FRST & Additions Log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Bud Parker (administrator) on BUDS-GATEWAY (02-08-2016 16:48:09)
Running from C:\Users\Bud Parker\Desktop
Loaded Profiles: Bud Parker (Available Profiles: Bud Parker)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...arbar-recovery-
scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Atomic Alarm Clock\timeserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sonix Technology Co., Ltd.) C:\Windows\PLFSetL.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Savard Software) C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-14] (Realtek
Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960
2009-08-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics
Incorporated)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2010-02-12] (Sonix Technology Co., Ltd.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System
Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup
\BackupManagerTray.exe [244480 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03]
(CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft
Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22]
(Hewlett-Packard)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-
07-28] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm
Clock\AtomicAlarmClock.exe [1609728 2014-06-10] ()
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows
\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-03-21] (Microsoft
Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS
Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
(EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows
\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows
\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-28]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard
Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-07-28]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Malwarebytes)
Startup: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLaunch.lnk [2016-07-28]
ShortcutTarget: TurboLaunch.lnk -> C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe (Savard Software)
BootExecute: autocheck autochk * Partizan
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
<======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?
prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?
prd=ie&ar=msnhome
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-
SRTQR4zPSPhuTaZ17vJ3frYn59HrL-
X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRgTDPdio7v1uIDfpkb8DViG7
KGU0_HRh4gUK3tM8CYSoxzQQriMLyubxx3GW0dHOfUDP7i9
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-
SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-
MDd2zs5uzDEDtGzS4DPGqi2nyP_9w5re_qT9bZwgA5HBFj8vD3-peMK_1dk33E-jUNDHbTsKuH_H87tiM7tMjKhVx&q=
{searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603164505l03g4z125a4872v290
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://
%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-
SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-
MDd2zs5uzDEDtGzS4DPGqi2nyP_9w5re_qT9bZwgA5HBFj8vD3-peMK_1dk33E-jUNDHbTsKuH_H87tiM7tMjKhVx&q=
{searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?
p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-
X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-
MDd2zs5uzDEDtGzS4DPGqi2nyP_9w5re_qT9bZwgA5HBFj8vD3-peMK_1dk33E-jUNDHbTsKuH_H87tiM7tMjKhVx&q=
{searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?
FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.
%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-
X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-
MDd2zs5uzDEDtGzS4DPGqi2nyP_9w5re_qT9bZwgA5HBFj8vD3-peMK_1dk33E-jUNDHbTsKuH_H87tiM7tMjKhVx&q=
{searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?
sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}
&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://
%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-
SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-
MDd2zs5uzDEDtGzS4DPGqi2nyP_9w5re_qT9bZwgA5HBFj8vD3-peMK_1dk33E-jUNDHbTsKuH_H87tiM7tMjKhVx&q=
{searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6}
URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.
%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-
SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-
MDd2zs5uzDEDtGzS4DPGqi2nyP_9w5re_qT9bZwgA5HBFj8vD3-peMK_1dk33E-jUNDHbTsKuH_H87tiM7tMjKhVx&q=
{searchTerms}
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit
10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging
\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft
Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit
10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet
Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit
10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-
D2AAB95CABE3} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger
\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger
\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine
\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-1469908581429
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF Homepage: hxxps://www.startpage.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (
Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09]
(Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-23]
()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05
-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04
-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09]
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24]
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery
\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-10-01] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Extension: Tab Mix Plus - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-07-30]
FF Extension: DownThemAll! - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-07-30]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles
\z8e15hin.default-1469908581429\extensions\pavel.sherbakov@gmail.com [2016-07-30]
FF Extension: LastPass - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\extensions\support@lastpass.com [2016-07-30]
FF Extension: Add-ons Manager Context Menu - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles
\z8e15hin.default-1469908581429\extensions\amcontextmenu@loucypher.xpi [2016-07-30]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2016-07-30]
FF Extension: All Aboard - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\Extensions\@all-aboard-v1 [2016-07-30]
FF Extension: Hoxx VPN Proxy - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\Extensions\@hoxx-vpn.xpi [2016-07-30]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles
\z8e15hin.default-1469908581429\Extensions\fbp-signed@fbpurity.com.xpi [2016-07-30]
FF Extension: Webmail Ad Blocker - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\Extensions\gmailnoads@mywebber.com.xpi [2016-07-30]
FF Extension: Hotspot Shield Free VPN Proxy – Unblock Sites - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles
\z8e15hin.default-1469908581429\Extensions\hotspot-shield@anchorfree.com.xpi [2016-07-30]
FF Extension: Facebook Photo Zoom - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\Extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}.xpi [2016-07-30]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2016-07-30]
FF Extension: Adblock Plus - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\z8e15hin.default-
1469908581429\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-07-30]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web
Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-03
-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}] - C:\Program Files\Nuclear Coffee
\VideoGet\Plugins\VideoGet_FF.xpi
FF Extension: VideoGet FireFox extension - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_FF.xpi [2014-06-12]
[not signed]
FF HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program
Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[83768 2016-03-02] (Apple Inc.)
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S3 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not
signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not
signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.)
[File not signed]
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee,
Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-10-01]
(Nitro PDF Software)
S4 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2009-08-
28] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2013-12-18] (AVG)
R2 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2013-12-18] (AVG)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 AvgAMPS; "C:\Program Files (x86)\AVG\Av\avgamps.exe" [X]
S2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe shuz -f "C:\ProgramData\\Lamzap\\Lamzap.dat" -l -a
S2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
olbXgpnzyP/q/cJaoSzH4ks20/gtM/4xfwvL8jEEDT8= [X]
S2 Sumdrill; C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe 2D7J7GL7YcIv6Wi2u2YycCJjp
+008c6PgFehEJzfJryBtRyvWIcHWH6vyAtkhE90 [X]
S2 Toughstreet; C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe
2D7J7GL7YcIv6Wi2u2YycPBEedruPYQ9cAb+bYKLl0SFx9O/4ANIvM4J8erRPP+J [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [38112 2014-08-22] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-01] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [74984 2016-07-28] ()
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [31832 2016-02-22] (ELAN Microelectronic Corp.)
R3 farflt; C:\Windows\system32\drivers\farflt.sys [59776 2016-08-02] (Malwarebytes)
R0 FlashBoot; C:\Windows\System32\DRIVERS\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-14] (REALiX™)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-07-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-08-02] (Malwarebytes)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-07-26] (Greatis Software)
S3 rp24msdrv; C:\Windows\System32\drivers\rp24msdrv.sys [28416 2010-12-01] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2010-02-12] ()
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2009-08-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2009-08-28] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-29] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-09-18] (TuneUp
Software)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-11-12] (Western Digital Technologies)
R2 WinVd32; C:\Windows\WinVd32.sys [197728 2016-03-31] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs
\20090807.007\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs
\20090807.007\EX64.SYS [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S1 rcpjibrp; \??\C:\Windows\system32\drivers\rcpjibrp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-02 16:48 - 2016-08-02 16:48 - 00025851 _____ C:\Users\Bud Parker\Desktop\FRST.txt
2016-08-02 16:21 - 2016-08-02 16:21 - 00002762 _____ C:\Windows\System32\Tasks
\TuneUpUtilities_Task_BkGndMaintenance2013
2016-08-02 16:14 - 2016-08-02 16:33 - 00014389 _____ C:\Users\Bud Parker\Desktop\War Story One.txt
2016-08-02 14:00 - 2016-08-02 14:00 - 00018543 _____ C:\Users\Bud Parker\Desktop
\AfterSafeBootLamzapDeletionBackupRegistryCleaner(20160802).reg
2016-08-02 13:02 - 2016-08-02 13:02 - 00003266 _____ C:\Windows\System32\Tasks\psv_Quadsoft
2016-08-02 12:46 - 2016-08-02 12:47 - 335042738 _____ C:\Users\Bud Parker\Desktop\BackupWholeRegistry(20160802).reg
2016-08-02 12:37 - 2016-08-02 12:37 - 00003270 _____ C:\Windows\System32\Tasks\psv_Alpha-Tone
2016-08-02 12:15 - 2016-08-02 12:16 - 335114730 _____ C:\Users\Bud Parker\Desktop
