Microsoft Corporation) C:\Users\Bud Parker\Downloads\Windows-KB890830-x64-V5.38.exe
2016-07-26 10:58 - 2016-07-26 10:58 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-07-26 09:47 - 2016-07-26 12:33 - 00000000 ____D C:\Windows\SysWOW64\databases-incognito
2016-07-26 09:30 - 2016-07-25 23:25 - 00629760 _____ () C:\Users\Public\Documents\usblock.exe
2016-07-26 09:10 - 2016-07-26 09:10 - 07105536 _____ C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:10 - 2016-07-26 09:10 - 00018432 _____ C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-07-26 09:07 - 2016-07-26 09:07 - 00031411 _____ C:\Windows\cad59fc9af939f2528d349888eab9565.ps1
2016-07-26 09:06 - 2016-07-27 10:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Apps\2.0
2016-07-26 09:06 - 2016-07-26 09:06 - 00129024 _____ C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-26 08:51 - 2016-07-26 08:51 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\c
2016-07-26 08:50 - 2016-07-26 08:50 - 00000000 ___HD C:\Program Files (x86)\tai
2016-07-24 20:44 - 2016-07-24 20:44 - 08677830 _____ C:\Users\Bud Parker\Downloads\Sharkmouth AH-1G's in Vietnam (Récupéré).pdf
2016-07-24 20:44 - 2016-07-24 20:44 - 04353501 _____ C:\Users\Bud Parker\Downloads\68-17365 Rod Willis Loach 2nd Draft.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 03203865 _____ C:\Users\Bud Parker\Downloads\Loaches of the 4th cav 1st sqn D trp.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 02355380 _____ C:\Users\Bud Parker\Downloads\Miss Claude IV 1st update.pdf
2016-07-24 20:42 - 2016-07-24 20:43 - 02194618 _____ C:\Users\Bud Parker\Downloads\C Troop 16th Cav.pdf
2016-07-24 19:47 - 2016-07-24 20:37 - 00000000 ____D C:\Users\Bud Parker\Desktop\Stewart
2016-07-24 16:09 - 2016-07-28 12:39 - 00000294 _____ C:\Windows\Tasks\Windows 7 Manager - Free Memory.job
2016-07-24 15:24 - 2016-07-25 13:35 - 02713066 _____ C:\Users\Bud Parker\Desktop\EMS Claim DotDot.pdf
2016-07-24 14:15 - 2016-07-24 14:14 - 06901516 _____ C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-07-23 22:14 - 2016-07-28 09:11 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-07-23 22:14 - 2016-07-23 22:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-07-23 18:00 - 2016-07-23 18:00 - 00000000 ____D C:\Users\Bud Parker\Documents\Paradox Interactive
2016-07-23 11:06 - 2016-07-23 11:23 - 1163197775 _____ C:\Users\Bud Parker\Desktop\Hillary The Movie ♦ Hillary's America Real Trailer ♦️ Banned Video Presidential Race 2016.MP4
2016-07-23 10:29 - 2016-07-23 10:29 - 00002170 _____ C:\Users\Bud Parker\Desktop\GREAT TRUTHS THAT LITTLE CHILDREN HAVE LEARNED.txt
2016-07-20 17:03 - 2016-07-20 17:05 - 00014357 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 1 July to 20 July 16.xlsm
2016-07-20 16:38 - 2016-07-20 17:05 - 00013225 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 21 Jun to 20 July 16.xlsm
2016-07-20 15:13 - 2016-07-20 15:13 - 06525180 _____ C:\Users\Bud Parker\Desktop\Guide for Caregivers on Moving People Safely_ Wheelchair to Toilet Seat Transfer.MP4
2016-07-20 11:29 - 2016-07-20 11:30 - 00279521 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160720.zip
2016-07-20 11:28 - 2016-07-20 11:28 - 00084009 _____ C:\Users\Bud Parker\Documents\Dorothy Appt 8 Aug 16.pdf
2016-07-20 11:27 - 2016-07-20 11:27 - 00083178 _____ C:\Users\Bud Parker\Documents\Appt Dot.pdf
2016-07-19 12:27 - 2016-07-28 09:11 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-19 12:27 - 2016-07-19 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-19 12:26 - 2016-07-19 12:27 - 00000000 ____D C:\Program Files\iTunes
2016-07-19 12:16 - 2016-07-28 09:11 - 00001806 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-07-19 12:16 - 2016-07-19 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-19 08:54 - 2016-07-19 08:54 - 00014249 _____ C:\Users\Bud Parker\Desktop\On Sheep.txt
2016-07-18 21:11 - 2016-07-18 21:11 - 06686635 _____ C:\Users\Bud Parker\Desktop\Worlds Collide_ Appendix Carry, Your Way.MP4
2016-07-17 21:40 - 2016-07-17 21:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\DiskAid
2016-07-16 21:02 - 2016-07-16 21:03 - 00206885 _____ C:\Users\Bud Parker\Downloads\militarycallsignlist-apr09.pdf
2016-07-16 09:58 - 2016-07-16 09:58 - 00279514 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160716.zip
2016-07-16 09:58 - 2016-07-16 09:58 - 00043839 _____ C:\Users\Bud Parker\Desktop\Dot Health Summary.pdf
2016-07-15 11:15 - 2016-07-15 12:04 - 00014455 _____ C:\Users\Bud Parker\Documents\Dot Med Schedule.xlsx
2016-07-14 22:37 - 2016-07-28 12:35 - 00003635 _____ C:\Windows\SysWOW64\Partizan.RRI
2016-07-14 22:19 - 2016-07-28 10:13 - 00000000 ____D C:\Users\Bud Parker\Documents\RegRun2
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\winstart.bat
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-07-14 12:18 - 2016-06-11 01:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 23:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 12:18 - 2016-06-10 16:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 12:18 - 2016-06-10 16:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 12:18 - 2016-06-10 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 16:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 12:18 - 2016-06-10 16:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 16:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 12:18 - 2016-06-10 16:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 12:18 - 2016-06-10 16:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 12:18 - 2016-06-10 16:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 16:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 12:18 - 2016-06-10 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 12:18 - 2016-06-10 16:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 15:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 12:18 - 2016-06-10 15:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 15:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 12:18 - 2016-06-10 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 15:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 12:18 - 2016-06-10 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 12:18 - 2016-06-10 15:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 15:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 15:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 12:18 - 2016-06-10 15:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 12:18 - 2016-06-10 15:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 12:18 - 2016-06-10 15:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 15:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 15:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 14:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 12:18 - 2016-06-10 14:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 12:18 - 2016-06-10 14:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 12:18 - 2016-06-10 14:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 14:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 12:18 - 2016-06-10 13:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 13:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 13:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 12:18 - 2016-06-10 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 13:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 13:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 12:18 - 2016-06-10 13:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 12:18 - 2016-06-10 13:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 13:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 13:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 12:18 - 2016-06-10 13:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 12:18 - 2016-06-10 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 12:18 - 2016-06-10 13:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 13:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 12:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 12:18 - 2016-06-10 12:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 12:18 - 2016-06-10 12:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 12:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 09:08 - 2016-06-25 14:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 09:08 - 2016-06-25 14:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 09:08 - 2016-06-25 14:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 09:07 - 2016-06-25 19:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 09:07 - 2016-06-25 19:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 09:07 - 2016-06-22 08:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 09:00 - 2016-06-14 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 08:40 - 2016-07-14 08:42 - 00000000 ____D C:\Users\Bud Parker\Desktop\Dot Wheel Chair
