I just went to the ProgramData directory and deleted Lamzaps directory.
Edited by Klard, 30 July 2016 - 01:41 PM.
Posted 30 July 2016 - 01:19 PM
I just went to the ProgramData directory and deleted Lamzaps directory.
Edited by Klard, 30 July 2016 - 01:41 PM.
Top
US Army, Retired
Register to Remove
Posted 30 July 2016 - 01:28 PM
Set FF back to defauts
Posted 30 July 2016 - 01:43 PM
FRST64 results
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Bud Parker (administrator) on BUDS-GATEWAY (30-07-2016 14:21:25)
Running from C:\Users\Bud Parker\Desktop
Loaded Profiles: Bud Parker (Available Profiles: Bud Parker)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Atomic Alarm Clock\timeserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe
() C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
() C:\ProgramData\Lamzap\Lamzap.exe
() C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sonix Technology Co., Ltd.) C:\Windows\PLFSetL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Savard Software) C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2010-02-12] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM-x32\...\Run: [APSDaemon] => "c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [1609728 2014-06-10] ()
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [uTorrent] => C:\Users\Bud Parker\AppData\Roaming\uTorrent\uTorrent.exe [1988096 2016-07-21] (BitTorrent Inc.)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-03-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Lamzap\Vilasuntip.dll => C:\ProgramData\Lamzap\Vilasuntip.dll [363008 2016-07-30] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\Truela.dll => C:\ProgramData\Lamzap\Truela.dll [257536 2016-07-30] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-07-28]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
Startup: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLaunch.lnk [2016-07-28]
ShortcutTarget: TurboLaunch.lnk -> C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe (Savard Software)
BootExecute: autocheck autochk * Partizan
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.4yendex.com/?tn=sdks_inner_hp_01_4yendex_us&guid=a9ba3260f11914ff8ec6c45dec710ad7
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.4yendex.com/?tn=sdks_inner_hp_01_4yendex_us&guid=a9ba3260f11914ff8ec6c45dec710ad7
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRu6YyPDKR6EnsARTPzm1MS7KiDVPajdETTOgaHJizhX9F8H8QcgbfJW8bWvpmjq_dQOMogw
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603164505l03g4z125a4872v290
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {D8F60375-AAD4-4073-A71F-CEB79C2DA690} URL = hxxps://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Homepage: C:\\ProgramData\\Lamzaps\\ff.HP
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-10-01] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\pavel.sherbakov@gmail.com [2016-07-29]
FF Extension: Yet Another Smooth Scrolling - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\yetanothersmoothscrolling@kataho.xpi [2016-07-29]
FF Extension: LastPass - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\support@lastpass.com [2016-07-29]
FF Extension: DownThemAll! - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-07-30]
FF Extension: Tab Mix Plus - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-07-30]
FF Extension: All Aboard - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\Extensions\@all-aboard-v1 [2016-07-29]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}] - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_FF.xpi
FF Extension: VideoGet FireFox extension - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_FF.xpi [2014-06-12] [not signed]
FF HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
S3 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [684032 2016-07-28] () [File not signed]
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-10-01] (Nitro PDF Software)
S4 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2009-08-28] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe [17920 2016-07-30] () [File not signed]
R2 Sumdrill; C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe [8192 2016-07-28] () [File not signed]
R2 Toughstreet; C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe [8704 2016-07-28] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\Av\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe" [X]
S2 Greg_Service; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [X]
S2 RichVideo64; "C:\Program Files\CyberLink\Shared files\RichVideo64.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [38112 2014-08-22] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S2 CDRPDACC; C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys [5273 2005-12-05] (Arrowkey) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-01] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [31832 2016-02-22] (ELAN Microelectronic Corp.)
R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-07-30] (Malwarebytes)
R0 FlashBoot; C:\Windows\System32\DRIVERS\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-14] (REALiX)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-07-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-07-30] (Malwarebytes)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-07-26] (Greatis Software)
S3 rp24msdrv; C:\Windows\System32\drivers\rp24msdrv.sys [28416 2010-12-01] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2010-02-12] ()
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2009-08-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2009-08-28] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-29] ()
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-11-12] (Western Digital Technologies)
R2 WinVd32; C:\Windows\WinVd32.sys [197728 2016-03-31] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.007\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.007\EX64.SYS [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S1 rcpjibrp; \??\C:\Windows\system32\drivers\rcpjibrp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-30 14:21 - 2016-07-30 14:22 - 00025968 _____ C:\Users\Bud Parker\Desktop\FRST.txt
2016-07-30 13:56 - 2016-07-30 13:56 - 00000000 ____D C:\Users\Bud Parker\Roundtouch
2016-07-30 13:56 - 2016-07-30 13:56 - 00000000 ____D C:\Users\Bud Parker\Roundhigh
2016-07-30 13:56 - 2016-07-30 13:56 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Ronzafind
2016-07-30 13:56 - 2016-07-30 13:56 - 00000000 ____D C:\Program Files\Common Files\antexon
2016-07-30 13:55 - 2016-07-30 13:56 - 00000000 ____D C:\ProgramData\Lamzap
2016-07-30 13:55 - 2016-07-30 13:55 - 00000000 ____D C:\Program Files\Vivabecan
2016-07-30 13:51 - 2016-07-30 13:51 - 00000000 ____D C:\Program Files\Common Files\Good-fase
2016-07-30 13:51 - 2016-07-30 13:51 - 00000000 ____D C:\Program Files\Common Files\Con-techi
2016-07-30 13:50 - 2016-07-30 13:50 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Silverstrip
2016-07-30 13:49 - 2016-07-30 13:49 - 00000000 ____D C:\Program Files\Tempkix
2016-07-30 13:30 - 2016-07-30 13:58 - 00001244 _____ C:\Users\Bud Parker\Desktop\Fixlog.txt
2016-07-30 13:19 - 2016-07-30 13:19 - 02394112 _____ (Farbar) C:\Users\Bud Parker\Desktop\FRST64.exe
2016-07-30 13:09 - 2016-07-30 13:09 - 00005523 _____ C:\Users\Bud Parker\Desktop\Regfix.reg
2016-07-30 12:40 - 2016-07-30 12:40 - 04770269 _____ C:\Users\Bud Parker\Downloads\dfsetup219.zip
2016-07-30 12:34 - 2016-07-30 12:34 - 01196480 _____ (RaMMicHaeL) C:\Users\Bud Parker\Downloads\unchecky_setup.exe
2016-07-30 12:27 - 2016-07-30 12:27 - 00001151 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk
2016-07-30 12:27 - 2016-07-30 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2016-07-30 12:27 - 2016-07-30 12:27 - 00000000 ____D C:\ProgramData\IObit
2016-07-30 12:27 - 2016-07-30 12:27 - 00000000 ____D C:\Program Files (x86)\IObit
2016-07-30 12:26 - 2016-07-30 12:26 - 02451912 _____ (IObit ) C:\Users\Bud Parker\Desktop\unlocker-setup.exe
2016-07-30 11:58 - 2016-07-30 11:59 - 440164702 _____ C:\Users\Bud Parker\Desktop\BackupWholeRegistry(20160730)PreBigFix4Lamzap.reg
2016-07-30 11:54 - 2016-07-30 11:55 - 00000000 ____D C:\Users\Bud Parker\Desktop\Registry Backup
2016-07-30 11:53 - 2016-07-30 11:53 - 00000000 ____D C:\RegBackup
2016-07-30 11:52 - 2016-07-30 13:44 - 00000000 ____D C:\Users\Bud Parker\Desktop\tweaking.com_registry_backup_portable
2016-07-30 11:51 - 2016-07-30 11:51 - 03251071 _____ C:\Users\Bud Parker\Downloads\tweaking.com_registry_backup_portable.zip
2016-07-30 10:30 - 2016-07-30 11:06 - 00015552 _____ C:\Users\Bud Parker\Downloads\SystemLook.txt
2016-07-30 10:29 - 2016-07-30 10:29 - 00165376 _____ C:\Users\Bud Parker\Downloads\SystemLook_x64(1).exe
2016-07-30 10:14 - 2016-07-30 10:14 - 00000000 ____D C:\Windows\zunfind
2016-07-30 10:14 - 2016-07-30 10:14 - 00000000 ____D C:\Users\Bud Parker\Howdrill
2016-07-30 10:11 - 2016-07-30 10:11 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Overtechi
2016-07-30 09:28 - 2016-07-30 09:28 - 00000265 _____ C:\Users\Bud Parker\Desktop\httpimages.malwar...temLook_x64.exe.URL
2016-07-30 09:23 - 2016-07-30 09:23 - 00165376 _____ C:\Users\Bud Parker\Desktop\SystemLook_x64.exe
2016-07-30 09:15 - 2016-07-30 09:15 - 00000000 ____D C:\Users\Bud Parker\Dongphase
2016-07-30 09:15 - 2016-07-30 09:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Zaptech
2016-07-30 09:15 - 2016-07-30 09:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Lotzumbam
2016-07-30 09:14 - 2016-07-30 09:14 - 00000000 ____D C:\Program Files\zath-trax
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Bud Parker\Documents\HP Photosmart Projects