\AfterLamzapDirDeleteBackupWholeRegistry(20160802).reg
2016-08-02 12:09 - 2016-08-02 12:09 - 00000146 _____ C:\Users\Bud Parker\Desktop\Lamzap installed directories Hard 2
Delete.txt
2016-08-02 11:54 - 2016-08-02 11:57 - 00000515 _____ C:\Users\Bud Parker\Desktop\Lamzap installed directories2.txt
2016-08-02 11:43 - 2016-08-02 14:40 - 00002722 _____ C:\Users\Bud Parker\Desktop\Lamzap installed directories.txt
2016-08-01 13:50 - 2016-08-01 13:50 - 00252945 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160801.zip
2016-08-01 13:50 - 2016-08-01 13:50 - 00000000 ____D C:\ProgramData\FileOpen
2016-08-01 07:34 - 2016-08-01 07:34 - 00000000 ____D C:\Program Files\Icetexon
2016-08-01 07:31 - 2016-08-01 07:31 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Faxlane
2016-07-31 22:46 - 2016-07-31 22:46 - 01358114 _____ C:\Users\Bud Parker\Desktop\AVGInstLog.cab
2016-07-31 14:26 - 2013-12-18 03:38 - 00042808 _____ (AVG) C:\Windows\system32\uxtuneup.dll
2016-07-31 14:26 - 2013-12-18 03:38 - 00035640 _____ (AVG) C:\Windows\SysWOW64\uxtuneup.dll
2016-07-31 14:21 - 2013-12-18 03:38 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe
2016-07-31 14:21 - 2013-12-18 03:38 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll
2016-07-31 14:21 - 2013-12-18 03:38 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll
2016-07-31 14:20 - 2016-07-31 14:20 - 00002196 _____ C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk
2016-07-31 14:20 - 2016-07-31 14:20 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC
TuneUp 2014.lnk
2016-07-31 14:20 - 2016-07-31 14:20 - 00002170 _____ C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk
2016-07-31 14:20 - 2016-07-31 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC
TuneUp 2014
2016-07-31 14:17 - 2016-07-31 16:26 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2016-07-31 11:14 - 2016-07-31 14:32 - 00000000 ____D C:\ProgramData\Avg
2016-07-31 10:35 - 2016-07-31 10:35 - 00000000 ____D C:\Windows\Donquote
2016-07-31 10:35 - 2016-07-31 10:35 - 00000000 ____D C:\ProgramData\Gogotouch
2016-07-31 10:34 - 2016-08-01 07:34 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-07-31 08:57 - 2016-07-31 08:57 - 06325456 _____ (ParetoLogic Inc.) C:\Users\Bud Parker\Downloads\ParetoLogic PC
Health Advisor.exe
2016-07-31 08:14 - 2016-07-31 08:14 - 00000000 ____D C:\Program Files\Fasedom
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Bud Parker (2016-08-02 16:49:04)
Running from C:\Users\Bud Parker\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-18 21:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2712942507-1312882600-3786330889-500 - Administrator - Disabled)
Bud Parker (S-1-5-21-2712942507-1312882600-3786330889-1001 - Administrator - Enabled) => C:\Users\Bud Parker
Guest (S-1-5-21-2712942507-1312882600-3786330889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2712942507-1312882600-3786330889-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be
uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems
Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atomic Alarm Clock 6.20 (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version:
12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108 - CyberLink
Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 -
CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3201.50 -
CyberLink Corp.)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Disk Doctors Windows Data Recovery 3.0.3.353 (HKLM-x32\...\Disk Doctors Windows Data Recovery_is1) (Version: - Disk
Doctors Labs Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech
Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway
Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer
Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.36.5083 - Gretech Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Printer Driver Software 13.0 Rel. 2 (HKLM\...\{F69E48F2-94B0-4272-845C-5F21F2A9815F}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
iExplorer 3.9.6.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version:
8.15.10.2555 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Magic ISO Maker v5.5 (build 0276) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0276)) (Version: - )
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 -
Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version:
0.9.15.416 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 -
Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version:
12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 -
Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version:
3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE})
(Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4})
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4})
(Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
(Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F})
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version:
10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6})
(Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f})
(Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime
(x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{0BEFCFE0-4373-41B6-8924-85FA78C9514D}) (Version: 8.0.3.1 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
Nuclear Coffee - VideoGet (HKLM\...\VideoGet_is1) (Version: 2014 - Nuclear Coffee)
PS_SF_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_SF_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quintessential Player (HKLM-x32\...\Quintessential Player) (Version: 4.51 - Quinnware)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 -
Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek
Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version: - Greatis Software, LLC.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-
0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 -
SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super DX-Ball Deluxe (HKLM-x32\...\Super DX-Ball Deluxe) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
Togethershare Data Recovery Trial 5.8.1 (HKLM-x32\...\Togethershare Data Recovery Trial 5.8.1_is1) (Version: - Togethershare)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboLaunch 5.1.4 (HKLM-x32\...\TurboLaunch_is1) (Version: 5.1.4.5 - Savard Software)
UnHackMe 8.12 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.11.1 - SuYin)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG
Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG
Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows 7 Manager (HKLM\...\{BA2DD58B-F35E-421F-AE30-0A856AEA8B38}) (Version: 4.3.9 - Yamicsoft)
Windows Driver Package - AMD (amdkmpfd) System (08/18/2014 14.201.1006.1001) (HKLM\...
\52CC88C17478DF9A496DD7C4B6545110B51589A4) (Version: 08/18/2014 14.201.1006.1001 - AMD)
Windows Driver Package - Apple, Inc. (USBAAPL64) USB (12/12/2012 6.0.9999.65) (HKLM\...
\0FEF654FC54561C3E984A0DB0704F76831FD35A2) (Version: 12/12/2012 6.0.9999.65 - Apple, Inc.)
Windows Driver Package - Broadcom (k57nd60a) Net (10/30/2013 15.6.0.14) (HKLM\...
\7C9CA8A432E0A7C6153832FCFFA30579EF8427D2) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...
\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - CXT (winachsf) Modem (02/03/2010 7.80.4.63) (HKLM\...
\07B690A855C6F3B41BA1827247649EC919D2F456) (Version: 02/03/2010 7.80.4.63 - CXT)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (08/06/2015 15.1.2.5) (HKLM\...
\94D4ADBD3EF82E234DF58F1B9BD18B24B775A6D0) (Version: 08/06/2015 15.1.2.5 - ELAN SMBus)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (12/14/2015 15.1.2.8) (HKLM\...
\6168882EA454F93FCDCE03E891193A3F56F09386) (Version: 12/14/2015 15.1.2.8 - ELAN SMBus)
Windows Driver Package - Hewlett-Packard Image (04/01/2012 08.00.00.01) (HKLM\...
\61339A68E39F445DE4C300A47EAC69A31C51C993) (Version: 04/01/2012 08.00.00.01 - Hewlett-Packard)
Windows Driver Package - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...
\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (08/25/2010 8.15.10.2202) (HKLM\...
\04E92E1774FD1C439D917D5BAC9589A81677C8BC) (Version: 08/25/2010 8.15.10.2202 - Intel Corporation)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...
\693856C0232B92FB409DC672B23A1C42AB5883E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...
\B081E57B1455374FB610EEC26F6154A8870B8859) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB (07/09/2013 9.1.9.1004) (HKLM\...\0D3177F1E077022671B9E6C22E0EE7CA9A92EDDE)
(Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - JMicron (usbccgp) USB (07/28/2009 1.0.4.2) (HKLM\...
\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - Logicool (LHidEqd) HIDClass (06/09/2015 5.90.38) (HKLM\...
\9D0F3F167B773DDFAC11A04606DEC4C987EFFF7A) (Version: 06/09/2015 5.90.38 - Logicool)
Windows Driver Package - Logitech (HidUsb) HIDClass (08/31/2012 1.10.77.0) (HKLM\...
\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (LEqdUsb) HIDClass (06/09/2015 5.90.38) (HKLM\...
\3D88081D327A12E9348E1EADDE35513319822FE0) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) HIDClass (06/09/2015 5.90.38) (HKLM\...
\DC76EF7E815182273AEA399A974A9D69D6D152D4) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Keyboard (06/09/2015 5.90.38) (HKLM\...
\ECB9A872456DA502A6B195D7AEEF6FEB7355ECB6) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Mouse (06/09/2015 5.90.38) (HKLM\...
\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB (11/04/2010 1.0.2.11) (HKLM\...
\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Logitech DriverInterface (06/09/2015 5.90.38) (HKLM\...
\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - MLK (KMWDFILTER) HIDClass (07/28/2010 6.6.6000.0) (HKLM\...
\490CF824D92DA6BB45D9F15423217769BCC14ABF) (Version: 07/28/2010 6.6.6000.0 - MLK)
Windows Driver Package - RAPOO (HidUsb) HIDClass (11/30/2010 1.1.0.0) (HKLM\...
\316A1A4D2C39A747662D9199884CD782691EE14D) (Version: 11/30/2010 1.1.0.0 - RAPOO)
Windows Driver Package - Screenovate Technologies Ltd. (WidockVhid) Screenovate (02/29/2016 5.0.0.501) (HKLM\...
\2DF704FFC8BE30DEDE37DC61848EFD4166CF26E9) (Version: 02/29/2016 5.0.0.501 - Screenovate Technologies Ltd.)
Windows Driver Package - Sonix (SNP2UVC) Image (02/12/2010 5.8.54.008) (HKLM\...
\56BAE2352D00B2AE9C3B48D84C43914BAC6C1619) (Version: 02/12/2010 5.8.54.008 - Sonix)
Windows Driver Package - Synaptics (SynTP) Mouse (02/14/2012 15.3.41.5) (HKLM\...
\190C63B15D229BC6A294BE717E05905B5765F493) (Version: 02/14/2012 15.3.41.5 - Synaptics)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (10/09/2015 1.1.0000.0) (HKLM\...
\B059937637538DCA2E38E5A4C00BF67BE79C335E) (Version: 10/09/2015 1.1.0000.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft
Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft
Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft
Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
YouTube Downloader Pro YTD 4.8.1.0 Final (HKLM-x32\...\YouTube Downloader Pro YTD 4.8.1.0 Final4.8.1.0) (Version: 4.8.1.0 -
Friends in War)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A433567-D788-4EB4-ABA5-94DCF90D2B43} - System32\Tasks\psv_Quadsoft => /c regedit.exe /s "C:\ProgramData
\Lamzap\Lightsoft.reg" & del "C:\ProgramData\Lamzap\Lightsoft.reg" & SCHTASKS /Delete /TN "psv_Quadsoft" /F
<==== ATTENTION
Task: {0F196B9E-7822-4238-86C8-DF8A5FE36806} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files
(x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0FC5419E-E736-427C-8218-1E18DDFAA886} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:
\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {1AB7D6F7-9D16-4155-968C-3B0E10C8ED26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-11] (Google Inc.)