2016-07-14 07:28 - 2016-07-14 07:29 - 00690584 _____ (Dropbox, Inc.) C:\Users\Bud Parker\Downloads\DropboxInstaller.exe
2016-07-13 21:49 - 2016-07-13 22:00 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-13 20:16 - 2016-07-13 20:14 - 00549120 _____ C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg
2016-07-12 12:50 - 2016-07-13 22:24 - 00000000 ____D C:\Users\Bud Parker\Desktop\Sentra Wreck 11 Jul 16
2016-07-09 20:33 - 2016-07-09 20:33 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\HP
2016-07-09 13:18 - 2016-07-09 13:18 - 00000251 _____ C:\Users\Bud Parker\Desktop\Toshiba Laptop Error Message.txt
2016-07-06 11:12 - 2016-07-06 11:12 - 01712693 _____ C:\Users\Bud Parker\Desktop\Sanatize Poultry Water.pdf
2016-07-04 10:34 - 2016-07-04 10:56 - 00002751 _____ C:\Users\Bud Parker\Desktop\Railroad.txt
2016-07-02 22:01 - 2016-07-02 22:01 - 00000000 ____D C:\Users\Bud Parker\Documents\Important Documents Passport TWIC
2016-07-02 22:00 - 2010-09-17 20:19 - 00178378 _____ C:\Users\Bud Parker\Documents\Timesheet Parker McMoRan 2.xlsx
2016-07-02 22:00 - 2010-09-17 20:18 - 00178392 _____ C:\Users\Bud Parker\Documents\Timesheet Parker McMoRan 1.xlsx
2016-07-02 22:00 - 2010-04-06 11:22 - 00179200 _____ C:\Users\Bud Parker\Documents\Invoices, Parker, 2010.xls
2016-07-02 21:59 - 2016-07-02 21:59 - 00000000 ____D C:\Users\Bud Parker\Documents\Timesheets, Walsh
2016-07-02 21:58 - 2010-12-17 20:28 - 00028474 _____ C:\Users\Bud Parker\Documents\Opening Combination Locks and etc.odt
2016-07-02 15:17 - 2016-07-02 16:24 - 00000000 ____D C:\Users\Bud Parker\Television Series
2016-07-01 10:52 - 2016-07-01 10:55 - 00000047 _____ C:\Users\Bud Parker\Documents\SN List.txt
2016-06-29 17:50 - 2016-06-29 17:51 - 00000000 ____D C:\Users\Bud Parker\Documents\Freemake
2016-06-29 14:05 - 2016-06-29 14:05 - 05273164 _____ C:\Users\Bud Parker\Downloads\MS_Map-sheet-14.pdf
2016-06-29 14:03 - 2016-06-29 14:03 - 01334460 _____ C:\Users\Bud Parker\Downloads\MS_Map-Index.pdf
2016-06-29 14:01 - 2016-06-29 14:02 - 00781649 _____ C:\Users\Bud Parker\Downloads\MS_Study-Area-Map_FINAL.pdf
2016-06-28 19:07 - 2016-06-28 19:07 - 00000000 ____D C:\ProgramData\Auslogics
2016-06-28 12:21 - 2016-06-28 12:36 - 37229104 _____ (PandoraTV) C:\Users\Bud Parker\Downloads\KMPlayer_4.1.0.3.exe
2016-06-28 10:14 - 2016-07-27 07:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-28 12:55 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-28 12:55 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-28 12:44 - 2016-06-20 10:09 - 00000000 ____D C:\Users\Bud Parker\AppData\LocalLow\LastPass
2016-07-28 12:41 - 2016-03-18 16:58 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-28 12:41 - 2016-03-18 16:31 - 00001038 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-28 12:41 - 2016-03-18 16:27 - 00000000 ____D C:\Users\Bud Parker
2016-07-28 12:39 - 2016-06-10 10:34 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-28 12:38 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-28 11:46 - 2009-07-14 00:13 - 00782248 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-28 11:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-28 11:44 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\Portable
2016-07-28 10:34 - 2016-03-18 21:24 - 00248529 ____H C:\Users\Bud Parker\AppData\Roaming\TurboLaunch_IconCache.dat
2016-07-28 09:12 - 2016-06-11 10:25 - 00002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-07-28 09:12 - 2016-03-19 16:01 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-28 09:12 - 2016-03-18 21:24 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboLaunch.lnk
2016-07-28 09:12 - 2016-03-18 18:47 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2016-07-28 09:12 - 2016-03-18 16:41 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2016-07-28 09:12 - 2016-03-18 16:40 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2016-07-28 09:12 - 2009-08-28 06:05 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2016-07-28 09:12 - 2009-08-28 05:33 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-28 09:12 - 2009-08-28 05:33 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-28 09:12 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-28 09:11 - 2016-06-27 20:39 - 00001120 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-07-28 09:11 - 2016-06-24 19:19 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2016-07-28 09:11 - 2016-06-24 10:48 - 00001038 _____ C:\Users\Bud Parker\Desktop\Folder Lock 6.lnk
2016-07-28 09:11 - 2016-03-20 16:50 - 00001138 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Super DX-Ball Deluxe.lnk
2016-07-28 09:11 - 2016-03-19 16:41 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-07-28 09:11 - 2016-03-19 06:34 - 00001150 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-07-28 09:11 - 2014-12-11 13:27 - 00000355 _____ C:\Users\Bud Parker\Desktop\Computer.lnk
2016-07-28 09:11 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-28 09:11 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-28 08:42 - 2016-06-05 15:00 - 00000000 ____D C:\Users\Bud Parker\Desktop\Pickup Truck Music
2016-07-28 02:46 - 2016-06-12 07:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-27 21:06 - 2016-06-10 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-27 20:28 - 2016-06-10 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-27 19:52 - 2016-06-14 16:26 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\IObit
2016-07-27 19:52 - 2016-06-14 16:26 - 00000000 ____D C:\ProgramData\IObit
2016-07-27 19:25 - 2016-01-22 11:04 - 00000000 ____D C:\AdwCleaner
2016-07-27 18:54 - 2016-01-21 23:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-27 11:11 - 2009-08-28 06:06 - 00000000 ____D C:\ProgramData\Temp
2016-07-27 07:27 - 2016-03-18 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-26 22:15 - 2016-03-22 19:27 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-26 09:23 - 2016-06-09 22:49 - 00000000 ____D C:\Windows\system32\SSL
2016-07-26 08:41 - 2016-04-30 17:21 - 00000000 ____D C:\Users\Bud Parker\Movies
2016-07-25 15:08 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\NBC
2016-07-24 14:17 - 2016-03-18 19:01 - 00000000 ___RD C:\Users\Bud Parker\Documents\Scanned Documents
2016-07-23 22:14 - 2016-03-29 20:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-23 22:14 - 2016-03-29 20:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-23 22:14 - 2014-12-21 21:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-23 22:14 - 2009-08-28 06:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-23 12:41 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Bud Parker\Documents\My Downloaded Video
2016-07-22 09:25 - 2016-03-21 10:20 - 00000000 __RSD C:\Users\Bud Parker\Desktop\Facebook Icons
2016-07-21 13:23 - 2016-03-26 21:35 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-20 11:27 - 2016-04-15 22:36 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Nitro PDF
2016-07-19 12:26 - 2016-04-18 13:09 - 00000000 ____D C:\Program Files\iPod
2016-07-19 12:19 - 2016-03-05 17:31 - 00000000 ____D C:\ProgramData\Apple
2016-07-19 12:16 - 2016-03-19 16:01 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-07-19 02:02 - 2016-03-21 20:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
2016-07-17 07:37 - 2016-03-20 16:28 - 00000000 ____D C:\i
2016-07-16 02:03 - 2016-06-25 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyWorship
2016-07-16 02:03 - 2016-06-22 12:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2016-07-16 02:03 - 2016-03-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC Registry Cleaner
2016-07-14 22:38 - 2009-08-28 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Recovery Management
2016-07-14 21:00 - 2009-07-13 23:45 - 00468856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 20:59 - 2016-03-27 03:37 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 20:59 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 20:57 - 2016-03-22 19:27 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 19:04 - 2016-06-13 08:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\vlc