2016-07-30 08:04 - 2016-07-30 12:25 - 00000000 ____D C:\Users\Bud Parker\Desktop\MALWARE Apps
2016-07-29 23:37 - 2016-07-30 13:37 - 00000000 ____D C:\i
2016-07-29 23:31 - 2016-07-29 23:31 - 00000000 ____D C:\Windows\Donelectrics
2016-07-29 23:30 - 2016-07-29 23:30 - 00000000 ____D C:\Users\Bud Parker\Lanegreen
2016-07-29 18:01 - 2016-07-29 18:01 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Plextone
2016-07-29 18:01 - 2016-07-29 18:01 - 00000000 ____D C:\ProgramData\J-bela
2016-07-29 17:12 - 2016-07-30 09:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-29 17:11 - 2016-07-29 17:11 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Bud Parker\Downloads\mbar-1.09.3.1001(1).exe
2016-07-29 17:11 - 2016-07-29 17:11 - 00000000 ____D C:\Users\Bud Parker\Desktop\MBAMrootkit
2016-07-29 15:49 - 2016-07-29 15:49 - 00044070 _____ C:\ComboFix.txt
2016-07-29 15:25 - 2016-07-29 15:51 - 00000000 ____D C:\ComboFix
2016-07-29 14:31 - 2016-07-29 14:31 - 00000000 ____D C:\Windows\Ganja-lane
2016-07-29 14:31 - 2016-07-29 14:31 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Plexway
2016-07-29 14:31 - 2016-07-29 14:31 - 00000000 ____D C:\Program Files\Common Files\zencare
2016-07-29 14:30 - 2016-07-29 14:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Tamcan
2016-07-29 10:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-29 10:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-29 10:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-29 10:40 - 2016-07-29 15:49 - 00000000 ____D C:\Qoobox
2016-07-29 10:39 - 2016-07-29 13:24 - 00000000 ____D C:\Windows\erdnt
2016-07-29 10:38 - 2016-07-29 10:38 - 05659746 ____R (Swearware) C:\Users\Bud Parker\Downloads\ComboFix.exe
2016-07-29 09:20 - 2016-07-29 09:20 - 02953520 _____ (AVAST Software) C:\Users\Bud Parker\Downloads\avast-browser-cleanup.exe
2016-07-29 09:19 - 2016-07-29 09:19 - 00000000 ____D C:\AdwCleaner
2016-07-29 09:07 - 2016-07-29 09:07 - 00000000 ____D C:\Users\Bud Parker\O-techno
2016-07-29 09:07 - 2016-07-29 09:07 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Fasedom
2016-07-29 09:07 - 2016-07-29 09:07 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Lotzumbam
2016-07-29 09:06 - 2016-07-30 13:56 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-07-28 23:47 - 2016-07-29 11:57 - 00003246 _____ C:\Windows\System32\Tasks\GridinSoft Anti-Malware
2016-07-28 23:15 - 2016-07-29 13:19 - 00000000 ____D C:\ProgramData\LAMZAP.del
2016-07-28 23:15 - 2016-07-28 23:15 - 00000000 ____D C:\Users\Bud Parker\lineholdings
2016-07-28 23:15 - 2016-07-28 23:15 - 00000000 ____D C:\Program Files\Common Files\zotelectronics
2016-07-28 23:14 - 2016-07-28 23:14 - 00000000 ____D C:\Users\Bud Parker\Vialux
2016-07-28 21:58 - 2016-07-28 21:58 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Resontaxon
2016-07-28 21:57 - 2016-07-28 21:57 - 00000000 ____D C:\Windows\Cone-plus
2016-07-28 18:06 - 2016-07-28 18:06 - 00000000 ____D C:\Program Files\Common Files\Zamnix
2016-07-28 18:04 - 2016-07-30 10:14 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Donelectrics
2016-07-28 17:54 - 2016-07-28 17:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 17:54 - 2016-07-28 17:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 16:03 - 2016-07-29 09:43 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-28 16:02 - 2016-07-28 16:02 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-28 16:02 - 2016-07-28 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-28 16:02 - 2016-07-28 16:02 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-28 16:00 - 2016-07-28 16:01 - 34626472 _____ (Adlice Software ) C:\Users\Bud Parker\Downloads\setup.exe
2016-07-28 14:41 - 2016-07-28 14:41 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\zunfind
2016-07-28 14:41 - 2016-07-28 14:41 - 00000000 ____D C:\Program Files\Common Files\Tamcan
2016-07-28 14:30 - 2016-07-28 14:30 - 00000000 ____D C:\Users\Bud Parker\kongreen
2016-07-28 14:30 - 2016-07-28 14:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\unaelectrics
2016-07-28 14:22 - 2016-07-30 09:13 - 00000248 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-07-28 14:22 - 2016-07-28 14:26 - 00208768 _____ C:\Windows\ntbtlog.txt
2016-07-28 14:22 - 2016-07-28 14:22 - 643075160 _____ C:\Windows\MEMORY.DMP
2016-07-28 14:22 - 2016-07-28 14:22 - 00281936 _____ C:\Windows\Minidump\072816-20560-01.dmp
2016-07-28 14:22 - 2016-07-28 14:22 - 00000000 ____D C:\Windows\Minidump
2016-07-28 14:03 - 2016-07-28 14:03 - 00000000 ____D C:\Windows\Geocode
2016-07-28 12:42 - 2016-07-28 12:42 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Donice
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\Users\Bud Parker\Vaiatech
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Dongphase
2016-07-28 10:44 - 2016-07-28 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2016-07-28 10:44 - 2016-07-28 10:44 - 00000000 ____D C:\Program Files (x86)\Greatis
2016-07-28 10:38 - 2016-07-28 10:38 - 00000000 ____D C:\ProgramData\Indigo-code
2016-07-28 10:35 - 2016-07-28 12:37 - 00000000 ____D C:\Users\TEMP
2016-07-28 10:27 - 2016-07-28 10:27 - 00000000 ____D C:\Windows\Flextouch
2016-07-28 10:26 - 2016-07-28 14:30 - 00000000 ____D C:\Users\Bud Parker\Stantexon
2016-07-28 10:26 - 2016-07-28 10:26 - 00000000 ____D C:\Users\Bud Parker\Technotouch
2016-07-28 10:24 - 2016-07-28 10:24 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Funlam
2016-07-28 10:05 - 2016-07-28 10:05 - 18438761 _____ C:\Users\Bud Parker\Downloads\unhackme-pdf.zip
2016-07-28 09:16 - 2016-07-28 09:16 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zumhow
2016-07-27 22:08 - 2016-07-28 12:43 - 00000217 _____ C:\Users\Bud Parker\Desktop\search,safefinder.txt
2016-07-27 19:30 - 2016-07-27 19:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Iceit
2016-07-27 19:15 - 2016-07-27 19:15 - 03712064 _____ C:\Users\Bud Parker\Downloads\AdwCleaner.exe
2016-07-27 18:54 - 2016-07-30 13:54 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-07-27 18:54 - 2016-07-27 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-07-27 18:54 - 2016-07-27 18:54 - 00000000 ____D C:\Program Files\Malwarebytes
2016-07-27 18:24 - 2016-07-27 18:24 - 02050596 _____ C:\Users\Bud Parker\Downloads\tweaking.com_simple_system_tweaker_portable.zip
2016-07-27 18:17 - 2016-07-27 18:18 - 37457368 _____ (Malwarebytes ) C:\Users\Bud Parker\Downloads\MBARW_Setup.exe
2016-07-27 17:43 - 2016-07-30 14:21 - 00000000 ____D C:\FRST
2016-07-27 17:39 - 2016-07-27 17:39 - 00000512 _____ C:\Users\Bud Parker\Desktop\MBR.dat
2016-07-27 16:43 - 2016-07-27 16:43 - 05198336 _____ (AVAST Software) C:\Users\Bud Parker\Downloads\aswMBR.exe
2016-07-27 13:43 - 2016-07-28 09:10 - 00000000 ____D C:\Windows\kongreen
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\Users\Bud Parker\Lamdex
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Hexice
2016-07-27 13:42 - 2016-07-27 13:42 - 00000000 ____D C:\Program Files\Common Files\Quotom
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zathplanet
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Program Files\Common Files\Dongphase
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\Users\Bud Parker\Kon-bam
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\Program Files\Common Files\O-techno
2016-07-27 13:20 - 2016-07-29 23:31 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Codelane
2016-07-27 11:05 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\Quocane
2016-07-27 11:05 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\Donquote
2016-07-27 11:03 - 2016-07-27 11:03 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\E-zoplex
2016-07-27 09:23 - 2016-07-27 09:23 - 22851472 _____ (Malwarebytes ) C:\Users\Bud Parker\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Users\Bud Parker\doubleholding
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Vivacon
2016-07-27 09:03 - 2016-07-27 09:03 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Subcorporation
2016-07-27 08:04 - 2016-07-27 08:04 - 00000000 ____D C:\Windows\unolab
2016-07-27 08:02 - 2016-07-27 08:02 - 00000000 ____D C:\Users\Bud Parker\Tranzone
2016-07-27 07:33 - 2016-07-27 07:33 - 00000000 ____D C:\Users\Bud Parker\Bigholding
2016-07-27 07:33 - 2016-07-27 07:33 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Zerron
2016-07-27 07:32 - 2016-07-27 10:49 - 00000000 ____D C:\Windows\Saocore
2016-07-27 07:30 - 2016-07-27 07:30 - 00000000 ____D C:\Program Files\Common Files\Joymedbase
2016-07-27 07:25 - 2016-07-30 14:20 - 00001020 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-27 07:23 - 2016-07-27 07:23 - 48521840 _____ C:\Users\Bud Parker\Downloads\Firefox Setup 47.0.1.exe
2016-07-26 22:07 - 2016-07-29 12:02 - 00000000 ____D C:\@RestoreQuarantine
2016-07-26 22:02 - 2016-07-26 22:02 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zerzim
2016-07-26 22:01 - 2016-07-26 22:01 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zaamcom
2016-07-26 21:57 - 2016-07-27 08:53 - 00002093 _____ C:\Windows\system32\Partizan.RRI
2016-07-26 17:50 - 2016-07-26 17:50 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Refind
2016-07-26 17:50 - 2016-07-26 17:50 - 00000000 ____D C:\Program Files\Common Files\Kondrill
2016-07-26 17:49 - 2016-07-26 17:49 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\J-bela
2016-07-26 17:11 - 2016-07-26 17:11 - 00000000 ____D C:\Users\Bud Parker\Overtechi
2016-07-26 16:36 - 2016-07-30 10:12 - 00000000 ____D C:\ProgramData\RegRun