Task: {2773AF30-0B0F-41B6-9285-42612D38BBCE} - \{780F7F47-0B09-0A08-0C11-7F0F7D0B110E} -> No File <====
ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File
<==== ATTENTION
Task: {33C71173-D2D4-4F8A-823E-0F23AE833053} - \Nuafti -> No File <==== ATTENTION
Task: {3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E} - \Windows 7 Manager - Logon Background Changer -> No File <====
ATTENTION
Task: {422F2228-121F-4B13-B2A9-EB31B5913A49} - \GridinSoft Anti-Malware -> No File <==== ATTENTION
Task: {457E19F9-1642-4860-BFDC-F1736A1C2064} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {48127161-63FA-4471-80C7-1BBF0B2DF394} - \Windows 7 Manager - Free Memory -> No File <==== ATTENTION
Task: {4D37D876-256E-404D-AA6C-EB690F7D0EF5} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {5D0C04FD-4463-48F9-B0AF-BA26C437581C} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {5E5125AD-B70C-4CBA-8966-016476ABE17D} - \SUPERAntiSpyware Scheduled Task 14c1e4b0-33ed-4a41-b44d-
2e66d2750e5b -> No File <==== ATTENTION
Task: {6E6EA461-E140-4163-9A8B-A70AA308E593} - \Driver Support-RTMScan -> No File <==== ATTENTION
Task: {70C411B4-A80F-4EF1-B766-FE52C7BA03BF} - \cad59fc9af939f2528d349888eab9565 -> No File <==== ATTENTION
Task: {722B9063-5102-48B3-8596-ED30B06BE771} - \Trojan Killer -> No File <==== ATTENTION
Task: {84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F} - \Microsoft\Windows\Windows Activation Technologies
\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - \Recovery Management\Burn Notification -> No File <==== ATTENTION
Task: {946D61B8-B2AE-4178-8623-6E2222066E16} - \Driver Support -> No File <==== ATTENTION
Task: {97A2E49F-9200-4A91-989F-82A0B674CF14} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask ->
No File <==== ATTENTION
Task: {A1D89EEA-B491-4D35-BF74-2B93D6331E2C} - \Fucsybf -> No File <==== ATTENTION
Task: {AB3A406B-B85B-4BA6-83D4-991886A8D0E5} - \SUPERAntiSpyware Scheduled Task c03db66b-2d05-4c7b-b797-
ccf0a7404475 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <====
ATTENTION
Task: {B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5} - \Driver Booster SkipUAC (Bud Parker) -> No File <==== ATTENTION
Task: {B9FB7D10-B98B-4C9D-9FDB-7DF75A941D72} - System32\Tasks\Microsoft\Windows\Media Center
\SecurityCenterUpdate => Users\Bud Parker\Hotsolhigh\Sumdrill.exe
Task: {BA6E7936-A908-495B-847F-E63F4C29AA10} - \TweakBit\Driver Updater\Time for deal -> No File <==== ATTENTION
Task: {BEA20225-2DC6-4B22-B6D8-D6719B7A4402} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-11] (Google Inc.)
Task: {C79AB5FD-ED63-4F53-98CD-B2048F360540} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files
(x86)\UnHackMe\hackmon.exe [2016-07-07] (Greatis Software)
Task: {C9E06E60-B52A-4FB6-BEDC-0A6F41FF4431} - System32\Tasks\psv_Alpha-Tone => /c regedit.exe /s "C:\ProgramData
\Lamzap\DomLatlam.reg" & del "C:\ProgramData\Lamzap\DomLatlam.reg" & SCHTASKS /Delete /TN "psv_Alpha-
Tone" /F <==== ATTENTION
Task: {CE95725C-6C29-40F8-94DA-FC9D8A311A0C} - \Driver Support-RTMScanRunOnce -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File
<==== ATTENTION
Task: {D6EEB867-1DF0-4F34-A7AB-CED24BFBEA4C} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Opertaing System
Transaction Task => Users\Bud Parker\Geofase\zunfind.exe
Task: {DA9841BD-4240-4FA0-9BA1-D60E90652432} - \TweakBit\PCSpeedUp\Start PCSpeedUp automatic scanning -> No File
<==== ATTENTION
Task: {EAF6FEA9-3B9C-4E7F-92B5-A29E11C3DB39} - \{BFABA680-077A-48B9-9010-C0C972D9D50F} -> No File <====
ATTENTION
Task: {F10F5315-42D1-42CA-A469-971541F574A8} - \TweakBit\PCBooster\Start PCBooster оn logon -> No File <====
ATTENTION
Task: {F62BC7C4-E170-4BF2-BE09-9251AD659D25} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {FA2BA5CD-7A6C-4928-AFC7-816B68D0D8AC} - System32\Tasks\Microsoft\Windows\MUI\Msectrans => C:\Users\Bud
Parker\AppData\Roaming\Zumhow\Kon-bam.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
-> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Free Memory.job => C:\Program Files\Yamicsoft\Windows 7 Manager
\FreeMemory.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Logon Background Changer.job => C:\Program Files\Yamicsoft\Windows 7
Manager\LogonBackgroundChanger.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files
(x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\libxml2.dll
2016-03-18 18:31 - 2013-04-24 18:20 - 02007040 _____ () C:\Program Files\Atomic Alarm Clock\timeserv.exe
2016-07-27 18:54 - 2016-07-27 18:55 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE
\arwlib.dll
2013-12-18 03:38 - 2013-12-18 03:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared
\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office
\Office14\1033\GrooveIntlResource.dll
2016-03-18 18:31 - 2013-06-07 19:20 - 01875968 _____ () C:\Program Files\Atomic Alarm Clock\Clock.dll
2016-03-18 18:31 - 2014-06-10 02:20 - 01609728 _____ () C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
2016-07-27 18:54 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls
\qtquickcontrolsplugin.dll
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup
\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup
\ACE.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-07-30 15:39 - 2016-07-30 15:39 - 01114136 _____ () C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles
\z8e15hin.default-1469908581429\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared
\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office
\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5B811727 [147]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [428]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [360]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:{4c8cc155-6c1e-11d1-8e41-
00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:SummaryInformation [223]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:SummaryInformation [219]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com ->
hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com ->
hxxps://apps.driversupport.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-07-30 18:03 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bud Parker\AppData
\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5)
(ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: commitments =>
MSCONFIG\startupreg: grassy =>
MSCONFIG\startupreg: heald =>
MSCONFIG\startupreg: IDSCCOM0SL =>
MSCONFIG\startupreg: neil =>
MSCONFIG\startupreg: Pritc =>
MSCONFIG\startupreg: recovers =>
MSCONFIG\startupreg: SNUVCDSM => C:\Windows\snuvcdsm.exe
MSCONFIG\startupreg: whiner =>
MSCONFIG\startupreg: WINCOMKKP =>
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{00A0CA64-A43F-4CFB-B5DF-2156BA87598F}] => (Allow) C:\Program Files (x86)\CyberLink
\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{8FDBC06C-00FA-4E34-BD52-4F20F7FC6DE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger
\wlcsdk.exe
FirewallRules: [{2B23FD99-239B-4BD9-A3E0-810815804E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger
\msnmsgr.exe
FirewallRules: [{585D81DB-B8E8-491A-BD10-F9D93DEBF3C8}] => (Allow) C:\Program Files (x86)\Windows Live\Sync
\WindowsLiveSync.exe
FirewallRules: [{532181D0-EBD9-4748-9941-D360B7AB2B71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99683E1B-01D4-45AA-BCF1-D01E8FE0A720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A303EC-6EA8-43D2-99FA-D697453377FD}] => (Allow) c:\Program Files (x86)\Common Files\Apple\Apple
Application Support\WebKit2WebProcess.exe
FirewallRules: [{906D3DA7-9A77-45DA-8200-293F6920A9F6}] => (Block) %ProgramFiles%\CyberLink
\PowerDirector11\PDR11.exe
FirewallRules: [{390217F7-C2D3-4D12-81AA-505A32697EC9}] => (Block) %ProgramFiles%\CyberLink
\PowerDirector11\UACAgent.exe
FirewallRules: [{711F873D-0153-49EB-B27A-0DEAFDB18DE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqtra08.exe
FirewallRules: [{30968491-E410-4CA7-A062-CAA3ADB03907}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqste08.exe
FirewallRules: [{9879B054-053E-4A15-AEB7-AF04FAC2D4B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hposid01.exe
FirewallRules: [{C5CD2E40-540E-4F25-BFB4-86BBEEED5220}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpoews01.exe
FirewallRules: [{3BAC3C8F-4114-4229-BE90-A4EAE303173A}] => (Allow) C:\Program Files (x86)\common files\hp\digital
imaging\bin\hpqphotocrm.exe
FirewallRules: [{D50554F1-5545-4E93-9BA1-33ED014DD2D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqsudi.exe
FirewallRules: [{B8805A22-4C47-4C04-AE9C-15BD5EC04447}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqpsapp.exe
FirewallRules: [{05450412-6E11-4C8C-AB3B-C9AC6C365BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqpse.exe
FirewallRules: [{50D5D816-4BBC-4AE4-8BB2-1F87616D7812}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgplgtupl.exe
FirewallRules: [{512872A3-0660-44F0-BCD9-7984329AA973}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgpc01.exe
FirewallRules: [{07272250-52CC-421D-AD38-CE0FC0C29E29}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgm.exe
FirewallRules: [{F8E584B0-14FF-478C-A2BC-A6285A09B186}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgh.exe
FirewallRules: [{66F7FEC8-86A5-4781-8967-5F729A47FCCB}] => (Allow) C:\Program Files (x86)\HP\hp software update
\hpwucli.exe
FirewallRules: [{AE3495E2-4C1D-4A48-9439-96BEDC6170CD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web
printing\smartwebprintexe.exe
FirewallRules: [{A505376F-34B6-484D-89EA-12072D64F6FE}] => (Allow) LPort=1688
FirewallRules: [{7003A0AD-8897-4912-97C9-D5BFE439CDD2}] => (Allow) LPort=1688
FirewallRules: [{2DF8F17B-064A-423B-A95E-ABA95F8F4FB5}] => (Block) %ProgramFiles%\Atomic Alarm Clock
\AtomicAlarmClock.exe
FirewallRules: [{3B7BBD3B-F45B-4D5C-961B-124372A48F9D}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer
\GOM.EXE