2016-07-03 19:47 - 2016-05-09 21:27 - 00006999 _____ C:\Users\Bud Parker\Documents\A Soldier Died Today.odt
2016-06-28 19:14 - 2016-06-14 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-06-28 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2016-06-28 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-06-28 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2016-06-28 18:40 - 2009-07-14 00:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-28 07:23 - 2016-06-24 19:19 - 00000000 ____D C:\Program Files\VueScan
==================== Files in the root of some directories =======
2014-06-11 13:21 - 2014-04-25 04:55 - 0011560 _____ () C:\Program Files (x86)\COPYING.Apachev2
2014-06-11 13:21 - 2014-04-25 04:55 - 0025859 _____ () C:\Program Files (x86)\COPYING.LGPLv2
2014-06-11 13:21 - 2014-04-25 04:55 - 0007820 _____ () C:\Program Files (x86)\COPYING.LGPLv3
2016-07-26 09:10 - 2016-07-26 09:10 - 7105536 _____ () C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:06 - 2016-07-26 09:06 - 0129024 _____ () C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-26 09:10 - 2016-07-26 09:10 - 0018432 _____ () C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-03-31 16:57 - 2016-03-31 16:58 - 0000990 ___SH () C:\Users\Bud Parker\AppData\Roaming\systemfl.$dk
2016-03-21 21:14 - 2016-03-24 00:13 - 0000097 _____ () C:\Users\Bud Parker\AppData\Roaming\WB.CFG
2016-03-19 06:50 - 2016-03-31 16:35 - 0000700 ___SH () C:\Users\Bud Parker\AppData\Local\systemFL7.dat
2016-05-18 08:18 - 2016-05-18 08:18 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2016-03-19 16:35 - 2016-05-15 11:00 - 0003594 _____ () C:\ProgramData\hpzinstall.log
Some zero byte size files/folders:
==========================
C:\Windows\146286.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {149f9508-93c6-11de-a9f1-00235a526d90}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {22a277da-ed50-11e5-8ec9-002622849da9}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {149f9508-93c6-11de-a9f1-00235a526d90}
nx OptIn
Windows Boot Loader
-------------------
identifier {22a277da-ed50-11e5-8ec9-002622849da9}
device ramdisk=[C:]\Recovery\22a277da-ed50-11e5-8ec9-002622849da9\Winre.wim,{22a277db-ed50-11e5-8ec9-002622849da9}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\22a277da-ed50-11e5-8ec9-002622849da9\Winre.wim,{22a277db-ed50-11e5-8ec9-002622849da9}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {149f9508-93c6-11de-a9f1-00235a526d90}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {22a277db-ed50-11e5-8ec9-002622849da9}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\22a277da-ed50-11e5-8ec9-002622849da9\boot.sdi
LastRegBack: 2016-07-24 15:02
==================== End of FRST.txt ============================
Top
US Army, Retired
#18
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 12:19 PM
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Bud Parker (2016-07-28 13:02:40)
Running from C:\Users\Bud Parker\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-18 21:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2712942507-1312882600-3786330889-500 - Administrator - Disabled)
Bud Parker (S-1-5-21-2712942507-1312882600-3786330889-1001 - Administrator - Enabled) => C:\Users\Bud Parker
Guest (S-1-5-21-2712942507-1312882600-3786330889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2712942507-1312882600-3786330889-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be
uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems
Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atomic Alarm Clock 6.20 (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.61.7539 - AVG Technologies)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version:
12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108 - CyberLink
Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 -
CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3201.50 -
CyberLink Corp.)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Disk Doctors Windows Data Recovery 3.0.3.353 (HKLM-x32\...\Disk Doctors Windows Data Recovery_is1) (Version: - Disk
Doctors Labs Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech
Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway
Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer
Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.36.5083 - Gretech Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.45 - GridinSoft LLC)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Printer Driver Software 13.0 Rel. 2 (HKLM\...\{F69E48F2-94B0-4272-845C-5F21F2A9815F}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
iExplorer 3.9.6.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version:
8.15.10.2555 - Intel Corporation)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Kutools for Word (HKLM\...\{1F20434C-8ECF-47DD-8D04-73914E36CEA7}) (Version: 7.10.112.0 - Detong Technology Ltd.)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Gateway)
Magic ISO Maker v5.5 (build 0276) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0276)) (Version: - )
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 -
Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version:
0.9.15.416 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 -
Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version:
12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 -
Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version:
3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE})
(Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4})
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4})
(Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
(Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F})
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version:
10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6})
(Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f})
(Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime
(x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{0BEFCFE0-4373-41B6-8924-85FA78C9514D}) (Version: 8.0.3.1 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
Nuclear Coffee - VideoGet (HKLM\...\VideoGet_is1) (Version: 2014 - Nuclear Coffee)
PS_SF_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_SF_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quintessential Media Player (HKLM-x32\...\Quintessential Media Player) (Version: Version 5.0 - Quinnware)
Quintessential Player (HKLM-x32\...\Quintessential Player) (Version: 4.51 - Quinnware)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 -
Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek
Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version: - Greatis Software, LLC.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-
0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 -
SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedConnect Internet Accelerator v.8.0 (HKLM-x32\...\SpeedConnect Internet Accelerator v.8.0_is1) (Version: - CBS Software)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super DX-Ball Deluxe (HKLM-x32\...\Super DX-Ball Deluxe) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
Togethershare Data Recovery Trial 5.8.1 (HKLM-x32\...\Togethershare Data Recovery Trial 5.8.1_is1) (Version: - Togethershare)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboLaunch 5.1.4 (HKLM-x32\...\TurboLaunch_is1) (Version: 5.1.4.5 - Savard Software)
UnHackMe 8.12 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.11.1 - SuYin)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG
Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG
Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows 7 Manager (HKLM\...\{BA2DD58B-F35E-421F-AE30-0A856AEA8B38}) (Version: 4.3.9 - Yamicsoft)
Windows Driver Package - AMD (amdkmpfd) System (08/18/2014 14.201.1006.1001) (HKLM\...
\52CC88C17478DF9A496DD7C4B6545110B51589A4) (Version: 08/18/2014 14.201.1006.1001 - AMD)
Windows Driver Package - Apple, Inc. (USBAAPL64) USB (12/12/2012 6.0.9999.65) (HKLM\...
\0FEF654FC54561C3E984A0DB0704F76831FD35A2) (Version: 12/12/2012 6.0.9999.65 - Apple, Inc.)
Windows Driver Package - Broadcom (k57nd60a) Net (10/30/2013 15.6.0.14) (HKLM\...
\7C9CA8A432E0A7C6153832FCFFA30579EF8427D2) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...
\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - CXT (winachsf) Modem (02/03/2010 7.80.4.63) (HKLM\...