2016-07-26 16:34 - 2016-07-26 16:34 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2016-07-26 16:33 - 2016-07-29 22:22 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-07-26 16:33 - 2016-07-28 10:44 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-07-26 16:33 - 2016-07-27 11:04 - 00003342 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2016-07-26 16:33 - 2016-07-26 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-07-26 16:33 - 2016-07-07 13:06 - 00015016 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2016-07-26 16:33 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-07-26 16:30 - 2016-07-26 16:31 - 18064897 _____ C:\Users\Bud Parker\Downloads\unhackme.zip
2016-07-26 16:11 - 2016-07-29 23:28 - 00000000 ____D C:\Windows\howtrans
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Users\Bud Parker\Medialam
2016-07-26 16:07 - 2016-07-26 16:07 - 00000000 ____D C:\Windows\Kon-bam
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Ronlux
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Common Files\Ronlux
2016-07-26 15:38 - 2016-07-26 15:45 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Canunoing
2016-07-26 15:38 - 2016-07-26 15:38 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Roundtouch
2016-07-26 15:14 - 2016-07-26 15:14 - 03712064 _____ C:\Users\Bud Parker\Downloads\adwcleaner_5.201.exe
2016-07-26 13:17 - 2016-07-28 09:16 - 00000000 ____D C:\Users\Bud Parker\zunfind
2016-07-26 13:15 - 2016-07-28 14:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Toughstreet
2016-07-26 13:15 - 2016-07-28 14:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Sumdrill
2016-07-26 11:18 - 2016-07-26 11:19 - 52437728 _____ (Microsoft Corporation) C:\Users\Bud Parker\Downloads\Windows-KB890830-x64-V5.38.exe
2016-07-26 10:58 - 2016-07-26 10:58 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-07-26 09:47 - 2016-07-26 12:33 - 00000000 ____D C:\Windows\SysWOW64\databases-incognito
2016-07-26 09:30 - 2016-07-25 23:25 - 00629760 _____ () C:\Users\Public\Documents\usblock.exe
2016-07-26 09:10 - 2016-07-26 09:10 - 07105536 _____ C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:10 - 2016-07-26 09:10 - 00018432 _____ C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-07-26 09:07 - 2016-07-26 09:07 - 00031411 _____ C:\Windows\cad59fc9af939f2528d349888eab9565.ps1
2016-07-26 09:06 - 2016-07-27 10:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Apps\2.0
2016-07-26 09:06 - 2016-07-26 09:06 - 00129024 _____ C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-26 08:51 - 2016-07-26 08:51 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\c
2016-07-26 08:50 - 2016-07-29 08:28 - 00000000 ___HD C:\Program Files (x86)\tai
2016-07-24 20:44 - 2016-07-24 20:44 - 08677830 _____ C:\Users\Bud Parker\Downloads\Sharkmouth AH-1G's in Vietnam (Récupéré).pdf
2016-07-24 20:44 - 2016-07-24 20:44 - 04353501 _____ C:\Users\Bud Parker\Downloads\68-17365 Rod Willis Loach 2nd Draft.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 03203865 _____ C:\Users\Bud Parker\Downloads\Loaches of the 4th cav 1st sqn D trp.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 02355380 _____ C:\Users\Bud Parker\Downloads\Miss Claude IV 1st update.pdf
2016-07-24 20:42 - 2016-07-24 20:43 - 02194618 _____ C:\Users\Bud Parker\Downloads\C Troop 16th Cav.pdf
2016-07-24 19:47 - 2016-07-24 20:37 - 00000000 ____D C:\Users\Bud Parker\Desktop\Stewart
2016-07-24 16:09 - 2016-07-30 13:54 - 00000294 _____ C:\Windows\Tasks\Windows 7 Manager - Free Memory.job
2016-07-24 15:24 - 2016-07-25 13:35 - 02713066 _____ C:\Users\Bud Parker\Desktop\EMS Claim DotDot.pdf
2016-07-24 14:15 - 2016-07-24 14:14 - 06901516 _____ C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-07-23 22:14 - 2016-07-23 22:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-07-23 10:29 - 2016-07-23 10:29 - 00002170 _____ C:\Users\Bud Parker\Desktop\GREAT TRUTHS THAT LITTLE CHILDREN HAVE LEARNED.txt
2016-07-20 17:03 - 2016-07-20 17:05 - 00014357 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 1 July to 20 July 16.xlsm
2016-07-20 16:38 - 2016-07-20 17:05 - 00013225 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 21 Jun to 20 July 16.xlsm
2016-07-20 11:29 - 2016-07-20 11:30 - 00279521 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160720.zip
2016-07-20 11:28 - 2016-07-20 11:28 - 00084009 _____ C:\Users\Bud Parker\Documents\Dorothy Appt 8 Aug 16.pdf
2016-07-20 11:27 - 2016-07-20 11:27 - 00083178 _____ C:\Users\Bud Parker\Documents\Appt Dot.pdf
2016-07-19 12:27 - 2016-07-28 09:11 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-19 12:27 - 2016-07-19 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-19 12:26 - 2016-07-19 12:27 - 00000000 ____D C:\Program Files\iTunes
2016-07-19 12:16 - 2016-07-28 09:11 - 00001806 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-07-19 12:16 - 2016-07-19 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-19 08:54 - 2016-07-19 08:54 - 00014249 _____ C:\Users\Bud Parker\Documents\On Sheep.txt
2016-07-17 21:40 - 2016-07-17 21:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\DiskAid
2016-07-16 21:02 - 2016-07-16 21:03 - 00206885 _____ C:\Users\Bud Parker\Downloads\militarycallsignlist-apr09.pdf
2016-07-16 09:58 - 2016-07-16 09:58 - 00279514 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160716.zip
2016-07-16 09:58 - 2016-07-16 09:58 - 00043839 _____ C:\Users\Bud Parker\Desktop\Dot Health Summary.pdf
2016-07-15 11:15 - 2016-07-15 12:04 - 00014455 _____ C:\Users\Bud Parker\Documents\Dot Med Schedule.xlsx
2016-07-14 22:19 - 2016-07-29 12:00 - 00000000 ____D C:\Users\Bud Parker\Documents\RegRun2
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\winstart.bat
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-07-14 12:18 - 2016-06-11 01:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 23:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 12:18 - 2016-06-10 16:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 12:18 - 2016-06-10 16:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 12:18 - 2016-06-10 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 16:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 12:18 - 2016-06-10 16:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 16:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 12:18 - 2016-06-10 16:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 12:18 - 2016-06-10 16:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 12:18 - 2016-06-10 16:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 16:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 12:18 - 2016-06-10 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 12:18 - 2016-06-10 16:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 15:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 12:18 - 2016-06-10 15:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 15:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 12:18 - 2016-06-10 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 15:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 12:18 - 2016-06-10 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 12:18 - 2016-06-10 15:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 15:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 15:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 12:18 - 2016-06-10 15:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 12:18 - 2016-06-10 15:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 12:18 - 2016-06-10 15:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 15:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 15:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 14:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 12:18 - 2016-06-10 14:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 12:18 - 2016-06-10 14:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 12:18 - 2016-06-10 14:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 14:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 12:18 - 2016-06-10 13:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 13:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 13:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 12:18 - 2016-06-10 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 13:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 13:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 12:18 - 2016-06-10 13:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 12:18 - 2016-06-10 13:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 13:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 13:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 12:18 - 2016-06-10 13:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 12:18 - 2016-06-10 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 12:18 - 2016-06-10 13:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 13:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 12:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 12:18 - 2016-06-10 12:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 12:18 - 2016-06-10 12:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 12:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 09:08 - 2016-06-25 14:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 09:08 - 2016-06-25 14:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 09:08 - 2016-06-25 14:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 09:07 - 2016-06-25 19:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 09:07 - 2016-06-25 19:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 09:07 - 2016-06-22 08:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 09:00 - 2016-06-14 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 08:40 - 2016-07-14 08:42 - 00000000 ____D C:\Users\Bud Parker\Desktop\Dot Wheel Chair
2016-07-14 07:28 - 2016-07-14 07:29 - 00690584 _____ (Dropbox, Inc.) C:\Users\Bud Parker\Downloads\DropboxInstaller.exe