FirewallRules: [{D457DB99-CB0C-482E-95F7-93003C116022}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer
\GrLauncher.exe
FirewallRules: [{5D78E78E-E35B-4768-8DFF-665DEDBB651B}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock
6.exe
FirewallRules: [{FE6BFB32-6F45-4E1E-83B4-41475718EAC9}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock
6.exe
FirewallRules: [{F5C26BA2-30D4-40E2-8EA3-432FD0F63321}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager
\LiveUpdate.exe
FirewallRules: [{EA00FA82-BF74-4AAC-8146-28D16B57C190}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager
\Windows7Manager.exe
FirewallRules: [{9C2619F8-5977-40E1-94D1-1AC7BE33F104}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{29A70F84-B7E1-4FCF-B32A-4D90AAC1D713}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{838216BF-90FD-48FF-B254-B03701542E27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6876953-D9E4-4665-AF0D-DDEF920A5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B92FFDB-CB43-4847-866A-FF2FA7E61037}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86E9E868-A808-45E9-BD98-B5641DD5B46F}] => (Block) %ProgramFiles% (x86)\TechSmith\Snagit
10\Snagit32.exe
FirewallRules: [{A1ABB005-55BA-43A5-BADF-E0DA27EC05D2}] => (Block) %ProgramFiles% (x86)\Quintessential Player
\QCDPlayer.exe
FirewallRules: [{42540FBF-9366-4091-8226-48423F77E3E3}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{15690439-D3C4-40C0-AA50-C40553775E81}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{AFBE4EB3-F073-4E1F-BC3C-56AEA2BB3A6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9B3DE5B5-7918-4ADD-BA4F-653A980CEAE8}] => (Allow) C:\Users\BUDPAR~1\AppData\Local\Temp
\installer1.exe
==================== Restore Points =========================
27-07-2016 11:13:01 Revo Uninstaller Pro's restore point - Ashampoo Internet Accelerator 3 v.3.20
27-07-2016 19:48:32 JRT Pre-Junkware Removal
28-07-2016 14:12:19 Removed Apple Application Support (32-bit)
28-07-2016 14:35:43 Restore Point Created by FRST
29-07-2016 12:30:03 Revo Uninstaller Pro's restore point - GridinSoft Anti-Malware
29-07-2016 17:57:01 Malwarebytes Anti-Rootkit Restore Point
29-07-2016 23:22:45 Malwarebytes Anti-Rootkit Restore Point
30-07-2016 18:02:36 Restore Point Created by FRST
31-07-2016 09:26:31 Revo Uninstaller Pro's restore point - ParetoLogic PC Health Advisor
31-07-2016 14:18:30 Installed AVG PC TuneUp 2014
01-08-2016 06:30:10 Revo Uninstaller Pro's restore point - AVG Protection
01-08-2016 09:29:50 Removed Kutools for Word
==================== Faulty Device Manager Devices =============
Name: NAVEX15
Description: NAVEX15
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVEX15
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2016 01:55:44 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 01:05:10 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 01:04:59 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 12:46:15 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 11:27:48 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 11:27:33 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 11:21:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x6f8
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
Error: (08/02/2016 11:21:37 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an
unhandled exception.
Exception Info: System.Management.ManagementException
at
System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at
System.Management.ManagementEventWatcher.WaitForNextEvent()
at first.Service1.checkmultipleservices(System.String[])
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run
(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at
System.Threading.ThreadHelper.ThreadStart()
Error: (08/02/2016 09:38:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x12d8
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
Error: (08/02/2016 09:38:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an
unhandled exception.
Exception Info: System.Management.ManagementException
at
System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at
System.Management.ManagementEventWatcher.WaitForNextEvent()
at first.Service1.checkmultipleservices(System.String[])
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run
(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at
System.Threading.ThreadHelper.ThreadStart()
System errors:
=============
Error: (08/02/2016 04:48:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:48:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:48:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:46:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:46:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:46:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2016-08-01 07:26:59.282
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-08-01 07:26:59.126
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 13:51:40.025
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 13:51:39.948
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 10:14:13.807
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 10:14:13.745
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:30:50.060
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:30:49.982
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:07:05.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:07:05.203
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 4025.98 MB
Available physical RAM: 1783.04 MB
Total Virtual: 8050.14 MB
Available Virtual: 5689.82 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:698.64 GB) (Free:141.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (BUD'S 32) (Fixed) (Total:30.44 GB) (Free:30.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1E15AC1C)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)
==================== End of Addition.txt ============================2016-07-30 18:08 - 2016-07-30 18:08 -
00000000 ____D C:\Windows\Tampholding
2016-07-30 18:07 - 2016-07-30 18:07 - 00000000 ____D C:\Windows\Bigholding
2016-07-30 16:32 - 2016-07-31 13:54 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\CrashDumps
2016-07-30 16:19 - 2016-07-30 16:19 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Lanegreen
2016-07-30 14:51 - 2016-07-30 14:51 - 00000000 ____D C:\Program Files\lineholdings
2016-07-30 14:51 - 2016-07-30 14:51 - 00000000 ____D C:\Program Files\howtrans
2016-07-30 13:55 - 2016-07-30 13:55 - 00000000 ____D C:\Program Files\Vivabecan
2016-07-30 13:49 - 2016-07-30 13:49 - 00000000 ____D C:\Program Files\Tempkix
2016-07-30 13:19 - 2016-07-30 13:19 - 02394112 _____ (Farbar) C:\Users\Bud Parker\Desktop\FRST64.exe
2016-07-30 12:40 - 2016-07-30 12:40 - 04770269 _____ C:\Users\Bud Parker\Downloads\dfsetup219.zip
2016-07-30 12:34 - 2016-07-30 12:34 - 01196480 _____ (RaMMicHaeL) C:\Users\Bud Parker\Downloads\unchecky_setup.exe
2016-07-30 12:27 - 2016-07-30 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit
Unlocker
2016-07-30 12:27 - 2016-07-30 12:27 - 00000000 ____D C:\ProgramData\IObit
2016-07-30 12:27 - 2016-07-30 12:27 - 00000000 ____D C:\Program Files (x86)\IObit
2016-07-30 11:54 - 2016-07-30 11:55 - 00000000 ____D C:\Users\Bud Parker\Desktop\Registry Backup
2016-07-30 11:53 - 2016-07-30 11:53 - 00000000 ____D C:\RegBackup
2016-07-30 11:52 - 2016-07-30 13:44 - 00000000 ____D C:\Users\Bud Parker\Desktop\tweaking.com_registry_backup_portable
2016-07-30 11:51 - 2016-07-30 11:51 - 03251071 _____ C:\Users\Bud Parker\Downloads
\tweaking.com_registry_backup_portable.zip
2016-07-30 10:30 - 2016-07-30 11:06 - 00015552 _____ C:\Users\Bud Parker\Downloads\SystemLook.txt
2016-07-30 10:29 - 2016-07-30 10:29 - 00165376 _____ C:\Users\Bud Parker\Downloads\SystemLook_x64(1).exe
2016-07-30 10:14 - 2016-07-30 10:14 - 00000000 ____D C:\Windows\zunfind
2016-07-30 09:23 - 2016-07-30 09:23 - 00165376 _____ C:\Users\Bud Parker\Desktop\SystemLook_x64.exe
2016-07-30 09:14 - 2016-07-30 09:14 - 00000000 ____D C:\Program Files\zath-trax
2016-07-30 08:20 - 2016-07-30 08:20 - 00000000 ____D C:\Users\Bud Parker\Documents\HP Photosmart Projects
2016-07-30 08:04 - 2016-08-02 16:44 - 00000000 ____D C:\Users\Bud Parker\Desktop\MALWARE Apps
2016-07-29 23:37 - 2016-07-30 13:37 - 00000000 ____D C:\i
2016-07-29 23:31 - 2016-07-29 23:31 - 00000000 ____D C:\Windows\Donelectrics
2016-07-29 18:01 - 2016-07-29 18:01 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Plextone
2016-07-29 17:12 - 2016-07-30 09:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-07-29 17:11 - 2016-07-29 17:11 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Bud Parker\Downloads\mbar-
1.09.3.1001(1).exe
2016-07-29 17:11 - 2016-07-29 17:11 - 00000000 ____D C:\Users\Bud Parker\Desktop\MBAMrootkit
2016-07-29 15:49 - 2016-07-29 15:49 - 00044070 _____ C:\ComboFix.txt
2016-07-29 15:25 - 2016-07-29 15:51 - 00000000 ____D C:\ComboFix
2016-07-29 14:31 - 2016-07-29 14:31 - 00000000 ____D C:\Windows\Ganja-lane
2016-07-29 14:31 - 2016-07-29 14:31 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Plexway
2016-07-29 10:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-29 10:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-29 10:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-29 10:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-29 10:40 - 2016-07-29 15:49 - 00000000 ____D C:\Qoobox
2016-07-29 10:39 - 2016-07-29 13:24 - 00000000 ____D C:\Windows\erdnt
2016-07-29 10:38 - 2016-07-29 10:38 - 05659746 ____R (Swearware) C:\Users\Bud Parker\Downloads\ComboFix.exe
2016-07-29 09:20 - 2016-07-29 09:20 - 02953520 _____ (AVAST Software) C:\Users\Bud Parker\Downloads\avast-browser-
cleanup.exe
2016-07-29 09:19 - 2016-07-31 10:13 - 00000000 ____D C:\AdwCleaner
2016-07-29 09:07 - 2016-07-29 09:07 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Lotzumbam
2016-07-28 23:15 - 2016-07-28 23:15 - 00000000 ____D C:\Users\Bud Parker\lineholdings