\07B690A855C6F3B41BA1827247649EC919D2F456) (Version: 02/03/2010 7.80.4.63 - CXT)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (08/06/2015 15.1.2.5) (HKLM\...
\94D4ADBD3EF82E234DF58F1B9BD18B24B775A6D0) (Version: 08/06/2015 15.1.2.5 - ELAN SMBus)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (12/14/2015 15.1.2.8) (HKLM\...
\6168882EA454F93FCDCE03E891193A3F56F09386) (Version: 12/14/2015 15.1.2.8 - ELAN SMBus)
Windows Driver Package - Hewlett-Packard Image (04/01/2012 08.00.00.01) (HKLM\...
\61339A68E39F445DE4C300A47EAC69A31C51C993) (Version: 04/01/2012 08.00.00.01 - Hewlett-Packard)
Windows Driver Package - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...
\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (08/25/2010 8.15.10.2202) (HKLM\...
\04E92E1774FD1C439D917D5BAC9589A81677C8BC) (Version: 08/25/2010 8.15.10.2202 - Intel Corporation)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...
\693856C0232B92FB409DC672B23A1C42AB5883E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...
\B081E57B1455374FB610EEC26F6154A8870B8859) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB (07/09/2013 9.1.9.1004) (HKLM\...\0D3177F1E077022671B9E6C22E0EE7CA9A92EDDE)
(Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - JMicron (usbccgp) USB (07/28/2009 1.0.4.2) (HKLM\...
\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - Logicool (LHidEqd) HIDClass (06/09/2015 5.90.38) (HKLM\...
\9D0F3F167B773DDFAC11A04606DEC4C987EFFF7A) (Version: 06/09/2015 5.90.38 - Logicool)
Windows Driver Package - Logitech (HidUsb) HIDClass (08/31/2012 1.10.77.0) (HKLM\...
\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (LEqdUsb) HIDClass (06/09/2015 5.90.38) (HKLM\...
\3D88081D327A12E9348E1EADDE35513319822FE0) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) HIDClass (06/09/2015 5.90.38) (HKLM\...
\DC76EF7E815182273AEA399A974A9D69D6D152D4) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Keyboard (06/09/2015 5.90.38) (HKLM\...
\ECB9A872456DA502A6B195D7AEEF6FEB7355ECB6) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Mouse (06/09/2015 5.90.38) (HKLM\...
\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB (11/04/2010 1.0.2.11) (HKLM\...
\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Logitech DriverInterface (06/09/2015 5.90.38) (HKLM\...
\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - MLK (KMWDFILTER) HIDClass (07/28/2010 6.6.6000.0) (HKLM\...
\490CF824D92DA6BB45D9F15423217769BCC14ABF) (Version: 07/28/2010 6.6.6000.0 - MLK)
Windows Driver Package - RAPOO (HidUsb) HIDClass (11/30/2010 1.1.0.0) (HKLM\...
\316A1A4D2C39A747662D9199884CD782691EE14D) (Version: 11/30/2010 1.1.0.0 - RAPOO)
Windows Driver Package - Screenovate Technologies Ltd. (WidockVhid) Screenovate (02/29/2016 5.0.0.501) (HKLM\...
\2DF704FFC8BE30DEDE37DC61848EFD4166CF26E9) (Version: 02/29/2016 5.0.0.501 - Screenovate Technologies Ltd.)
Windows Driver Package - Sonix (SNP2UVC) Image (02/12/2010 5.8.54.008) (HKLM\...
\56BAE2352D00B2AE9C3B48D84C43914BAC6C1619) (Version: 02/12/2010 5.8.54.008 - Sonix)
Windows Driver Package - Synaptics (SynTP) Mouse (02/14/2012 15.3.41.5) (HKLM\...
\190C63B15D229BC6A294BE717E05905B5765F493) (Version: 02/14/2012 15.3.41.5 - Synaptics)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (10/09/2015 1.1.0000.0) (HKLM\...
\B059937637538DCA2E38E5A4C00BF67BE79C335E) (Version: 10/09/2015 1.1.0000.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft
Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft
Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft
Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BF7FB10-BB59-4310-BDC7-3B020B86CAFB} - System32\Tasks\Microsoft\Windows\MUI\Msectrans => C:\Users\Bud
Parker\AppData\Roaming\Donice\Xxx-hex.exe [2016-07-11] ()
Task: {0F196B9E-7822-4238-86C8-DF8A5FE36806} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files
(x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2773AF30-0B0F-41B6-9285-42612D38BBCE} - \{780F7F47-0B09-0A08-0C11-7F0F7D0B110E} -> No File <====
ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File
<==== ATTENTION
Task: {33C71173-D2D4-4F8A-823E-0F23AE833053} - \Nuafti -> No File <==== ATTENTION
Task: {3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E} - \Windows 7 Manager - Logon Background Changer -> No File <====
ATTENTION
Task: {457E19F9-1642-4860-BFDC-F1736A1C2064} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {48127161-63FA-4471-80C7-1BBF0B2DF394} - \Windows 7 Manager - Free Memory -> No File <==== ATTENTION
Task: {4D37D876-256E-404D-AA6C-EB690F7D0EF5} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {5D0C04FD-4463-48F9-B0AF-BA26C437581C} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {5F181AC9-68FD-4707-A713-553AB9B13718} - \GridinSoft Anti-Malware -> No File <==== ATTENTION
Task: {6AEDEFCA-1D1F-41F2-8D59-1EB15CCB9DD2} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6D27F417-027E-424D-8740-D5DBE165529F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {6E6EA461-E140-4163-9A8B-A70AA308E593} - \Driver Support-RTMScan -> No File <==== ATTENTION
Task: {70C411B4-A80F-4EF1-B766-FE52C7BA03BF} - \cad59fc9af939f2528d349888eab9565 -> No File <==== ATTENTION
Task: {722B9063-5102-48B3-8596-ED30B06BE771} - \Trojan Killer -> No File <==== ATTENTION
Task: {7CAF875D-C827-41F3-AFB2-DD3F7C641DE4} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Opertaing System
Transaction Task => Users\Bud Parker\Vaiatech\Dontrax.exe
Task: {821CFC12-B620-44E0-9AA6-58E9CB4BF818} - System32\Tasks\Microsoft\Windows\Media Center\SecurityCenterUpdate
=> C:\Users\Bud Parker\AppData\Local\Dongphase\Sumtechnology.exe [2016-07-11] ()
Task: {84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F} - \Microsoft\Windows\Windows Activation Technologies
\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - \Recovery Management\Burn Notification -> No File <==== ATTENTION
Task: {946D61B8-B2AE-4178-8623-6E2222066E16} - \Driver Support -> No File <==== ATTENTION
Task: {97A2E49F-9200-4A91-989F-82A0B674CF14} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask ->
No File <==== ATTENTION
Task: {A1D89EEA-B491-4D35-BF74-2B93D6331E2C} - \Fucsybf -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <====
ATTENTION
Task: {B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5} - \Driver Booster SkipUAC (Bud Parker) -> No File <==== ATTENTION
Task: {BA6E7936-A908-495B-847F-E63F4C29AA10} - \TweakBit\Driver Updater\Time for deal -> No File <==== ATTENTION
Task: {C79AB5FD-ED63-4F53-98CD-B2048F360540} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files
(x86)\UnHackMe\hackmon.exe [2016-07-07] (Greatis Software)
Task: {CE95725C-6C29-40F8-94DA-FC9D8A311A0C} - \Driver Support-RTMScanRunOnce -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File
<==== ATTENTION
Task: {DA9841BD-4240-4FA0-9BA1-D60E90652432} - \TweakBit\PCSpeedUp\Start PCSpeedUp automatic scanning -> No File
<==== ATTENTION