2016-07-13 21:49 - 2016-07-13 22:00 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-13 20:16 - 2016-07-13 20:14 - 00549120 _____ C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg
2016-07-12 12:50 - 2016-07-13 22:24 - 00000000 ____D C:\Users\Bud Parker\Desktop\Sentra Wreck 11 Jul 16
2016-07-09 20:33 - 2016-07-09 20:33 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\HP
2016-07-09 13:18 - 2016-07-09 13:18 - 00000251 _____ C:\Users\Bud Parker\Documents\Toshiba Laptop Error Message.txt
2016-07-06 11:12 - 2016-07-06 11:12 - 01712693 _____ C:\Users\Bud Parker\Desktop\Sanatize Poultry Water.pdf
2016-07-04 10:34 - 2016-07-04 10:56 - 00002751 _____ C:\Users\Bud Parker\Documents\Railroad.txt
2016-07-02 22:01 - 2016-07-02 22:01 - 00000000 ____D C:\Users\Bud Parker\Documents\Important Documents Passport TWIC
2016-07-02 21:59 - 2016-07-30 08:27 - 00000000 ____D C:\Users\Bud Parker\Documents\Timesheets, Walsh
2016-07-02 21:58 - 2010-12-17 20:28 - 00028474 _____ C:\Users\Bud Parker\Documents\Opening Combination Locks and etc.odt
2016-07-02 15:17 - 2016-07-02 16:24 - 00000000 ____D C:\Users\Bud Parker\Television Series
2016-07-01 10:52 - 2016-07-01 10:55 - 00000047 _____ C:\Users\Bud Parker\Documents\SN List.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-07-30 14:10 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-30 14:10 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-30 13:59 - 2016-06-11 10:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-30 13:59 - 2016-06-04 12:20 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\uTorrent
2016-07-30 13:56 - 2016-03-18 16:58 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-30 13:56 - 2016-03-18 16:27 - 00000000 ____D C:\Users\Bud Parker
2016-07-30 13:54 - 2016-06-11 10:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-30 13:54 - 2016-06-10 10:34 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-30 13:54 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-30 13:53 - 2016-03-18 21:24 - 00227568 ____H C:\Users\Bud Parker\AppData\Roaming\TurboLaunch_IconCache.dat
2016-07-30 12:04 - 2016-06-13 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisableStartup
2016-07-30 10:42 - 2016-06-20 10:09 - 00000000 ____D C:\Users\Bud Parker\AppData\LocalLow\LastPass
2016-07-29 22:03 - 2016-04-01 21:06 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-29 15:42 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-07-29 13:27 - 2016-03-21 18:47 - 00000000 ____D C:\Users\Recovered Data
2016-07-29 13:19 - 2009-07-13 21:34 - 95158272 _____ C:\Windows\system32\config\software.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 22806528 _____ C:\Windows\system32\config\system.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-07-29 13:18 - 2009-07-13 21:34 - 37224448 _____ C:\Windows\system32\config\components.bak
2016-07-29 11:01 - 2016-06-05 15:00 - 00000000 ____D C:\Users\Bud Parker\Desktop\Pickup Truck Music
2016-07-29 09:29 - 2016-03-18 18:48 - 00000000 ____D C:\Users\Bud Parker\Desktop\Old Firefox Data
2016-07-29 08:28 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\Portable
2016-07-29 08:08 - 2009-07-14 00:13 - 00782248 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-29 08:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-28 14:36 - 2016-03-18 21:09 - 00000000 ___SD C:\Users\Bud Parker\AppData\LocalLow\Temp
2016-07-28 09:12 - 2016-06-11 10:25 - 00002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-07-28 09:12 - 2016-03-19 16:01 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-28 09:12 - 2016-03-18 21:24 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboLaunch.lnk
2016-07-28 09:12 - 2016-03-18 18:47 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2016-07-28 09:12 - 2016-03-18 16:41 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2016-07-28 09:12 - 2016-03-18 16:40 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2016-07-28 09:12 - 2009-08-28 06:05 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2016-07-28 09:12 - 2009-08-28 05:33 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-28 09:12 - 2009-08-28 05:33 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-28 09:12 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-28 09:11 - 2016-06-27 20:39 - 00001120 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-07-28 09:11 - 2016-06-24 19:19 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2016-07-28 09:11 - 2016-06-24 10:48 - 00001038 _____ C:\Users\Bud Parker\Desktop\Folder Lock 6.lnk
2016-07-28 09:11 - 2016-06-04 12:24 - 00000848 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-07-28 09:11 - 2016-03-20 16:50 - 00001138 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Super DX-Ball Deluxe.lnk
2016-07-28 09:11 - 2016-03-19 16:41 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-07-28 09:11 - 2016-03-19 06:34 - 00001150 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-07-28 09:11 - 2014-12-11 13:27 - 00000355 _____ C:\Users\Bud Parker\Desktop\Computer.lnk
2016-07-28 09:11 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-28 09:11 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-28 02:46 - 2016-06-12 07:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-27 21:06 - 2016-06-10 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-27 20:28 - 2016-06-10 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-27 19:52 - 2016-04-18 11:29 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\CrashRpt
2016-07-27 18:54 - 2016-01-21 23:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-27 11:11 - 2009-08-28 06:06 - 00000000 ____D C:\ProgramData\Temp
2016-07-27 07:27 - 2016-03-18 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-27 07:25 - 2016-06-28 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-26 22:15 - 2016-03-22 19:27 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-26 09:23 - 2016-06-09 22:49 - 00000000 ____D C:\Windows\system32\SSL
2016-07-26 08:41 - 2016-04-30 17:21 - 00000000 ____D C:\Users\Bud Parker\Movies
2016-07-26 08:33 - 2016-03-18 19:09 - 00000000 ____D C:\Users\Bud Parker\Downloads\Torrents
2016-07-25 15:08 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\NBC
2016-07-24 14:17 - 2016-03-18 19:01 - 00000000 ___RD C:\Users\Bud Parker\Documents\Scanned Documents
2016-07-23 22:52 - 2016-04-16 20:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\ElevatedDiagnostics
2016-07-23 22:14 - 2016-03-29 20:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-23 22:14 - 2016-03-29 20:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-23 22:14 - 2016-03-29 20:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Adobe
2016-07-23 22:14 - 2014-12-21 21:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-23 22:14 - 2009-08-28 06:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-23 12:41 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Bud Parker\Documents\My Downloaded Video
2016-07-22 09:25 - 2016-03-21 10:20 - 00000000 __RSD C:\Users\Bud Parker\Desktop\Facebook Icons
2016-07-21 13:23 - 2016-03-26 21:35 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-20 11:27 - 2016-04-15 22:36 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Nitro PDF
2016-07-19 12:26 - 2016-04-18 13:09 - 00000000 ____D C:\Program Files\iPod
2016-07-19 12:19 - 2016-03-05 17:31 - 00000000 ____D C:\ProgramData\Apple
2016-07-19 12:16 - 2016-03-19 16:01 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-07-19 02:02 - 2016-03-21 20:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
2016-07-16 02:03 - 2016-06-25 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyWorship
2016-07-16 02:03 - 2016-06-22 12:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2016-07-16 02:03 - 2016-03-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC Registry Cleaner
2016-07-14 22:38 - 2009-08-28 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Recovery Management
2016-07-14 21:00 - 2009-07-13 23:45 - 00468856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 20:59 - 2016-03-27 03:37 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 20:59 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 20:57 - 2016-03-22 19:27 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 19:04 - 2016-06-13 08:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\vlc
2016-07-03 19:47 - 2016-05-09 21:27 - 00006999 _____ C:\Users\Bud Parker\Documents\A Soldier Died Today.odt
==================== Files in the root of some directories =======
2014-06-11 13:21 - 2014-04-25 04:55 - 0011560 _____ () C:\Program Files (x86)\COPYING.Apachev2
2014-06-11 13:21 - 2014-04-25 04:55 - 0025859 _____ () C:\Program Files (x86)\COPYING.LGPLv2
2014-06-11 13:21 - 2014-04-25 04:55 - 0007820 _____ () C:\Program Files (x86)\COPYING.LGPLv3
2016-07-26 09:10 - 2016-07-26 09:10 - 7105536 _____ () C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:06 - 2016-07-26 09:06 - 0129024 _____ () C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-26 09:10 - 2016-07-26 09:10 - 0018432 _____ () C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-03-31 16:57 - 2016-03-31 16:58 - 0000990 ___SH () C:\Users\Bud Parker\AppData\Roaming\systemfl.$dk
2016-03-21 21:14 - 2016-03-24 00:13 - 0000097 _____ () C:\Users\Bud Parker\AppData\Roaming\WB.CFG
2016-03-19 06:50 - 2016-03-31 16:35 - 0000700 ___SH () C:\Users\Bud Parker\AppData\Local\systemFL7.dat
2016-05-18 08:18 - 2016-05-18 08:18 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2016-03-19 16:35 - 2016-05-15 11:00 - 0003594 _____ () C:\ProgramData\hpzinstall.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-24 15:02
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Bud Parker (2016-07-30 14:24:16)
Running from C:\Users\Bud Parker\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-18 21:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2712942507-1312882600-3786330889-500 - Administrator - Disabled)