2016-07-28 21:58 - 2016-07-28 21:58 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Resontaxon
2016-07-28 21:57 - 2016-07-28 21:57 - 00000000 ____D C:\Windows\Cone-plus
2016-07-28 18:04 - 2016-07-30 10:14 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Donelectrics
2016-07-28 17:54 - 2016-07-28 17:54 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 17:54 - 2016-07-28 17:54 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 16:03 - 2016-07-29 09:43 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-28 16:02 - 2016-07-28 16:02 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-28 16:02 - 2016-07-28 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-28 16:02 - 2016-07-28 16:02 - 00000000 ____D C:\Program Files\RogueKiller
2016-07-28 16:00 - 2016-07-28 16:01 - 34626472 _____ (Adlice Software ) C:\Users\Bud Parker\Downloads\setup.exe
2016-07-28 14:22 - 2016-08-02 14:04 - 00000246 _____ C:\Windows\SysWOW64\PARTIZAN.TXT
2016-07-28 14:22 - 2016-08-02 13:49 - 00416378 _____ C:\Windows\ntbtlog.txt
2016-07-28 14:22 - 2016-07-28 14:22 - 643075160 _____ C:\Windows\MEMORY.DMP
2016-07-28 14:22 - 2016-07-28 14:22 - 00281936 _____ C:\Windows\Minidump\072816-20560-01.dmp
2016-07-28 14:22 - 2016-07-28 14:22 - 00000000 ____D C:\Windows\Minidump
2016-07-28 14:03 - 2016-07-28 14:03 - 00000000 ____D C:\Windows\Geocode
2016-07-28 12:41 - 2016-07-28 12:41 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Dongphase
2016-07-28 10:44 - 2016-07-28 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2016-07-28 10:44 - 2016-07-28 10:44 - 00000000 ____D C:\Program Files (x86)\Greatis
2016-07-28 10:35 - 2016-07-28 12:37 - 00000000 ____D C:\Users\TEMP
2016-07-28 10:27 - 2016-07-28 10:27 - 00000000 ____D C:\Windows\Flextouch
2016-07-28 10:24 - 2016-07-28 10:24 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Funlam
2016-07-28 10:05 - 2016-07-28 10:05 - 18438761 _____ C:\Users\Bud Parker\Downloads\unhackme-pdf.zip
2016-07-28 09:16 - 2016-07-28 09:16 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zumhow
2016-07-27 22:08 - 2016-07-28 12:43 - 00000217 _____ C:\Users\Bud Parker\Desktop\search,safefinder.txt
2016-07-27 19:30 - 2016-07-27 19:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Iceit
2016-07-27 19:15 - 2016-07-27 19:15 - 03712064 _____ C:\Users\Bud Parker\Downloads\AdwCleaner.exe
2016-07-27 18:54 - 2016-08-02 14:04 - 00059776 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-07-27 18:54 - 2016-07-27 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\Malwarebytes
2016-07-27 18:54 - 2016-07-27 18:54 - 00000000 ____D C:\Program Files\Malwarebytes
2016-07-27 18:24 - 2016-07-27 18:24 - 02050596 _____ C:\Users\Bud Parker\Downloads
\tweaking.com_simple_system_tweaker_portable.zip
2016-07-27 18:17 - 2016-07-27 18:18 - 37457368 _____ (Malwarebytes ) C:\Users\Bud Parker\Downloads\MBARW_Setup.exe
2016-07-27 17:43 - 2016-08-02 16:48 - 00000000 ____D C:\FRST
2016-07-27 17:39 - 2016-07-27 17:39 - 00000512 _____ C:\Users\Bud Parker\Desktop\MBR.dat
2016-07-27 16:43 - 2016-07-27 16:43 - 05198336 _____ (AVAST Software) C:\Users\Bud Parker\Downloads\aswMBR.exe
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Hexice
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zathplanet
2016-07-27 09:23 - 2016-07-27 09:23 - 22851472 _____ (Malwarebytes ) C:\Users\Bud Parker\Downloads\mbam-setup-
2.2.1.1043(1).exe
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Vivacon
2016-07-27 09:03 - 2016-07-27 09:03 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Subcorporation
2016-07-27 08:04 - 2016-07-27 08:04 - 00000000 ____D C:\Windows\unolab
2016-07-27 07:32 - 2016-07-27 10:49 - 00000000 ____D C:\Windows\Saocore
2016-07-27 07:25 - 2016-08-01 13:44 - 00001020 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-27 07:23 - 2016-07-27 07:23 - 48521840 _____ C:\Users\Bud Parker\Downloads\Firefox Setup 47.0.1.exe
2016-07-26 22:07 - 2016-07-29 12:02 - 00000000 ____D C:\@RestoreQuarantine
2016-07-26 22:02 - 2016-07-26 22:02 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zerzim
2016-07-26 22:01 - 2016-07-26 22:01 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zaamcom
2016-07-26 21:57 - 2016-07-27 08:53 - 00002093 _____ C:\Windows\system32\Partizan.RRI
2016-07-26 17:50 - 2016-07-26 17:50 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Refind
2016-07-26 17:49 - 2016-07-26 17:49 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\J-bela
2016-07-26 16:36 - 2016-07-31 08:36 - 00000000 ____D C:\ProgramData\RegRun
2016-07-26 16:34 - 2016-07-26 16:34 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2016-07-26 16:33 - 2016-08-01 21:48 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-07-26 16:33 - 2016-07-28 10:44 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-07-26 16:33 - 2016-07-27 11:04 - 00003342 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2016-07-26 16:33 - 2016-07-26 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-07-26 16:33 - 2016-07-07 13:06 - 00015016 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers
\UnHackMeDrv.sys
2016-07-26 16:33 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-07-26 16:30 - 2016-07-26 16:31 - 18064897 _____ C:\Users\Bud Parker\Downloads\unhackme.zip
2016-07-26 15:14 - 2016-07-26 15:14 - 03712064 _____ C:\Users\Bud Parker\Downloads\adwcleaner_5.201.exe
2016-07-26 11:18 - 2016-07-26 11:19 - 52437728 _____ (Microsoft Corporation) C:\Users\Bud Parker\Downloads\Windows-
KB890830-x64-V5.38.exe
2016-07-26 10:58 - 2016-07-26 10:58 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-07-26 09:47 - 2016-07-26 12:33 - 00000000 ____D C:\Windows\SysWOW64\databases-incognito
2016-07-26 09:10 - 2016-07-26 09:10 - 07105536 _____ C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:10 - 2016-07-26 09:10 - 00018432 _____ C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-07-26 09:07 - 2016-07-26 09:07 - 00031411 _____ C:\Windows\cad59fc9af939f2528d349888eab9565.ps1
2016-07-26 09:06 - 2016-07-27 10:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Apps\2.0
2016-07-26 09:06 - 2016-07-26 09:06 - 00129024 _____ C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-26 08:51 - 2016-07-26 08:51 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\c
2016-07-26 08:50 - 2016-07-29 08:28 - 00000000 ___HD C:\Program Files (x86)\tai
2016-07-24 20:44 - 2016-07-24 20:44 - 08677830 _____ C:\Users\Bud Parker\Downloads\Sharkmouth AH-1G's in Vietnam
(Récupéré).pdf
2016-07-24 20:44 - 2016-07-24 20:44 - 04353501 _____ C:\Users\Bud Parker\Downloads\68-17365 Rod Willis Loach 2nd
Draft.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 03203865 _____ C:\Users\Bud Parker\Downloads\Loaches of the 4th cav 1st sqn D
trp.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 02355380 _____ C:\Users\Bud Parker\Downloads\Miss Claude IV 1st update.pdf
2016-07-24 20:42 - 2016-07-24 20:43 - 02194618 _____ C:\Users\Bud Parker\Downloads\C Troop 16th Cav.pdf
2016-07-24 19:47 - 2016-07-24 20:37 - 00000000 ____D C:\Users\Bud Parker\Desktop\Stewart
2016-07-24 16:09 - 2016-08-02 14:06 - 00000294 _____ C:\Windows\Tasks\Windows 7 Manager - Free Memory.job
2016-07-24 15:24 - 2016-07-25 13:35 - 02713066 _____ C:\Users\Bud Parker\Desktop\EMS Claim DotDot.pdf
2016-07-24 14:15 - 2016-07-24 14:14 - 06901516 _____ C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
Security Scan Plus
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-07-23 22:14 - 2016-07-23 22:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-07-23 10:29 - 2016-07-23 10:29 - 00002170 _____ C:\Users\Bud Parker\Desktop\GREAT TRUTHS THAT LITTLE
CHILDREN HAVE LEARNED.txt
2016-07-20 17:03 - 2016-07-20 17:05 - 00014357 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 1 July to 20 July
16.xlsm
2016-07-20 16:38 - 2016-07-20 17:05 - 00013225 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 21 Jun to 20 July
16.xlsm
2016-07-20 11:29 - 2016-07-20 11:30 - 00279521 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160720.zip
2016-07-20 11:28 - 2016-07-20 11:28 - 00084009 _____ C:\Users\Bud Parker\Documents\Dorothy Appt 8 Aug 16.pdf
2016-07-20 11:27 - 2016-07-20 11:27 - 00083178 _____ C:\Users\Bud Parker\Documents\Appt Dot.pdf
2016-07-19 12:27 - 2016-07-28 09:11 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-19 12:27 - 2016-07-19 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-19 12:26 - 2016-07-19 12:27 - 00000000 ____D C:\Program Files\iTunes
2016-07-19 12:16 - 2016-07-28 09:11 - 00001806 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-07-19 12:16 - 2016-07-19 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-19 08:54 - 2016-07-19 08:54 - 00014249 _____ C:\Users\Bud Parker\Documents\On Sheep.txt
2016-07-17 21:40 - 2016-07-17 21:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\DiskAid
2016-07-16 21:02 - 2016-07-16 21:03 - 00206885 _____ C:\Users\Bud Parker\Downloads\militarycallsignlist-apr09.pdf
2016-07-16 09:58 - 2016-07-16 09:58 - 00279514 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160716.zip
2016-07-16 09:58 - 2016-07-16 09:58 - 00043839 _____ C:\Users\Bud Parker\Desktop\Dot Health Summary.pdf
2016-07-15 11:15 - 2016-07-15 12:04 - 00014455 _____ C:\Users\Bud Parker\Documents\Dot Med Schedule.xlsx
2016-07-14 22:19 - 2016-08-02 14:08 - 00000000 ____D C:\Users\Bud Parker\Documents\RegRun2
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\winstart.bat