Task: {EAF6FEA9-3B9C-4E7F-92B5-A29E11C3DB39} - \{BFABA680-077A-48B9-9010-C0C972D9D50F} -> No File <====
ATTENTION
Task: {F10F5315-42D1-42CA-A469-971541F574A8} - \TweakBit\PCBooster\Start PCBooster оn logon -> No File <====
ATTENTION
Task: {F62BC7C4-E170-4BF2-BE09-9251AD659D25} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
-> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Free Memory.job => C:\Program Files\Yamicsoft\Windows 7 Manager
\FreeMemory.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Logon Background Changer.job => C:\Program Files\Yamicsoft\Windows 7
Manager\LogonBackgroundChanger.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
-> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files
(x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla
Corporation) -> %SNF%
==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\libxml2.dll
2016-03-18 18:31 - 2013-04-24 18:20 - 02007040 _____ () C:\Program Files\Atomic Alarm Clock\timeserv.exe
2016-07-27 18:54 - 2016-07-27 18:55 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE
\arwlib.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared
\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office
\Office14\1033\GrooveIntlResource.dll
2016-03-18 18:31 - 2013-06-07 19:20 - 01875968 _____ () C:\Program Files\Atomic Alarm Clock\Clock.dll
2016-07-25 12:21 - 2016-07-25 12:21 - 01784832 _____ () C:\Program Files\GridinSoft Anti-Malware\shellext.dll
2016-03-18 18:31 - 2014-06-10 02:20 - 01609728 _____ () C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
2016-07-27 18:54 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls
\qtquickcontrolsplugin.dll
2016-07-28 12:41 - 2016-07-28 16:05 - 00684032 _____ () C:\ProgramData\Lamzap\Lamzap.exe
2016-07-28 12:41 - 2016-07-28 12:41 - 00017920 _____ () C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
2016-07-28 12:41 - 2016-07-28 12:41 - 00008192 _____ () C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe
2016-07-28 12:41 - 2016-07-28 12:41 - 00008704 _____ () C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup
\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup
\ACE.dll
2004-05-11 18:27 - 2004-05-11 18:27 - 00006656 _____ () c:\program files (x86)\quintessential player\Plugins\QCDmmkb.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-07-28 12:41 - 2016-07-28 12:41 - 00257536 _____ () C:\ProgramData\Lamzap\UniKeytom.dll
2016-06-20 10:08 - 2016-06-20 10:08 - 01114136 _____ () C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles
\kjqunreh.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2004-05-13 20:05 - 2004-05-13 20:05 - 00526848 _____ () C:\Program Files (x86)\Quintessential Player\branding.dll
2004-04-15 15:03 - 2004-04-15 15:03 - 00215040 _____ () C:\Program Files (x86)\Quintessential Player\QCDIcons.dll
2004-05-13 19:01 - 2004-05-13 19:01 - 00238080 _____ () c:\program files (x86)\quintessential player\Plugins\QCDCdda.dll
2004-05-11 19:22 - 2004-05-11 19:22 - 00085504 _____ () c:\program files (x86)\quintessential player\Plugins\QCDCddb.dll
2004-05-11 18:27 - 2004-05-11 18:27 - 00212992 _____ () c:\program files (x86)\quintessential player\Plugins\QCDTagEdit.dll
2004-05-11 18:24 - 2004-05-11 18:24 - 00256512 _____ () c:\program files (x86)\quintessential player\Plugins\QCDVorbis.dll
2004-05-11 18:24 - 2004-05-11 18:24 - 00163328 _____ () c:\program files (x86)\quintessential player\Plugins\QCDWMA.dll
2004-05-11 18:27 - 2004-05-11 18:27 - 00022016 _____ () c:\program files (x86)\quintessential player\Plugins\QCDHotKeys.dll
2004-05-11 18:27 - 2004-05-11 18:27 - 00019968 _____ () c:\program files (x86)\quintessential player\Plugins\QCDTimer.dll
2004-05-11 18:27 - 2004-05-11 18:27 - 00078848 _____ () c:\program files (x86)\quintessential player\Plugins\QCDWatch.dll
2004-05-11 18:26 - 2004-05-11 18:26 - 00019968 _____ () c:\program files (x86)\quintessential player\Plugins\QCDPlaylists.dll
2004-05-11 19:22 - 2004-05-11 19:22 - 00124416 _____ () c:\program files (x86)\quintessential player\Plugins\QCDVideo.dll
2004-05-11 18:23 - 2004-05-11 18:23 - 00247808 _____ () c:\program files (x86)\quintessential player\Plugins\QCDMp3.dll
2004-05-11 18:24 - 2004-05-11 18:24 - 00016384 _____ () c:\program files (x86)\quintessential player\Plugins\QCDWavOut.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5B811727 [147]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [428]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [360]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:{4c8cc155-6c1e-11d1-8e41-
00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:SummaryInformation [223]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:SummaryInformation [219]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com ->
hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com ->
hxxps://apps.driversupport.com
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-06-08 09:27 - 00000897 ___RH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.bitsumactivationserver.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bud Parker\AppData
\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5)
(ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: commitments =>
MSCONFIG\startupreg: grassy =>
MSCONFIG\startupreg: heald =>
MSCONFIG\startupreg: IDSCCOM0SL =>
MSCONFIG\startupreg: neil =>
MSCONFIG\startupreg: Pritc =>
MSCONFIG\startupreg: recovers =>
MSCONFIG\startupreg: SNUVCDSM => C:\Windows\snuvcdsm.exe
MSCONFIG\startupreg: whiner => "C:\Program Files (x86)\tai\whiner.exe"
MSCONFIG\startupreg: WINCOMKKP =>
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{00A0CA64-A43F-4CFB-B5DF-2156BA87598F}] => (Allow) C:\Program Files (x86)\CyberLink
\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{8FDBC06C-00FA-4E34-BD52-4F20F7FC6DE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger
\wlcsdk.exe
FirewallRules: [{2B23FD99-239B-4BD9-A3E0-810815804E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger
\msnmsgr.exe
FirewallRules: [{5F599676-02F0-44D6-B27D-924DFF873832}] => (Allow) svchost.exe
FirewallRules: [{585D81DB-B8E8-491A-BD10-F9D93DEBF3C8}] => (Allow) C:\Program Files (x86)\Windows Live\Sync
\WindowsLiveSync.exe
FirewallRules: [{532181D0-EBD9-4748-9941-D360B7AB2B71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99683E1B-01D4-45AA-BCF1-D01E8FE0A720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A303EC-6EA8-43D2-99FA-D697453377FD}] => (Allow) c:\Program Files (x86)\Common Files\Apple\Apple
Application Support\WebKit2WebProcess.exe
FirewallRules: [{906D3DA7-9A77-45DA-8200-293F6920A9F6}] => (Block) %ProgramFiles%\CyberLink
\PowerDirector11\PDR11.exe
FirewallRules: [{390217F7-C2D3-4D12-81AA-505A32697EC9}] => (Block) %ProgramFiles%\CyberLink
\PowerDirector11\UACAgent.exe
FirewallRules: [{711F873D-0153-49EB-B27A-0DEAFDB18DE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqtra08.exe
FirewallRules: [{30968491-E410-4CA7-A062-CAA3ADB03907}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqste08.exe