Bud Parker (S-1-5-21-2712942507-1312882600-3786330889-1001 - Administrator - Enabled) => C:\Users\Bud Parker
Guest (S-1-5-21-2712942507-1312882600-3786330889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2712942507-1312882600-3786330889-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\uTorrent) (Version: 3.4.8.42439 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atomic Alarm Clock 6.20 (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.61.7539 - AVG Technologies)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108 - CyberLink Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3201.50 - CyberLink Corp.)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Disk Doctors Windows Data Recovery 3.0.3.353 (HKLM-x32\...\Disk Doctors Windows Data Recovery_is1) (Version: - Disk Doctors Labs Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.36.5083 - Gretech Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.45 - GridinSoft LLC)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Printer Driver Software 13.0 Rel. 2 (HKLM\...\{F69E48F2-94B0-4272-845C-5F21F2A9815F}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
iExplorer 3.9.6.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Kutools for Word (HKLM\...\{1F20434C-8ECF-47DD-8D04-73914E36CEA7}) (Version: 7.10.112.0 - Detong Technology Ltd.)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Gateway)
Magic ISO Maker v5.5 (build 0276) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0276)) (Version: - )
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.15.416 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{0BEFCFE0-4373-41B6-8924-85FA78C9514D}) (Version: 8.0.3.1 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
Nuclear Coffee - VideoGet (HKLM\...\VideoGet_is1) (Version: 2014 - Nuclear Coffee)
PS_SF_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_SF_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quintessential Media Player (HKLM-x32\...\Quintessential Media Player) (Version: Version 5.0 - Quinnware)
Quintessential Player (HKLM-x32\...\Quintessential Player) (Version: 4.51 - Quinnware)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version: - Greatis Software, LLC.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedConnect Internet Accelerator v.8.0 (HKLM-x32\...\SpeedConnect Internet Accelerator v.8.0_is1) (Version: - CBS Software)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super DX-Ball Deluxe (HKLM-x32\...\Super DX-Ball Deluxe) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
Togethershare Data Recovery Trial 5.8.1 (HKLM-x32\...\Togethershare Data Recovery Trial 5.8.1_is1) (Version: - Togethershare)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboLaunch 5.1.4 (HKLM-x32\...\TurboLaunch_is1) (Version: 5.1.4.5 - Savard Software)
UnHackMe 8.12 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.11.1 - SuYin)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows 7 Manager (HKLM\...\{BA2DD58B-F35E-421F-AE30-0A856AEA8B38}) (Version: 4.3.9 - Yamicsoft)
Windows Driver Package - AMD (amdkmpfd) System (08/18/2014 14.201.1006.1001) (HKLM\...\52CC88C17478DF9A496DD7C4B6545110B51589A4) (Version: 08/18/2014 14.201.1006.1001 - AMD)
Windows Driver Package - Apple, Inc. (USBAAPL64) USB (12/12/2012 6.0.9999.65) (HKLM\...\0FEF654FC54561C3E984A0DB0704F76831FD35A2) (Version: 12/12/2012 6.0.9999.65 - Apple, Inc.)
Windows Driver Package - Broadcom (k57nd60a) Net (10/30/2013 15.6.0.14) (HKLM\...\7C9CA8A432E0A7C6153832FCFFA30579EF8427D2) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - CXT (winachsf) Modem (02/03/2010 7.80.4.63) (HKLM\...\07B690A855C6F3B41BA1827247649EC919D2F456) (Version: 02/03/2010 7.80.4.63 - CXT)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (08/06/2015 15.1.2.5) (HKLM\...\94D4ADBD3EF82E234DF58F1B9BD18B24B775A6D0) (Version: 08/06/2015 15.1.2.5 - ELAN SMBus)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (12/14/2015 15.1.2.8) (HKLM\...\6168882EA454F93FCDCE03E891193A3F56F09386) (Version: 12/14/2015 15.1.2.8 - ELAN SMBus)
Windows Driver Package - Hewlett-Packard Image (04/01/2012 08.00.00.01) (HKLM\...\61339A68E39F445DE4C300A47EAC69A31C51C993) (Version: 04/01/2012 08.00.00.01 - Hewlett-Packard)
Windows Driver Package - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (08/25/2010 8.15.10.2202) (HKLM\...\04E92E1774FD1C439D917D5BAC9589A81677C8BC) (Version: 08/25/2010 8.15.10.2202 - Intel Corporation)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...\693856C0232B92FB409DC672B23A1C42AB5883E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...\B081E57B1455374FB610EEC26F6154A8870B8859) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB (07/09/2013 9.1.9.1004) (HKLM\...\0D3177F1E077022671B9E6C22E0EE7CA9A92EDDE) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - JMicron (usbccgp) USB (07/28/2009 1.0.4.2) (HKLM\...\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - Logicool (LHidEqd) HIDClass (06/09/2015 5.90.38) (HKLM\...\9D0F3F167B773DDFAC11A04606DEC4C987EFFF7A) (Version: 06/09/2015 5.90.38 - Logicool)
Windows Driver Package - Logitech (HidUsb) HIDClass (08/31/2012 1.10.77.0) (HKLM\...\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (LEqdUsb) HIDClass (06/09/2015 5.90.38) (HKLM\...\3D88081D327A12E9348E1EADDE35513319822FE0) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) HIDClass (06/09/2015 5.90.38) (HKLM\...\DC76EF7E815182273AEA399A974A9D69D6D152D4) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Keyboard (06/09/2015 5.90.38) (HKLM\...\ECB9A872456DA502A6B195D7AEEF6FEB7355ECB6) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Mouse (06/09/2015 5.90.38) (HKLM\...\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB (11/04/2010 1.0.2.11) (HKLM\...\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Logitech DriverInterface (06/09/2015 5.90.38) (HKLM\...\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - MLK (KMWDFILTER) HIDClass (07/28/2010 6.6.6000.0) (HKLM\...\490CF824D92DA6BB45D9F15423217769BCC14ABF) (Version: 07/28/2010 6.6.6000.0 - MLK)
Windows Driver Package - RAPOO (HidUsb) HIDClass (11/30/2010 1.1.0.0) (HKLM\...\316A1A4D2C39A747662D9199884CD782691EE14D) (Version: 11/30/2010 1.1.0.0 - RAPOO)
Windows Driver Package - Screenovate Technologies Ltd. (WidockVhid) Screenovate (02/29/2016 5.0.0.501) (HKLM\...\2DF704FFC8BE30DEDE37DC61848EFD4166CF26E9) (Version: 02/29/2016 5.0.0.501 - Screenovate Technologies Ltd.)
Windows Driver Package - Sonix (SNP2UVC) Image (02/12/2010 5.8.54.008) (HKLM\...\56BAE2352D00B2AE9C3B48D84C43914BAC6C1619) (Version: 02/12/2010 5.8.54.008 - Sonix)
Windows Driver Package - Synaptics (SynTP) Mouse (02/14/2012 15.3.41.5) (HKLM\...\190C63B15D229BC6A294BE717E05905B5765F493) (Version: 02/14/2012 15.3.41.5 - Synaptics)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (10/09/2015 1.1.0000.0) (HKLM\...\B059937637538DCA2E38E5A4C00BF67BE79C335E) (Version: 10/09/2015 1.1.0000.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F196B9E-7822-4238-86C8-DF8A5FE36806} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1AB7D6F7-9D16-4155-968C-3B0E10C8ED26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-11] (Google Inc.)
Task: {2773AF30-0B0F-41B6-9285-42612D38BBCE} - \{780F7F47-0B09-0A08-0C11-7F0F7D0B110E} -> No File <==== ATTENTION
Task: {2C4F1983-311C-48D9-AF9C-7F25FFCEAD2A} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Opertaing System Transaction Task => C:\Program Files\Common Files\antexon\Dalttom.exe [2016-07-11] ()
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {33C71173-D2D4-4F8A-823E-0F23AE833053} - \Nuafti -> No File <==== ATTENTION
Task: {3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E} - \Windows 7 Manager - Logon Background Changer -> No File <==== ATTENTION
Task: {422F2228-121F-4B13-B2A9-EB31B5913A49} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {457E19F9-1642-4860-BFDC-F1736A1C2064} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {48127161-63FA-4471-80C7-1BBF0B2DF394} - \Windows 7 Manager - Free Memory -> No File <==== ATTENTION
Task: {4D37D876-256E-404D-AA6C-EB690F7D0EF5} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {5D0C04FD-4463-48F9-B0AF-BA26C437581C} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {5E5125AD-B70C-4CBA-8966-016476ABE17D} - \SUPERAntiSpyware Scheduled Task 14c1e4b0-33ed-4a41-b44d-2e66d2750e5b -> No File <==== ATTENTION
Task: {6022AC2F-BDCE-4BB6-A84D-E17D51F178E3} - System32\Tasks\Microsoft\Windows\MUI\Msectrans => Users\Bud Parker\Roundtouch\true-line.exe
Task: {6E6EA461-E140-4163-9A8B-A70AA308E593} - \Driver Support-RTMScan -> No File <==== ATTENTION
Task: {70C411B4-A80F-4EF1-B766-FE52C7BA03BF} - \cad59fc9af939f2528d349888eab9565 -> No File <==== ATTENTION
Task: {722B9063-5102-48B3-8596-ED30B06BE771} - \Trojan Killer -> No File <==== ATTENTION
Task: {84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - \Recovery Management\Burn Notification -> No File <==== ATTENTION
Task: {946D61B8-B2AE-4178-8623-6E2222066E16} - \Driver Support -> No File <==== ATTENTION
Task: {97A2E49F-9200-4A91-989F-82A0B674CF14} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {A1D89EEA-B491-4D35-BF74-2B93D6331E2C} - \Fucsybf -> No File <==== ATTENTION
Task: {AB3A406B-B85B-4BA6-83D4-991886A8D0E5} - \SUPERAntiSpyware Scheduled Task c03db66b-2d05-4c7b-b797-ccf0a7404475 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5} - \Driver Booster SkipUAC (Bud Parker) -> No File <==== ATTENTION
Task: {BA6E7936-A908-495B-847F-E63F4C29AA10} - \TweakBit\Driver Updater\Time for deal -> No File <==== ATTENTION
Task: {BEA20225-2DC6-4B22-B6D8-D6719B7A4402} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-11] (Google Inc.)