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-07-14 12:18 - 2016-06-11 01:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 23:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 12:18 - 2016-06-10 16:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 12:18 - 2016-06-10 16:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 12:18 - 2016-06-10 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 16:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 12:18 - 2016-06-10 16:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 16:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 12:18 - 2016-06-10 16:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 12:18 - 2016-06-10 16:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 12:18 - 2016-06-10 16:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 16:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 12:18 - 2016-06-10 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 12:18 - 2016-06-10 16:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 15:53 - 00968704 _____ (Microsoft Corporation) C:\Windows
\system32\MsSpellCheckingFacility.exe
2016-07-14 12:18 - 2016-06-10 15:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 15:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 12:18 - 2016-06-10 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows
\system32\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 15:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 12:18 - 2016-06-10 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 12:18 - 2016-06-10 15:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 15:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 15:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 12:18 - 2016-06-10 15:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 12:18 - 2016-06-10 15:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 12:18 - 2016-06-10 15:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 15:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 15:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 14:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 12:18 - 2016-06-10 14:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 12:18 - 2016-06-10 14:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 12:18 - 2016-06-10 14:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 14:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 12:18 - 2016-06-10 13:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 13:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 13:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 12:18 - 2016-06-10 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 13:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows
\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 13:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 12:18 - 2016-06-10 13:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 12:18 - 2016-06-10 13:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 13:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 13:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 12:18 - 2016-06-10 13:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 12:18 - 2016-06-10 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 12:18 - 2016-06-10 13:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 13:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 12:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 12:18 - 2016-06-10 12:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 12:18 - 2016-06-10 12:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 12:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 09:08 - 2016-06-25 14:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 09:08 - 2016-06-25 14:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 09:08 - 2016-06-25 14:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 09:07 - 2016-06-25 19:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 09:07 - 2016-06-25 19:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 09:07 - 2016-06-22 08:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 09:00 - 2016-06-14 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 08:40 - 2016-07-14 08:42 - 00000000 ____D C:\Users\Bud Parker\Desktop\Dot Wheel Chair
2016-07-14 07:28 - 2016-07-14 07:29 - 00690584 _____ (Dropbox, Inc.) C:\Users\Bud Parker\Downloads\DropboxInstaller.exe
2016-07-13 21:49 - 2016-07-13 22:00 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-13 20:16 - 2016-07-13 20:14 - 00549120 _____ C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg
2016-07-12 12:50 - 2016-07-13 22:24 - 00000000 ____D C:\Users\Bud Parker\Desktop\Sentra Wreck 11 Jul 16
2016-07-09 20:33 - 2016-07-09 20:33 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\HP
2016-07-09 13:18 - 2016-07-09 13:18 - 00000251 _____ C:\Users\Bud Parker\Documents\Toshiba Laptop Error Message.txt
2016-07-06 11:12 - 2016-07-06 11:12 - 01712693 _____ C:\Users\Bud Parker\Desktop\Sanatize Poultry Water.pdf
2016-07-04 10:34 - 2016-07-04 10:56 - 00002751 _____ C:\Users\Bud Parker\Documents\Railroad.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-02 16:05 - 2016-06-12 07:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\Malwarebytes Anti-Exploit
2016-08-02 16:05 - 2016-06-12 07:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-08-02 15:59 - 2016-06-11 10:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-02 15:03 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\NBC
2016-08-02 14:13 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-02 14:13 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-
5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-02 14:06 - 2016-06-11 10:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-02 14:04 - 2016-06-10 10:34 - 00217328 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-02 14:04 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-02 14:03 - 2016-03-18 21:24 - 00240251 ____H C:\Users\Bud Parker\AppData\Roaming\TurboLaunch_IconCache.dat
2016-08-02 13:41 - 2016-03-18 18:46 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Downloaded Installations
2016-08-02 13:39 - 2016-03-18 17:32 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Thinstall
2016-08-02 13:16 - 2009-07-14 00:13 - 00782248 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-02 13:16 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-08-02 12:41 - 2016-03-18 16:27 - 00000000 ____D C:\Users\Bud Parker
2016-08-01 13:59 - 2016-06-20 10:09 - 00000000 ____D C:\Users\Bud Parker\AppData\LocalLow\LastPass
2016-08-01 09:30 - 2016-06-24 19:25 - 00000000 ____D C:\Program Files\Kutools for Word
2016-08-01 07:34 - 2016-04-02 11:32 - 00000000 ____D C:\Program Files (x86)\AVG
2016-08-01 07:34 - 2016-04-02 10:58 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\AvgSetupLog
2016-08-01 07:34 - 2016-03-18 16:58 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla
Firefox.lnk
2016-07-31 22:41 - 2016-01-27 11:21 - 00000000 ____D C:\ProgramData\MFAData
2016-07-31 16:26 - 2016-06-21 12:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Downloaded Installations
2016-07-31 14:33 - 2016-04-02 12:45 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\TuneUp Software
2016-07-31 14:20 - 2016-04-02 12:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\AVG
2016-07-31 09:17 - 2009-08-28 06:06 - 00000000 ____D C:\ProgramData\Temp
2016-07-31 08:12 - 2016-04-30 17:21 - 00000000 ____D C:\Users\Bud Parker\Movies
2016-07-30 14:56 - 2016-03-18 18:48 - 00000000 ____D C:\Users\Bud Parker\Desktop\Old Firefox Data
2016-07-30 12:04 - 2016-06-13 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\DisableStartup
2016-07-30 08:27 - 2016-07-02 21:59 - 00000000 ____D C:\Users\Bud Parker\Documents\Timesheets, Walsh
2016-07-29 22:03 - 2016-04-01 21:06 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-29 15:42 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-07-29 13:27 - 2016-03-21 18:47 - 00000000 ____D C:\Users\Recovered Data
2016-07-29 13:19 - 2009-07-13 21:34 - 95158272 _____ C:\Windows\system32\config\software.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 22806528 _____ C:\Windows\system32\config\system.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2016-07-29 13:19 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2016-07-29 13:18 - 2009-07-13 21:34 - 37224448 _____ C:\Windows\system32\config\components.bak
2016-07-29 11:01 - 2016-06-05 15:00 - 00000000 ____D C:\Users\Bud Parker\Desktop\Pickup Truck Music
2016-07-29 08:28 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\Portable
2016-07-28 14:36 - 2016-03-18 21:09 - 00000000 ___SD C:\Users\Bud Parker\AppData\LocalLow\Temp
2016-07-28 09:12 - 2016-06-11 10:25 - 00002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google
Earth.lnk
2016-07-28 09:12 - 2016-03-19 16:01 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple
Software Update.lnk
2016-07-28 09:12 - 2016-03-18 21:24 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\TurboLaunch.lnk
2016-07-28 09:12 - 2016-03-18 18:47 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro
8.lnk
2016-07-28 09:12 - 2016-03-18 16:41 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft
Office PowerPoint Viewer 2007.lnk
2016-07-28 09:12 - 2016-03-18 16:40 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft
Works Task Launcher.lnk
2016-07-28 09:12 - 2009-08-28 06:05 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
Reader 9.lnk
2016-07-28 09:12 - 2009-08-28 05:33 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media
Center.lnk
2016-07-28 09:12 - 2009-08-28 05:33 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows
DVD Maker.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows
Media Player.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows
Anytime Upgrade.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-28 09:12 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS
Viewer.lnk
2016-07-28 09:12 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows
Fax and Scan.lnk
2016-07-28 09:11 - 2016-06-27 20:39 - 00001120 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-07-28 09:11 - 2016-06-24 19:19 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2016-07-28 09:11 - 2016-06-24 10:48 - 00001038 _____ C:\Users\Bud Parker\Desktop\Folder Lock 6.lnk
2016-07-28 09:11 - 2016-03-20 16:50 - 00001138 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu
\Super DX-Ball Deluxe.lnk
2016-07-28 09:11 - 2016-03-19 16:41 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-07-28 09:11 - 2016-03-19 06:34 - 00001150 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu
\GOM Player.lnk
2016-07-28 09:11 - 2014-12-11 13:27 - 00000355 _____ C:\Users\Bud Parker\Desktop\Computer.lnk
2016-07-28 09:11 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-28 09:11 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-28 02:46 - 2016-06-12 07:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-27 21:06 - 2016-06-10 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-27 20:28 - 2016-06-10 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\Malwarebytes Anti-Malware
2016-07-27 19:52 - 2016-04-18 11:29 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\CrashRpt
2016-07-27 18:54 - 2016-01-21 23:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-27 07:27 - 2016-03-18 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-27 07:25 - 2016-06-28 10:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-26 22:15 - 2016-03-22 19:27 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-26 09:23 - 2016-06-09 22:49 - 00000000 ____D C:\Windows\system32\SSL
2016-07-24 14:17 - 2016-03-18 19:01 - 00000000 ___RD C:\Users\Bud Parker\Documents\Scanned Documents
2016-07-23 22:52 - 2016-04-16 20:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\ElevatedDiagnostics
2016-07-23 22:14 - 2016-03-29 20:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows
\SysWOW64\FlashPlayerApp.exe
2016-07-23 22:14 - 2016-03-29 20:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows
\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-23 22:14 - 2016-03-29 20:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Adobe
2016-07-23 22:14 - 2014-12-21 21:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-23 22:14 - 2009-08-28 06:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-23 12:41 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Bud Parker\Documents\My Downloaded Video
2016-07-22 09:25 - 2016-03-21 10:20 - 00000000 __RSD C:\Users\Bud Parker\Desktop\Facebook Icons
2016-07-21 13:23 - 2016-03-26 21:35 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-20 11:27 - 2016-04-15 22:36 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Nitro PDF
2016-07-19 12:26 - 2016-04-18 13:09 - 00000000 ____D C:\Program Files\iPod
2016-07-19 12:19 - 2016-03-05 17:31 - 00000000 ____D C:\ProgramData\Apple
2016-07-19 12:16 - 2016-03-19 16:01 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-07-19 02:02 - 2016-03-21 20:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Portable Programs
2016-07-16 02:03 - 2016-06-25 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs
\EasyWorship
2016-07-16 02:03 - 2016-06-22 12:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Driver Support
2016-07-16 02:03 - 2016-03-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC
Registry Cleaner
2016-07-14 22:38 - 2009-08-28 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Recovery Management
2016-07-14 21:00 - 2009-07-13 23:45 - 00468856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 20:59 - 2016-03-27 03:37 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 20:59 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 20:57 - 2016-03-22 19:27 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 19:04 - 2016-06-13 08:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\vlc
2016-07-03 19:47 - 2016-05-09 21:27 - 00006999 _____ C:\Users\Bud Parker\Documents\A Soldier Died Today.odt
==================== Files in the root of some directories =======
2014-06-11 13:21 - 2014-04-25 04:55 - 0011560 _____ () C:\Program Files (x86)\COPYING.Apachev2
2014-06-11 13:21 - 2014-04-25 04:55 - 0025859 _____ () C:\Program Files (x86)\COPYING.LGPLv2
2014-06-11 13:21 - 2014-04-25 04:55 - 0007820 _____ () C:\Program Files (x86)\COPYING.LGPLv3
2016-07-26 09:10 - 2016-07-26 09:10 - 7105536 _____ () C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:06 - 2016-07-26 09:06 - 0129024 _____ () C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-31 08:58 - 2016-07-31 09:12 - 0000115 _____ () C:\Users\Bud Parker\AppData\Roaming\LogFile.txt
2016-07-26 09:10 - 2016-07-26 09:10 - 0018432 _____ () C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-03-31 16:57 - 2016-03-31 16:58 - 0000990 ___SH () C:\Users\Bud Parker\AppData\Roaming\systemfl.$dk
2016-03-21 21:14 - 2016-03-24 00:13 - 0000097 _____ () C:\Users\Bud Parker\AppData\Roaming\WB.CFG
2016-03-19 06:50 - 2016-03-31 16:35 - 0000700 ___SH () C:\Users\Bud Parker\AppData\Local\systemFL7.dat
2016-03-19 16:35 - 2016-05-15 11:00 - 0003594 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Bud Parker\AppData\Local\temp\libeay32.dll
C:\Users\Bud Parker\AppData\Local\temp\msvcr120.dll
C:\Users\Bud Parker\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-07-24 15:02
==================== End of FRST.txt ============================
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Bud Parker (2016-08-02 16:49:04)
Running from C:\Users\Bud Parker\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-18 21:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2712942507-1312882600-3786330889-500 - Administrator - Disabled)
Bud Parker (S-1-5-21-2712942507-1312882600-3786330889-1001 - Administrator - Enabled) => C:\Users\Bud Parker
Guest (S-1-5-21-2712942507-1312882600-3786330889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2712942507-1312882600-3786330889-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be
uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems
Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atomic Alarm Clock 6.20 (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version:
12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108 - CyberLink
Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 -
CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3201.50 -
CyberLink Corp.)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Disk Doctors Windows Data Recovery 3.0.3.353 (HKLM-x32\...\Disk Doctors Windows Data Recovery_is1) (Version: - Disk
Doctors Labs Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech
Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway
Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer
Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.36.5083 - Gretech Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Printer Driver Software 13.0 Rel. 2 (HKLM\...\{F69E48F2-94B0-4272-845C-5F21F2A9815F}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
iExplorer 3.9.6.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version:
8.15.10.2555 - Intel Corporation)
IObit Unlocker (HKLM-x32\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Magic ISO Maker v5.5 (build 0276) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0276)) (Version: - )
Malwarebytes Anti-Exploit version 1.8.1.2572 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2572 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 -
Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.15.416 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version:
0.9.15.416 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 -
Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version:
12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 -
Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version:
3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE})
(Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4})
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4})
(Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
(Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F})
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version:
10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5})
(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6})
(Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f})
(Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime
(x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{0BEFCFE0-4373-41B6-8924-85FA78C9514D}) (Version: 8.0.3.1 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
Nuclear Coffee - VideoGet (HKLM\...\VideoGet_is1) (Version: 2014 - Nuclear Coffee)
PS_SF_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_SF_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quintessential Player (HKLM-x32\...\Quintessential Player) (Version: 4.51 - Quinnware)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 -
Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek
Semiconductor Corp.)
RegRun Reanimator (HKLM-x32\...\UnHackMe Update - Reanimator_is1) (Version: - Greatis Software, LLC.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-
0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 -
SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super DX-Ball Deluxe (HKLM-x32\...\Super DX-Ball Deluxe) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
Togethershare Data Recovery Trial 5.8.1 (HKLM-x32\...\Togethershare Data Recovery Trial 5.8.1_is1) (Version: - Togethershare)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboLaunch 5.1.4 (HKLM-x32\...\TurboLaunch_is1) (Version: 5.1.4.5 - Savard Software)
UnHackMe 8.12 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.11.1 - SuYin)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG
Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG
Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows 7 Manager (HKLM\...\{BA2DD58B-F35E-421F-AE30-0A856AEA8B38}) (Version: 4.3.9 - Yamicsoft)
Windows Driver Package - AMD (amdkmpfd) System (08/18/2014 14.201.1006.1001) (HKLM\...
\52CC88C17478DF9A496DD7C4B6545110B51589A4) (Version: 08/18/2014 14.201.1006.1001 - AMD)
Windows Driver Package - Apple, Inc. (USBAAPL64) USB (12/12/2012 6.0.9999.65) (HKLM\...
\0FEF654FC54561C3E984A0DB0704F76831FD35A2) (Version: 12/12/2012 6.0.9999.65 - Apple, Inc.)