FirewallRules: [{9879B054-053E-4A15-AEB7-AF04FAC2D4B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hposid01.exe
FirewallRules: [{C5CD2E40-540E-4F25-BFB4-86BBEEED5220}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpoews01.exe
FirewallRules: [{3BAC3C8F-4114-4229-BE90-A4EAE303173A}] => (Allow) C:\Program Files (x86)\common files\hp\digital
imaging\bin\hpqphotocrm.exe
FirewallRules: [{D50554F1-5545-4E93-9BA1-33ED014DD2D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqsudi.exe
FirewallRules: [{B8805A22-4C47-4C04-AE9C-15BD5EC04447}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqpsapp.exe
FirewallRules: [{05450412-6E11-4C8C-AB3B-C9AC6C365BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqpse.exe
FirewallRules: [{50D5D816-4BBC-4AE4-8BB2-1F87616D7812}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgplgtupl.exe
FirewallRules: [{512872A3-0660-44F0-BCD9-7984329AA973}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgpc01.exe
FirewallRules: [{07272250-52CC-421D-AD38-CE0FC0C29E29}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgm.exe
FirewallRules: [{F8E584B0-14FF-478C-A2BC-A6285A09B186}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgh.exe
FirewallRules: [{66F7FEC8-86A5-4781-8967-5F729A47FCCB}] => (Allow) C:\Program Files (x86)\HP\hp software update
\hpwucli.exe
FirewallRules: [{AE3495E2-4C1D-4A48-9439-96BEDC6170CD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web
printing\smartwebprintexe.exe
FirewallRules: [{A505376F-34B6-484D-89EA-12072D64F6FE}] => (Allow) LPort=1688
FirewallRules: [{7003A0AD-8897-4912-97C9-D5BFE439CDD2}] => (Allow) LPort=1688
FirewallRules: [{2DF8F17B-064A-423B-A95E-ABA95F8F4FB5}] => (Block) %ProgramFiles%\Atomic Alarm Clock
\AtomicAlarmClock.exe
FirewallRules: [{3B7BBD3B-F45B-4D5C-961B-124372A48F9D}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer
\GOM.EXE
FirewallRules: [{D457DB99-CB0C-482E-95F7-93003C116022}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer
\GrLauncher.exe
FirewallRules: [{5D78E78E-E35B-4768-8DFF-665DEDBB651B}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock
6.exe
FirewallRules: [{FE6BFB32-6F45-4E1E-83B4-41475718EAC9}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock
6.exe
FirewallRules: [{AC487498-42A9-4484-BF61-8B4CE0AD192C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{085E7EF1-042A-420E-B569-EF6697CA4ADE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{336E446C-1793-4757-900D-6687091F32C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F852F6D3-C3E0-4FF2-B088-965792BBF2EE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C953CD7A-3F79-490D-8F24-B5F6082743ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{1251D3A8-16EB-467F-8A27-9F5077C362CC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0F37D96E-A388-42B2-8556-7473B1D48349}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{25DA3935-7913-45A0-A58D-CB6239D8C8C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F5C26BA2-30D4-40E2-8EA3-432FD0F63321}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager
\LiveUpdate.exe
FirewallRules: [{EA00FA82-BF74-4AAC-8146-28D16B57C190}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager
\Windows7Manager.exe
FirewallRules: [{9C2619F8-5977-40E1-94D1-1AC7BE33F104}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{29A70F84-B7E1-4FCF-B32A-4D90AAC1D713}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{838216BF-90FD-48FF-B254-B03701542E27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6876953-D9E4-4665-AF0D-DDEF920A5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B92FFDB-CB43-4847-866A-FF2FA7E61037}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86E9E868-A808-45E9-BD98-B5641DD5B46F}] => (Block) %ProgramFiles% (x86)\TechSmith\Snagit
10\Snagit32.exe
FirewallRules: [{A1ABB005-55BA-43A5-BADF-E0DA27EC05D2}] => (Block) %ProgramFiles% (x86)\Quintessential Player
\QCDPlayer.exe
FirewallRules: [{B1B1572B-B695-4BE5-BC0B-B8AB903DF780}] => (Block) %ProgramFiles% (x86)\Quintessential Media Player
\QMPlayer.exe
FirewallRules: [{42540FBF-9366-4091-8226-48423F77E3E3}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{15690439-D3C4-40C0-AA50-C40553775E81}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{A7118F06-A8FA-448C-9A5D-65BA9BA43A6C}] => (Block) %USERPROFILE%\Desktop\Portable\Portable
Windows System Tools\Tweakers\WinUtilities Professional Edition 13.0\WinUtilities Professional Edition 13.0\WinUtilities.exe
FirewallRules: [{AFBE4EB3-F073-4E1F-BC3C-56AEA2BB3A6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DCC979A6-E8DF-458F-8E25-00C21CBFE3D4}] => (Allow) C:\Users\Bud Parker\AppData\Local\ddnowyes.exe
FirewallRules: [{9B3DE5B5-7918-4ADD-BA4F-653A980CEAE8}] => (Allow) C:\Users\BUDPAR~1\AppData\Local\Temp
\installer1.exe
FirewallRules: [{A62C2074-3420-4F50-9382-1BA25EA3FFF5}] => (Allow) C:\Users\Bud Parker\AppData\Local\59848303.exe
FirewallRules: [{628927C8-90BA-49A8-9A54-B8B136802E6C}] => (Allow) C:\Program Files (x86)\cataloged\royden.exe
==================== Restore Points =========================
26-07-2016 09:37:36 Revo Uninstaller Pro's restore point - System Healer
26-07-2016 09:51:11 Revo Uninstaller Pro's restore point - Advanced ScreenSnapshotTool 1.1.0.3011418
26-07-2016 09:54:45 Revo Uninstaller Pro's restore point - Power WebCam
26-07-2016 10:58:57 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
26-07-2016 12:39:39 Removed Itibiti RTC
26-07-2016 21:51:21 RegRun Virus Scan
26-07-2016 22:02:26 RegRun Virus Scan
26-07-2016 22:07:10 RegRun Virus Scan
27-07-2016 07:32:34 RegRun Virus Scan
27-07-2016 07:57:37 RegRun Virus Scan
27-07-2016 08:03:25 RegRun Virus Scan
27-07-2016 08:07:42 RegRun Virus Scan
27-07-2016 08:15:07 RegRun Virus Scan
27-07-2016 10:57:21 RegRun Virus Scan
27-07-2016 11:06:30 Revo Uninstaller Pro's restore point - SUPERAntiSpyware
27-07-2016 11:13:01 Revo Uninstaller Pro's restore point - Ashampoo Internet Accelerator 3 v.3.20
27-07-2016 19:48:32 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: NAVEX15
Description: NAVEX15
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVEX15
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/28/2016 12:55:18 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/28/2016 12:42:10 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/28/2016 12:42:02 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/28/2016 12:39:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SpeedConnectStartUp.exe, version: 8.0.0.0, time stamp: 0x5665b118
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434f4d
Fault offset: 0x000000000001a06d
Faulting process id: 0x%9
Faulting application start time: 0xSpeedConnectStartUp.exe0
Faulting application path: SpeedConnectStartUp.exe1
Faulting module path: SpeedConnectStartUp.exe2
Report Id: SpeedConnectStartUp.exe3
Error: (07/28/2016 12:37:49 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an
unhandled exception.