Task: {C79AB5FD-ED63-4F53-98CD-B2048F360540} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-07-07] (Greatis Software)
Task: {CE95725C-6C29-40F8-94DA-FC9D8A311A0C} - \Driver Support-RTMScanRunOnce -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DA9841BD-4240-4FA0-9BA1-D60E90652432} - \TweakBit\PCSpeedUp\Start PCSpeedUp automatic scanning -> No File <==== ATTENTION
Task: {DE75F9E7-9F26-4CCC-B78B-AED5A733B446} - System32\Tasks\Microsoft\Windows\Media Center\SecurityCenterUpdate => C:\Users\Bud Parker\Roundhigh\Plexway.exe [2016-07-11] ()
Task: {EAF6FEA9-3B9C-4E7F-92B5-A29E11C3DB39} - \{BFABA680-077A-48B9-9010-C0C972D9D50F} -> No File <==== ATTENTION
Task: {F10F5315-42D1-42CA-A469-971541F574A8} - \TweakBit\PCBooster\Start PCBooster оn logon -> No File <==== ATTENTION
Task: {F62BC7C4-E170-4BF2-BE09-9251AD659D25} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Free Memory.job => C:\Program Files\Yamicsoft\Windows 7 Manager\FreeMemory.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Logon Background Changer.job => C:\Program Files\Yamicsoft\Windows 7 Manager\LogonBackgroundChanger.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 18:31 - 2013-04-24 18:20 - 02007040 _____ () C:\Program Files\Atomic Alarm Clock\timeserv.exe
2016-07-27 18:54 - 2016-07-27 18:55 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-07-28 14:30 - 2016-07-28 14:30 - 00008192 _____ () C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe
2016-07-28 14:30 - 2016-07-28 14:30 - 00008704 _____ () C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-18 18:31 - 2013-06-07 19:20 - 01875968 _____ () C:\Program Files\Atomic Alarm Clock\Clock.dll
2016-07-30 13:55 - 2016-07-28 16:05 - 00684032 _____ () C:\ProgramData\Lamzap\Lamzap.exe
2016-07-30 13:56 - 2016-07-30 13:56 - 00017920 _____ () C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
2016-03-18 18:31 - 2014-06-10 02:20 - 01609728 _____ () C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
2016-07-27 18:54 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-07-29 10:25 - 2016-07-29 10:25 - 01114136 _____ () C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5B811727 [147]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [428]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [360]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:SummaryInformation [223]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:SummaryInformation [219]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com -> hxxps://apps.driversupport.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-07-29 13:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: commitments => "C:\Program Files (x86)\cataloged\royden.exe"
MSCONFIG\startupreg: grassy => "C:\Program Files (x86)\cataloged\royden.exe"
MSCONFIG\startupreg: heald => "C:\Program Files (x86)\cataloged\royden.exe"
MSCONFIG\startupreg: IDSCCOM0SL => "C:\Program Files (x86)\EasyHotspot\idsccom_0SL.exe"
MSCONFIG\startupreg: neil => "C:\Program Files (x86)\cataloged\royden.exe"
MSCONFIG\startupreg: Pritc => C:\Users\Bud Parker\AppData\Local\Temp\00021579\casrss.exe
MSCONFIG\startupreg: recovers => "C:\Program Files (x86)\cataloged\royden.exe"
MSCONFIG\startupreg: SNUVCDSM => C:\Windows\snuvcdsm.exe
MSCONFIG\startupreg: whiner => "C:\Program Files (x86)\tai\whiner.exe"
MSCONFIG\startupreg: WINCOMKKP => "C:\Program Files (x86)\elansurfer\wincom_KKP.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{00A0CA64-A43F-4CFB-B5DF-2156BA87598F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{8FDBC06C-00FA-4E34-BD52-4F20F7FC6DE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2B23FD99-239B-4BD9-A3E0-810815804E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5F599676-02F0-44D6-B27D-924DFF873832}] => (Allow) svchost.exe
FirewallRules: [{585D81DB-B8E8-491A-BD10-F9D93DEBF3C8}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{532181D0-EBD9-4748-9941-D360B7AB2B71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99683E1B-01D4-45AA-BCF1-D01E8FE0A720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A303EC-6EA8-43D2-99FA-D697453377FD}] => (Allow) c:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{906D3DA7-9A77-45DA-8200-293F6920A9F6}] => (Block) %ProgramFiles%\CyberLink\PowerDirector11\PDR11.exe
FirewallRules: [{390217F7-C2D3-4D12-81AA-505A32697EC9}] => (Block) %ProgramFiles%\CyberLink\PowerDirector11\UACAgent.exe
FirewallRules: [{711F873D-0153-49EB-B27A-0DEAFDB18DE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{30968491-E410-4CA7-A062-CAA3ADB03907}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{9879B054-053E-4A15-AEB7-AF04FAC2D4B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C5CD2E40-540E-4F25-BFB4-86BBEEED5220}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{3BAC3C8F-4114-4229-BE90-A4EAE303173A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D50554F1-5545-4E93-9BA1-33ED014DD2D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{B8805A22-4C47-4C04-AE9C-15BD5EC04447}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{05450412-6E11-4C8C-AB3B-C9AC6C365BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{50D5D816-4BBC-4AE4-8BB2-1F87616D7812}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{512872A3-0660-44F0-BCD9-7984329AA973}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{07272250-52CC-421D-AD38-CE0FC0C29E29}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F8E584B0-14FF-478C-A2BC-A6285A09B186}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{66F7FEC8-86A5-4781-8967-5F729A47FCCB}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{AE3495E2-4C1D-4A48-9439-96BEDC6170CD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{A505376F-34B6-484D-89EA-12072D64F6FE}] => (Allow) LPort=1688
FirewallRules: [{7003A0AD-8897-4912-97C9-D5BFE439CDD2}] => (Allow) LPort=1688
FirewallRules: [TCP Query User{D9A6998F-154C-41F6-9F30-34FB69484C76}C:\backup\bud\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\backup\bud\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{F3CF72EB-96B2-444F-8BC4-796B851EDB33}C:\backup\bud\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\backup\bud\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{2DF8F17B-064A-423B-A95E-ABA95F8F4FB5}] => (Block) %ProgramFiles%\Atomic Alarm Clock\AtomicAlarmClock.exe
FirewallRules: [{3B7BBD3B-F45B-4D5C-961B-124372A48F9D}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer\GOM.EXE
FirewallRules: [{D457DB99-CB0C-482E-95F7-93003C116022}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer\GrLauncher.exe
FirewallRules: [{5D78E78E-E35B-4768-8DFF-665DEDBB651B}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock 6.exe
FirewallRules: [{FE6BFB32-6F45-4E1E-83B4-41475718EAC9}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock 6.exe
FirewallRules: [{AC487498-42A9-4484-BF61-8B4CE0AD192C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{085E7EF1-042A-420E-B569-EF6697CA4ADE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{336E446C-1793-4757-900D-6687091F32C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F852F6D3-C3E0-4FF2-B088-965792BBF2EE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C953CD7A-3F79-490D-8F24-B5F6082743ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{1251D3A8-16EB-467F-8A27-9F5077C362CC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0F37D96E-A388-42B2-8556-7473B1D48349}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{25DA3935-7913-45A0-A58D-CB6239D8C8C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F5C26BA2-30D4-40E2-8EA3-432FD0F63321}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager\LiveUpdate.exe
FirewallRules: [{EA00FA82-BF74-4AAC-8146-28D16B57C190}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager\Windows7Manager.exe
FirewallRules: [TCP Query User{5E71B5AF-53F1-45EC-A262-18DB5A10FFBE}C:\backup\bud\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\backup\bud\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query User{344CDFC4-2A22-48CD-8632-ECF9A60F4AD3}C:\backup\bud\appdata\roaming\utorrent\updates\3.4.6_42094.exe] => (Allow) C:\backup\bud\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [{9C2619F8-5977-40E1-94D1-1AC7BE33F104}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{29A70F84-B7E1-4FCF-B32A-4D90AAC1D713}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{838216BF-90FD-48FF-B254-B03701542E27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6876953-D9E4-4665-AF0D-DDEF920A5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B92FFDB-CB43-4847-866A-FF2FA7E61037}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86E9E868-A808-45E9-BD98-B5641DD5B46F}] => (Block) %ProgramFiles% (x86)\TechSmith\Snagit 10\Snagit32.exe
FirewallRules: [{A1ABB005-55BA-43A5-BADF-E0DA27EC05D2}] => (Block) %ProgramFiles% (x86)\Quintessential Player\QCDPlayer.exe
FirewallRules: [{B1B1572B-B695-4BE5-BC0B-B8AB903DF780}] => (Block) %ProgramFiles% (x86)\Quintessential Media Player\QMPlayer.exe
FirewallRules: [{8C4E2F41-6FC9-4991-9A7B-3449F8E58B61}] => (Allow) C:\Users\Bud Parker\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C4F83E17-32CF-4A79-935F-3E9523400DB6}] => (Allow) C:\Users\Bud Parker\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{42540FBF-9366-4091-8226-48423F77E3E3}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{15690439-D3C4-40C0-AA50-C40553775E81}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{A7118F06-A8FA-448C-9A5D-65BA9BA43A6C}] => (Block) %USERPROFILE%\Desktop\Portable\Portable Windows System Tools\Tweakers\WinUtilities Professional Edition 13.0\WinUtilities Professional Edition 13.0\WinUtilities.exe
FirewallRules: [{AFBE4EB3-F073-4E1F-BC3C-56AEA2BB3A6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DCC979A6-E8DF-458F-8E25-00C21CBFE3D4}] => (Allow) C:\Users\Bud Parker\AppData\Local\ddnowyes.exe
FirewallRules: [{9B3DE5B5-7918-4ADD-BA4F-653A980CEAE8}] => (Allow) C:\Users\BUDPAR~1\AppData\Local\Temp\installer1.exe
FirewallRules: [{A62C2074-3420-4F50-9382-1BA25EA3FFF5}] => (Allow) C:\Users\Bud Parker\AppData\Local\59848303.exe
FirewallRules: [{628927C8-90BA-49A8-9A54-B8B136802E6C}] => (Allow) C:\Program Files (x86)\cataloged\royden.exe
==================== Restore Points =========================
26-07-2016 21:51:21 RegRun Virus Scan
26-07-2016 22:02:26 RegRun Virus Scan
26-07-2016 22:07:10 RegRun Virus Scan
27-07-2016 07:32:34 RegRun Virus Scan
27-07-2016 07:57:37 RegRun Virus Scan
27-07-2016 08:03:25 RegRun Virus Scan
27-07-2016 08:07:42 RegRun Virus Scan
27-07-2016 08:15:07 RegRun Virus Scan
27-07-2016 10:57:21 RegRun Virus Scan
27-07-2016 11:06:30 Revo Uninstaller Pro's restore point - SUPERAntiSpyware
27-07-2016 11:13:01 Revo Uninstaller Pro's restore point - Ashampoo Internet Accelerator 3 v.3.20
27-07-2016 19:48:32 JRT Pre-Junkware Removal
28-07-2016 14:12:19 Removed Apple Application Support (32-bit)
28-07-2016 14:35:43 Restore Point Created by FRST
29-07-2016 12:30:03 Revo Uninstaller Pro's restore point - GridinSoft Anti-Malware
29-07-2016 17:57:01 Malwarebytes Anti-Rootkit Restore Point
29-07-2016 23:22:45 Malwarebytes Anti-Rootkit Restore Point
==================== Faulty Device Manager Devices =============
Name: NAVEX15
Description: NAVEX15
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVEX15
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2016 02:02:40 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/30/2016 02:02:34 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/30/2016 01:50:44 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/30/2016 01:50:38 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/30/2016 01:11:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x3ec
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
Error: (07/30/2016 01:11:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at System.Management.ManagementEventWatcher.WaitForNextEvent()
at first.Service1.checkmultipleservices(System.String[])
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (07/30/2016 12:11:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0xd9c
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
Error: (07/30/2016 12:11:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at System.Management.ManagementEventWatcher.WaitForNextEvent()
at first.Service1.checkmultipleservices(System.String[])
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (07/30/2016 12:01:33 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (07/30/2016 11:11:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x650
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
System errors:
=============
Error: (07/30/2016 02:24:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:24:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:24:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:22:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:22:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:22:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:21:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:21:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:21:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (07/30/2016 02:21:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2016-07-30 13:54:15.998
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-30 13:54:15.935
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-30 13:47:50.797
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-30 13:47:50.719
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-30 10:05:13.392
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-30 10:05:13.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-30 09:13:19.931
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-30 09:13:19.869
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-29 23:28:22.889
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-07-29 23:28:22.826
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 53%
Total physical RAM: 4025.98 MB
Available physical RAM: 1885.34 MB
Total Virtual: 8050.14 MB
Available Virtual: 5794.12 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:698.64 GB) (Free:154.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (BUD'S 32) (Fixed) (Total:30.44 GB) (Free:30.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1E15AC1C)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)
==================== End of Addition.txt ============================
Top
US Army, Retired
Posted 30 July 2016 - 02:18 PM
Start CloseProcesses: CreateRestorePoint: () C:\ProgramData\Lamzap\Lamzap.exe () C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [uTorrent] => C:\Users\Bud Parker\AppData\Roaming\uTorrent\uTorrent.exe [1988096 2016-07-21] (BitTorrent Inc.) AppInit_DLLs: C:\ProgramData\Lamzap\Vilasuntip.dll => C:\ProgramData\Lamzap\Vilasuntip.dll [363008 2016-07-30] () AppInit_DLLs-x32: C:\ProgramData\Lamzap\Truela.dll => C:\ProgramData\Lamzap\Truela.dll [257536 2016-07-30] () HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRu6YyPDKR6EnsARTPzm1MS7KiDVPajdETTOgaHJizhX9F8H8QcgbfJW8bWvpmjq_dQOMogw HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms} HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603164505l03g4z125a4872v290 HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms} HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms} SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms} SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms} SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {D8F60375-AAD4-4073-A71F-CEB79C2DA690} URL = hxxps://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=ie&language=english SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms} Toolbar: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html FF Homepage: C:\\ProgramData\\Lamzaps\\ff.HP C:\\ProgramData\\Lamzaps\\ff.HP FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\pavel.sherbakov@gmail.com [2016-07-29] R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [684032 2016-07-28] () [File not signed] R2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe [17920 2016-07-30] () [File not signed] R2 Sumdrill; C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe [8192 2016-07-28] () [File not signed] R2 Toughstreet; C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe [8704 2016-07-28] () [File not signed] 2016-07-30 13:56 - 2016-07-30 13:56 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Ronzafind 2016-07-30 13:55 - 2016-07-30 13:56 - 00000000 ____D C:\ProgramData\Lamzap 2016-07-26 08:33 - 2016-03-18 19:09 - 00000000 ____D C:\Users\Bud Parker\Downloads\Torrents CMD: ipconfig /flushdns Hosts: EmptyTemp: End
Posted 30 July 2016 - 02:28 PM
FYI, I run Windows 7. Also, the first Rkill on you list is running now.
Top
US Army, Retired
Posted 30 July 2016 - 02:31 PM
Rkill log.
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 07/30/2016 03:27:05 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe (PID: 1144) [UP-HEUR]
* C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe (PID: 2120) [UP-HEUR]
* C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe (PID: 2188) [UP-HEUR]
3 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
* Windows Defender Disabled
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
* TBS [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 07/30/2016 03:28:34 PM
Execution time: 0 hours(s), 1 minute(s), and 29 seconds(s)
This is the window that popped up when Rkill had finished.
Top
US Army, Retired
Posted 30 July 2016 - 04:46 PM
RKill doesn't remove any infections, its just stops them from running in the background so our tools will work. After you run RKill, if you reboot your system it will stop working and you wlll have to run it again, so with RKill running, go ahead and run the FRST Fix
Posted 30 July 2016 - 05:23 PM
I ran Rkill. Then I ran FRST64, which forced a reboot.
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 07/30/2016 05:59:45 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe (PID: 2084) [UP-HEUR]
* C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe (PID: 2192) [UP-HEUR]
* C:\Users\Bud Parker\AppData\Roaming\uTorrent\updates\3.4.8_42439\utorrentie.exe (PID: 4220) [UP-HEUR]
* C:\Users\Bud Parker\AppData\Roaming\uTorrent\updates\3.4.8_42439\utorrentie.exe (PID: 4272) [UP-HEUR]
* C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe (PID: 3120) [UP-HEUR]
5 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
* Windows Defender Disabled
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
* TBS [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 07/30/2016 06:02:13 PM
Execution time: 0 hours(s), 2 minute(s), and 28 seconds(s)
_______________________________________________
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Bud Parker (2016-07-30 18:02:29) Run:4
Running from C:\Users\Bud Parker\Desktop
Loaded Profiles: Bud Parker (Available Profiles: Bud Parker)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
() C:\ProgramData\Lamzap\Lamzap.exe
() C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [uTorrent] => C:\Users\Bud Parker\AppData\Roaming\uTorrent\uTorrent.exe [1988096 2016-07-21] (BitTorrent Inc.)