Exception Info: System.Management.ManagementException
at
System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at
System.Management.ManagementEventWatcher.WaitForNextEvent()
at first.Service1.checkmultipleservices(System.String[])
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run
(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at
System.Threading.ThreadHelper.ThreadStart()
Error: (07/28/2016 12:37:48 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being
used by another program.
DETAIL - The directory is not empty.
Error: (07/28/2016 11:57:54 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/28/2016 11:57:50 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/28/2016 11:43:37 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/28/2016 11:38:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x818
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
System errors:
=============
Error: (07/28/2016 01:01:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 01:01:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 01:01:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 12:59:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 12:59:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 12:59:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 12:59:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 12:59:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 12:59:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/28/2016 12:59:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2016-07-28 12:38:40.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-28 12:38:40.862
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-28 10:35:21.057
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-28 10:35:20.994
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-28 10:23:27.188
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-28 10:23:27.125
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-28 09:10:33.472
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-28 09:10:33.394
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-27 21:16:29.672
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-27 21:16:29.594
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 4025.98 MB
Available physical RAM: 1973.03 MB
Total Virtual: 8050.14 MB
Available Virtual: 5691.56 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:698.64 GB) (Free:190.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (BUD'S 32) (Fixed) (Total:30.44 GB) (Free:30.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1E15AC1C)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)
==================== End of Addition.txt ============================
Top
US Army, Retired
#19
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 12:22 PM
Just me thinkin' . . . Since I can delete the Lamzap & Lamzaps folders, yet somehow they are reinstalled within a minute or two, do you suppose I need to apply a firewall rule to stop this? Not sure how these two folders recover all the files so quickly.
Top
US Army, Retired
#20
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 July 2016 - 01:09 PM
Hey,
You have both AVG Anti Virus and Norton Internet Security installed, Microsoft recommends only one program, more than one is over kill and can hamper system performance. Your call but you need to go to Programs and Features in the Control Panel and uninstall one.
Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist.txt , Save it to your desktop where you have FRST/FRST64 or the fix wont work. Right Click on FRST/FRST64 and select RUN AS ADMINISTRATOR Then click on >FIX< (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
Start
CloseProcesses:
CreateRestorePoint:
AppInit_DLLs: C:\ProgramData\Lamzap\Trisjob.dll => C:\ProgramData\Lamzap\Trisjob.dll [363008 2016-07-28] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\UniKeytom.dll => C:\ProgramData\Lamzap\UniKeytom.dll [257536 2016-07-28] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRqk6-2J1dDO_JHaLMVOS-w--CGZIVWyy3ULudU-fYP5nBQp2vqq_LS4XumQStFDqrSWsU-x
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
URLSearchHook: [S-1-5-21-2712942507-1312882600-3786330889-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
FF Homepage: C:\\ProgramData\\Lamzaps\\ff.HP
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [684032 2016-07-28] () [File not signed]
R2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe [17920 2016-07-28] () [File not signed]
S1 rcpjibrp; \??\C:\Windows\system32\drivers\rcpjibrp.sys [X]
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\ProgramData\Lamzaps
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\ProgramData\Lamzap
2016-07-27 19:52 - 2016-06-14 16:26 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\IObit
2016-07-27 19:52 - 2016-06-14 16:26 - 00000000 ____D C:\ProgramData\IObit
Task: {2773AF30-0B0F-41B6-9285-42612D38BBCE} - \{780F7F47-0B09-0A08-0C11-7F0F7D0B110E} -> No File <====ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File<==== ATTENTION
Task: {33C71173-D2D4-4F8A-823E-0F23AE833053} - \Nuafti -> No File <==== ATTENTION
Task: {3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E} - \Windows 7 Manager - Logon Background Changer -> No File <====ATTENTION
Task: {457E19F9-1642-4860-BFDC-F1736A1C2064} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {48127161-63FA-4471-80C7-1BBF0B2DF394} - \Windows 7 Manager - Free Memory -> No File <==== ATTENTION
Task: {4D37D876-256E-404D-AA6C-EB690F7D0EF5} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {5D0C04FD-4463-48F9-B0AF-BA26C437581C} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {5F181AC9-68FD-4707-A713-553AB9B13718} - \GridinSoft Anti-Malware -> No File <==== ATTENTION
Task: {6AEDEFCA-1D1F-41F2-8D59-1EB15CCB9DD2} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6D27F417-027E-424D-8740-D5DBE165529F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {6E6EA461-E140-4163-9A8B-A70AA308E593} - \Driver Support-RTMScan -> No File <==== ATTENTION
Task: {70C411B4-A80F-4EF1-B766-FE52C7BA03BF} - \cad59fc9af939f2528d349888eab9565 -> No File <==== ATTENTION
Task: {722B9063-5102-48B3-8596-ED30B06BE771} - \Trojan Killer -> No File <==== ATTENTION
Task: {7CAF875D-C827-41F3-AFB2-DD3F7C641DE4} - System32\Tasks\Microsoft\Windows\DiskDiagno
Task: {84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - \Recovery Management\Burn Notification -> No File <==== ATTENTION
Task: {946D61B8-B2AE-4178-8623-6E2222066E16} - \Driver Support -> No File <==== ATTENTION
Task: {97A2E49F-9200-4A91-989F-82A0B674CF14} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask ->No File <==== ATTENTION
Task: {A1D89EEA-B491-4D35-BF74-2B93D6331E2C} - \Fucsybf -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <====ATTENTION
Task: {B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5} - \Driver Booster SkipUAC (Bud Parker) -> No File <==== ATTENTION
Task: {BA6E7936-A908-495B-847F-E63F4C29AA10} - \TweakBit\Driver Updater\Time for deal -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#21
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 July 2016 - 01:28 PM
We really dont want a firewall to block this pest, we want to completely remove it from your system..
If you look at the fix i just posted using FRST, any programs listed under AppInit_DLLs will load when windows is started and I added both those entries to the fix so that FRST can fix them
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#22
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 02:03 PM
Here is what I did earlier this afternoon. I booted in "Safe" mode with networking and ran AdwCleaner. It found Lamzap and deleted it. Also, Lamzaps. However it didn't fix the hijacked browser problem.
Then I got your fix for FRST64 and created the Fixlist file and ran "Fix."
Now the Demon has returned! I have the locked directories created by AdwCleaner and somehow the directories were recreated.
Can I post a photo from my desktop to illustrate?