AppInit_DLLs: C:\ProgramData\Lamzap\Vilasuntip.dll => C:\ProgramData\Lamzap\Vilasuntip.dll [363008 2016-07-30] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\Truela.dll => C:\ProgramData\Lamzap\Truela.dll [257536 2016-07-30] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRu6YyPDKR6EnsARTPzm1MS7KiDVPajdETTOgaHJizhX9F8H8QcgbfJW8bWvpmjq_dQOMogw
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603164505l03g4z125a4872v290
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {D8F60375-AAD4-4073-A71F-CEB79C2DA690} URL = hxxps://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPInA8TFLsrglK--ZT-N_rAB4ivE_9eSa5s0w1QtefujqGY5Gg6Hfwqx8Cz7G7u2qErWrTHo&q={searchTerms}
Toolbar: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Homepage: C:\\ProgramData\\Lamzaps\\ff.HP
C:\\ProgramData\\Lamzaps\\ff.HP
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\pavel.sherbakov@gmail.com [2016-07-29]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [684032 2016-07-28] () [File not signed]
R2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe [17920 2016-07-30] () [File not signed]
R2 Sumdrill; C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe [8192 2016-07-28] () [File not signed]
R2 Toughstreet; C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe [8704 2016-07-28] () [File not signed]
2016-07-30 13:56 - 2016-07-30 13:56 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Ronzafind
2016-07-30 13:55 - 2016-07-30 13:56 - 00000000 ____D C:\ProgramData\Lamzap
2016-07-26 08:33 - 2016-03-18 19:09 - 00000000 ____D C:\Users\Bud Parker\Downloads\Torrents
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
C:\ProgramData\Lamzap\Lamzap.exe => No running process found
C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe => No running process found
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully
"C:\ProgramData\Lamzap\Vilasuntip.dll" => Value data removed successfully.
"C:\ProgramData\Lamzap\Truela.dll" => Value data removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6}" => key removed successfully
HKCR\CLSID\{629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} => key not found.
"HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D8F60375-AAD4-4073-A71F-CEB79C2DA690}" => key removed successfully
HKCR\CLSID\{D8F60375-AAD4-4073-A71F-CEB79C2DA690} => key not found.
"HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found.
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value removed successfully
HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => key not found.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
"C:\\ProgramData\\Lamzaps\\ff.HP" => not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\214rc45p.default-1469802536457\extensions\pavel.sherbakov@gmail.com => moved successfully
Lamzap => service not found.
Ronzafind => service removed successfully
Sumdrill => service removed successfully
Toughstreet => service removed successfully
C:\Users\Bud Parker\AppData\Roaming\Ronzafind => moved successfully
C:\ProgramData\Lamzap => moved successfully
C:\Users\Bud Parker\Downloads\Torrents => moved successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End ofCMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 4194304 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30910008 B
Java, Flash, Steam htmlcache => 2338 B
Windows/system/drivers => 6201623 B
Edge => 0 B
Chrome => 0 B
Firefox => 120306086 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 268 B
NetworkService => 0 B
Bud Parker => 27015137 B
RecycleBin => 261885510 B
EmptyTemp: => 429.6 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 18:03:42 ====
Now, guess what?
Top
US Army, Retired
Posted 30 July 2016 - 07:41 PM
Well, I think we are done here. I have thrown as many of our best programs at this and its like beatng a dead horse. We have used the best of the best programs that we use to remove malware and after entries and files and programs are removed they just return, so we are getting nowhere fast. There are so many markers in your logs suggesting that you downloaded a few programs via uTorrent and thats how you got into this mess. I see so many programs in Program Files and I am sure alot of them are bad but it would be impossible to check them all.
You have a few options
1. See if you can find a Restore point prior to you getting infected.
2. There also is an option to reset your computer back to manufactures defauts,
3. Format your drive and reinstall windows nice and clean. ( Do you have your windows CD or the Recovery CD that came with your computer )
Option 2 and 3 , you can get help with that in our windows forum, there more in tune with these procedures than I am.
https://forums.whatt...p?showforum=119
You can also take the computer down to a local computer shop and have them do that for you. Whatever you decide I would back up all your important documents and pictures to a USB Thumb drive or a external hard drive.
Sorry I cant offer any more help, I am totally out of ideas
Good luck with whatever you decide
Ken
Posted 01 August 2016 - 02:15 PM
Bud, I have had other experts looking over this issue and we all agree about what I posted earlier about reformating your drive and reinstalling windows nice and clean. Your computer is compromised, what that means its not to be trusted to do any online shopping with a credit card or logging in to do any online banking
This is from one of the experts that looked over your thread
If you look at the original creation date there was a bunch of garbage create around the same time
None of these look legit, so I suspect it is just creating random directories and whatever is keeping it alive resides there
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Windows\howtrans
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Users\Bud Parker\Medialam
2016-07-26 16:10 - 2016-07-26 16:10 - 00000000 ____D C:\ProgramData\Techijob
2016-07-26 16:07 - 2016-07-26 16:07 - 00000000 ____D C:\Windows\Kon-bam
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Ronlux
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Solo-job
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Common Files\Ronlux
2016-07-26 15:38 - 2016-07-26 15:45 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Canunoing
2016-07-26 15:38 - 2016-07-26 15:38 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Roundtouch
2016-07-26 13:18 - 2016-07-26 13:18 - 00000000 ____D C:\ProgramData\Stantexon
2016-07-26 13:17 - 2016-07-26 13:17 - 00000000 ____D C:\Users\Bud Parker\zunfind
2016-07-26 13:15 - 2016-07-26 13:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Toughstreet
2016-07-26 13:15 - 2016-07-26 13:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Sumdrill
2016-07-26 13:14 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Ronzafind
I think the machine is so compromised that a reformat is the wisest decision Ken <----
Register to Remove
Posted 02 August 2016 - 10:41 AM
Thanks for all your efforts on my behalf. Perhaps I was clairvoyant with my title for this posting. Please express my appreciation to all behind the scenes that assisted in my plight.
Also, my slow response times are driven by a major traffic accident my wife was involved in. She was T-boned crossing a 4 lane highway at 65mph. We are at my daughter's home convalescing due to multiple fractures in her pelvis. Tough on a 68 year old. . .
Top
US Army, Retired
Posted 02 August 2016 - 11:43 AM
Bud, I am so sorry about your wife, my prayers for a speedy recovery
Yep, had a few other people look in at this and it we where all in agreement that a reformat and reinstall of the OS would be the only way to go. There are some infections that are just a nusance and can be removed but there are also some that are so malicious that a reinstall is the only way to go, Then you will know for sure that your system is totally 100% clean.
Take care miy friend
Ken
Posted 02 August 2016 - 01:40 PM
You gave me a list of "Garbage" created around the dates of infection. I used this list and deleted many folders on that list. Others would not allow deletion. 3 in particular;
C:\Users\Bud Parker\AppData\Roaming\Toughstreet
C:\Users\Bud Parker\AppData\Roaming\Sumdrill
C:\Users\Bud Parker\AppData\Roaming\Ronzafind
(They won't show in Task Manager until you select "show processes from all users.")
I saved my registry data, cleaned the registry of many, many entries, and rebooted in "Safe Mode." Then I went to those 3 directories and deleted them easily. I also deleted C:/ProgramData/Lamzap and a few other obvious bogus directories. Rebooted in normal mode and, "Viola" it appears everything is gone. Again I cleaned the registry and rebooted.
I believe your list of directories was the key. It got me thinking, "Why can't I terminate these services?" So, I tried Safe Mode.
I will let you know if any of this comes back in a day or so. But, I think we have finally (possibly) figured out how to defeat this. Of course, that is only the portions of the damage done that is obvious. I believe, like you, that caution is required and a format and complete reinstall is necessary.
Top
US Army, Retired
Posted 02 August 2016 - 01:55 PM
From another qualified helper
Looking at your topic Ken, I don't believe that you've got a rootkit, and I think it's much more likely that it's just the sheer bulk of infected files and registry settings that are the problem.
FRST is generally very effective at removing stubborn files and will deal with most permission type problems, it also lets you know if it is unable to remove them, and I didn't see any such messages in the fixlog, so we have to assume that they were successfully removed.
What I think is most probable here, is that there are some "sleeper" files that are not being detected (probably because they're passive until some of the infection files are removed and therefore not seen as a threat), and which are replacing things when you remove the infection files.
In a situation like this you could be fishing for them for quite some time, so I'm with Jules, and I'd recommend a nuke'n'pave. It's not elegant, and you don't learn from it, but it's the quickest and surest way to give your User back a working machine.
Maybe delete these
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Windows\howtrans
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Users\Bud Parker\Medialam
2016-07-26 16:10 - 2016-07-26 16:10 - 00000000 ____D C:\ProgramData\Techijob
2016-07-26 16:07 - 2016-07-26 16:07 - 00000000 ____D C:\Windows\Kon-bam
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Ronlux
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Solo-job
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Common Files\Ronlux
2016-07-26 15:38 - 2016-07-26 15:45 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Canunoing
2016-07-26 15:38 - 2016-07-26 15:38 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Roundtouch
2016-07-26 13:18 - 2016-07-26 13:18 - 00000000 ____D C:\ProgramData\Stantexon
2016-07-26 13:17 - 2016-07-26 13:17 - 00000000 ____D C:\Users\Bud Parker\zunfind
2016-07-26 13:15 - 2016-07-26 13:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Toughstreet
2016-07-26 13:15 - 2016-07-26 13:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Sumdrill
2016-07-26 13:14 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Ronzafind
0 members, 1 guests, 0 anonymous users