Top
US Army, Retired
#23
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 July 2016 - 02:14 PM
Let me see the Fixlog that was created after the fix, go ahead and post the photo
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#24
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 02:18 PM
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Bud Parker (2016-07-28 14:35:36) Run:1
Running from C:\Users\Bud Parker\Desktop
Loaded Profiles: Bud Parker (Available Profiles: Bud Parker)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
AppInit_DLLs: C:\ProgramData\Lamzap\Trisjob.dll => C:\ProgramData\Lamzap\Trisjob.dll [363008 2016-07-28] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\UniKeytom.dll => C:\ProgramData\Lamzap\UniKeytom.dll [257536 2016-07-28] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRqk6-2J1dDO_JHaLMVOS-w--CGZIVWyy3ULudU-fYP5nBQp2vqq_LS4XumQStFDqrSWsU-x
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
URLSearchHook: [S-1-5-21-2712942507-1312882600-3786330889-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOrAODx9rEDelr3silyCuq64nA6VLMHJFa_etccP_CjtghLSPL2CdCJFMetLM5Ci4qvNkbi&q={searchTerms}
FF Homepage: C:\\ProgramData\\Lamzaps\\ff.HP
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [684032 2016-07-28] () [File not signed]
R2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe [17920 2016-07-28] () [File not signed]
S1 rcpjibrp; \??\C:\Windows\system32\drivers\rcpjibrp.sys [X]
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\ProgramData\Lamzaps
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\ProgramData\Lamzap
2016-07-27 19:52 - 2016-06-14 16:26 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\IObit
2016-07-27 19:52 - 2016-06-14 16:26 - 00000000 ____D C:\ProgramData\IObit
Task: {2773AF30-0B0F-41B6-9285-42612D38BBCE} - \{780F7F47-0B09-0A08-0C11-7F0F7D0B110E} -> No File <====ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File<==== ATTENTION
Task: {33C71173-D2D4-4F8A-823E-0F23AE833053} - \Nuafti -> No File <==== ATTENTION
Task: {3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E} - \Windows 7 Manager - Logon Background Changer -> No File <====ATTENTION
Task: {457E19F9-1642-4860-BFDC-F1736A1C2064} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {48127161-63FA-4471-80C7-1BBF0B2DF394} - \Windows 7 Manager - Free Memory -> No File <==== ATTENTION
Task: {4D37D876-256E-404D-AA6C-EB690F7D0EF5} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {5D0C04FD-4463-48F9-B0AF-BA26C437581C} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {5F181AC9-68FD-4707-A713-553AB9B13718} - \GridinSoft Anti-Malware -> No File <==== ATTENTION
Task: {6AEDEFCA-1D1F-41F2-8D59-1EB15CCB9DD2} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6D27F417-027E-424D-8740-D5DBE165529F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {6E6EA461-E140-4163-9A8B-A70AA308E593} - \Driver Support-RTMScan -> No File <==== ATTENTION
Task: {70C411B4-A80F-4EF1-B766-FE52C7BA03BF} - \cad59fc9af939f2528d349888eab9565 -> No File <==== ATTENTION
Task: {722B9063-5102-48B3-8596-ED30B06BE771} - \Trojan Killer -> No File <==== ATTENTION
Task: {7CAF875D-C827-41F3-AFB2-DD3F7C641DE4} - System32\Tasks\Microsoft\Windows\DiskDiagno
Task: {84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - \Recovery Management\Burn Notification -> No File <==== ATTENTION
Task: {946D61B8-B2AE-4178-8623-6E2222066E16} - \Driver Support -> No File <==== ATTENTION
Task: {97A2E49F-9200-4A91-989F-82A0B674CF14} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask ->No File <==== ATTENTION
Task: {A1D89EEA-B491-4D35-BF74-2B93D6331E2C} - \Fucsybf -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <====ATTENTION
Task: {B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5} - \Driver Booster SkipUAC (Bud Parker) -> No File <==== ATTENTION
Task: {BA6E7936-A908-495B-847F-E63F4C29AA10} - \TweakBit\Driver Updater\Time for deal -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
"C:\ProgramData\Lamzap\Trisjob.dll" => Value data not found.
"C:\ProgramData\Lamzap\UniKeytom.dll" => Value data not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => key removed successfully
HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64} => key not found.
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6}" => key removed successfully
HKCR\CLSID\{629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} => key not found.
"HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
Firefox "homepage" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Lamzap => service removed successfully
Ronzafind => service removed successfully
rcpjibrp => service removed successfully
C:\ProgramData\Lamzaps => moved successfully
C:\ProgramData\Lamzap => moved successfully
C:\Users\Bud Parker\AppData\Roaming\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2773AF30-0B0F-41B6-9285-42612D38BBCE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2773AF30-0B0F-41B6-9285-42612D38BBCE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{780F7F47-0B09-0A08-0C11-7F0F7D0B110E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33C71173-D2D4-4F8A-823E-0F23AE833053}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33C71173-D2D4-4F8A-823E-0F23AE833053}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Nuafti" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows 7 Manager - Logon Background Changer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{457E19F9-1642-4860-BFDC-F1736A1C2064}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{457E19F9-1642-4860-BFDC-F1736A1C2064}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48127161-63FA-4471-80C7-1BBF0B2DF394}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48127161-63FA-4471-80C7-1BBF0B2DF394}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows 7 Manager - Free Memory" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D37D876-256E-404D-AA6C-EB690F7D0EF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D37D876-256E-404D-AA6C-EB690F7D0EF5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMUpdater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D0C04FD-4463-48F9-B0AF-BA26C437581C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D0C04FD-4463-48F9-B0AF-BA26C437581C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMRules" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F181AC9-68FD-4707-A713-553AB9B13718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F181AC9-68FD-4707-A713-553AB9B13718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GridinSoft Anti-Malware" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6AEDEFCA-1D1F-41F2-8D59-1EB15CCB9DD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AEDEFCA-1D1F-41F2-8D59-1EB15CCB9DD2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D27F417-027E-424D-8740-D5DBE165529F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D27F417-027E-424D-8740-D5DBE165529F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E6EA461-E140-4163-9A8B-A70AA308E593}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E6EA461-E140-4163-9A8B-A70AA308E593}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support-RTMScan" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70C411B4-A80F-4EF1-B766-FE52C7BA03BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70C411B4-A80F-4EF1-B766-FE52C7BA03BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cad59fc9af939f2528d349888eab9565" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{722B9063-5102-48B3-8596-ED30B06BE771}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{722B9063-5102-48B3-8596-ED30B06BE771}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Trojan Killer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CAF875D-C827-41F3-AFB2-DD3F7C641DE4} => key not found.
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagno => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagno => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CBC52E6-A71C-44E4-BC04-11A69CB3D793}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CBC52E6-A71C-44E4-BC04-11A69CB3D793}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Recovery Management\Burn Notification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{946D61B8-B2AE-4178-8623-6E2222066E16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{946D61B8-B2AE-4178-8623-6E2222066E16}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Support" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97A2E49F-9200-4A91-989F-82A0B674CF14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97A2E49F-9200-4A91-989F-82A0B674CF14}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1D89EEA-B491-4D35-BF74-2B93D6331E2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1D89EEA-B491-4D35-BF74-2B93D6331E2C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Fucsybf" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Bud Parker)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA6E7936-A908-495B-847F-E63F4C29AA10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA6E7936-A908-495B-847F-E63F4C29AA10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\Driver Updater\Time for deal" => key removed successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End ofCMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12779337 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 27027025 B
Edge => 0 B
Chrome => 0 B
Firefox => 235594806 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 33186 B
systemprofile32 => 33186 B
LocalService => 33058 B
NetworkService => 33058 B
Bud Parker => 4229765 B
RecycleBin => 7409920 B
EmptyTemp: => 285.9 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 14:36:43 ====
Top
US Army, Retired
#25
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 02:20 PM
When I try to upload the image it asks for a URL? I can drag to photo to the post, but the system doesn't like the file extension. Won't accept it...
Top
US Army, Retired
Register to Remove
#26
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 July 2016 - 02:26 PM
Click on MORE REPLY OPTIONS and then you can attach the picture
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#27
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 02:33 PM
The Red Arrows show what AdwCleaner did. Blue Arrows are what something recreated the directories...
See attached photo
Top
US Army, Retired
#28
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 July 2016 - 02:52 PM
It didnt take, you may have to attach it again
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#29
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 July 2016 - 02:58 PM
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#30
Top
-
- Authentic Member
-
- 73 posts
Authentic Member
Posted 28 July 2016 - 02:58 PM
Photo again
Top
US Army, Retired
Also tagged with one or more of these keywords: Malware, Virus, Lamzap
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