Windows Driver Package - Broadcom (k57nd60a) Net (10/30/2013 15.6.0.14) (HKLM\...
\7C9CA8A432E0A7C6153832FCFFA30579EF8427D2) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive (08/11/2013 2.3.72.0) (HKLM\...
\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - CXT (winachsf) Modem (02/03/2010 7.80.4.63) (HKLM\...
\07B690A855C6F3B41BA1827247649EC919D2F456) (Version: 02/03/2010 7.80.4.63 - CXT)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (08/06/2015 15.1.2.5) (HKLM\...
\94D4ADBD3EF82E234DF58F1B9BD18B24B775A6D0) (Version: 08/06/2015 15.1.2.5 - ELAN SMBus)
Windows Driver Package - ELAN SMBus (ETDSMBus) System (12/14/2015 15.1.2.8) (HKLM\...
\6168882EA454F93FCDCE03E891193A3F56F09386) (Version: 12/14/2015 15.1.2.8 - ELAN SMBus)
Windows Driver Package - Hewlett-Packard Image (04/01/2012 08.00.00.01) (HKLM\...
\61339A68E39F445DE4C300A47EAC69A31C51C993) (Version: 04/01/2012 08.00.00.01 - Hewlett-Packard)
Windows Driver Package - Intel (NETwNs64) net (01/22/2012 14.3.2.1) (HKLM\...
\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display (08/25/2010 8.15.10.2202) (HKLM\...
\04E92E1774FD1C439D917D5BAC9589A81677C8BC) (Version: 08/25/2010 8.15.10.2202 - Intel Corporation)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...
\693856C0232B92FB409DC672B23A1C42AB5883E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System (07/25/2013 9.1.9.1005) (HKLM\...
\B081E57B1455374FB610EEC26F6154A8870B8859) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB (07/09/2013 9.1.9.1004) (HKLM\...\0D3177F1E077022671B9E6C22E0EE7CA9A92EDDE)
(Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - JMicron (usbccgp) USB (07/28/2009 1.0.4.2) (HKLM\...
\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - Logicool (LHidEqd) HIDClass (06/09/2015 5.90.38) (HKLM\...
\9D0F3F167B773DDFAC11A04606DEC4C987EFFF7A) (Version: 06/09/2015 5.90.38 - Logicool)
Windows Driver Package - Logitech (HidUsb) HIDClass (08/31/2012 1.10.77.0) (HKLM\...
\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (LEqdUsb) HIDClass (06/09/2015 5.90.38) (HKLM\...
\3D88081D327A12E9348E1EADDE35513319822FE0) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) HIDClass (06/09/2015 5.90.38) (HKLM\...
\DC76EF7E815182273AEA399A974A9D69D6D152D4) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Keyboard (06/09/2015 5.90.38) (HKLM\...
\ECB9A872456DA502A6B195D7AEEF6FEB7355ECB6) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Mouse (06/09/2015 5.90.38) (HKLM\...
\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB (11/04/2010 1.0.2.11) (HKLM\...
\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Logitech DriverInterface (06/09/2015 5.90.38) (HKLM\...
\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - MLK (KMWDFILTER) HIDClass (07/28/2010 6.6.6000.0) (HKLM\...
\490CF824D92DA6BB45D9F15423217769BCC14ABF) (Version: 07/28/2010 6.6.6000.0 - MLK)
Windows Driver Package - RAPOO (HidUsb) HIDClass (11/30/2010 1.1.0.0) (HKLM\...
\316A1A4D2C39A747662D9199884CD782691EE14D) (Version: 11/30/2010 1.1.0.0 - RAPOO)
Windows Driver Package - Screenovate Technologies Ltd. (WidockVhid) Screenovate (02/29/2016 5.0.0.501) (HKLM\...
\2DF704FFC8BE30DEDE37DC61848EFD4166CF26E9) (Version: 02/29/2016 5.0.0.501 - Screenovate Technologies Ltd.)
Windows Driver Package - Sonix (SNP2UVC) Image (02/12/2010 5.8.54.008) (HKLM\...
\56BAE2352D00B2AE9C3B48D84C43914BAC6C1619) (Version: 02/12/2010 5.8.54.008 - Sonix)
Windows Driver Package - Synaptics (SynTP) Mouse (02/14/2012 15.3.41.5) (HKLM\...
\190C63B15D229BC6A294BE717E05905B5765F493) (Version: 02/14/2012 15.3.41.5 - Synaptics)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (10/09/2015 1.1.0000.0) (HKLM\...
\B059937637538DCA2E38E5A4C00BF67BE79C335E) (Version: 10/09/2015 1.1.0000.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft
Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft
Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft
Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)
YouTube Downloader Pro YTD 4.8.1.0 Final (HKLM-x32\...\YouTube Downloader Pro YTD 4.8.1.0 Final4.8.1.0) (Version: 4.8.1.0 -
Friends in War)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A433567-D788-4EB4-ABA5-94DCF90D2B43} - System32\Tasks\psv_Quadsoft => /c regedit.exe /s "C:\ProgramData
\Lamzap\Lightsoft.reg" & del "C:\ProgramData\Lamzap\Lightsoft.reg" & SCHTASKS /Delete /TN "psv_Quadsoft" /F
<==== ATTENTION
Task: {0F196B9E-7822-4238-86C8-DF8A5FE36806} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files
(x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0FC5419E-E736-427C-8218-1E18DDFAA886} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:
\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {1AB7D6F7-9D16-4155-968C-3B0E10C8ED26} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-11] (Google Inc.)
Task: {2773AF30-0B0F-41B6-9285-42612D38BBCE} - \{780F7F47-0B09-0A08-0C11-7F0F7D0B110E} -> No File <====
ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File
<==== ATTENTION
Task: {33C71173-D2D4-4F8A-823E-0F23AE833053} - \Nuafti -> No File <==== ATTENTION
Task: {3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E} - \Windows 7 Manager - Logon Background Changer -> No File <====
ATTENTION
Task: {422F2228-121F-4B13-B2A9-EB31B5913A49} - \GridinSoft Anti-Malware -> No File <==== ATTENTION
Task: {457E19F9-1642-4860-BFDC-F1736A1C2064} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {48127161-63FA-4471-80C7-1BBF0B2DF394} - \Windows 7 Manager - Free Memory -> No File <==== ATTENTION
Task: {4D37D876-256E-404D-AA6C-EB690F7D0EF5} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {5D0C04FD-4463-48F9-B0AF-BA26C437581C} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {5E5125AD-B70C-4CBA-8966-016476ABE17D} - \SUPERAntiSpyware Scheduled Task 14c1e4b0-33ed-4a41-b44d-
2e66d2750e5b -> No File <==== ATTENTION
Task: {6E6EA461-E140-4163-9A8B-A70AA308E593} - \Driver Support-RTMScan -> No File <==== ATTENTION
Task: {70C411B4-A80F-4EF1-B766-FE52C7BA03BF} - \cad59fc9af939f2528d349888eab9565 -> No File <==== ATTENTION
Task: {722B9063-5102-48B3-8596-ED30B06BE771} - \Trojan Killer -> No File <==== ATTENTION
Task: {84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F} - \Microsoft\Windows\Windows Activation Technologies
\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - \Recovery Management\Burn Notification -> No File <==== ATTENTION
Task: {946D61B8-B2AE-4178-8623-6E2222066E16} - \Driver Support -> No File <==== ATTENTION
Task: {97A2E49F-9200-4A91-989F-82A0B674CF14} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask ->
No File <==== ATTENTION
Task: {A1D89EEA-B491-4D35-BF74-2B93D6331E2C} - \Fucsybf -> No File <==== ATTENTION
Task: {AB3A406B-B85B-4BA6-83D4-991886A8D0E5} - \SUPERAntiSpyware Scheduled Task c03db66b-2d05-4c7b-b797-
ccf0a7404475 -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <====
ATTENTION
Task: {B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5} - \Driver Booster SkipUAC (Bud Parker) -> No File <==== ATTENTION
Task: {B9FB7D10-B98B-4C9D-9FDB-7DF75A941D72} - System32\Tasks\Microsoft\Windows\Media Center
\SecurityCenterUpdate => Users\Bud Parker\Hotsolhigh\Sumdrill.exe
Task: {BA6E7936-A908-495B-847F-E63F4C29AA10} - \TweakBit\Driver Updater\Time for deal -> No File <==== ATTENTION
Task: {BEA20225-2DC6-4B22-B6D8-D6719B7A4402} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2016-06-11] (Google Inc.)
Task: {C79AB5FD-ED63-4F53-98CD-B2048F360540} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files
(x86)\UnHackMe\hackmon.exe [2016-07-07] (Greatis Software)
Task: {C9E06E60-B52A-4FB6-BEDC-0A6F41FF4431} - System32\Tasks\psv_Alpha-Tone => /c regedit.exe /s "C:\ProgramData
\Lamzap\DomLatlam.reg" & del "C:\ProgramData\Lamzap\DomLatlam.reg" & SCHTASKS /Delete /TN "psv_Alpha-
Tone" /F <==== ATTENTION
Task: {CE95725C-6C29-40F8-94DA-FC9D8A311A0C} - \Driver Support-RTMScanRunOnce -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File
<==== ATTENTION
Task: {D6EEB867-1DF0-4F34-A7AB-CED24BFBEA4C} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Opertaing System
Transaction Task => Users\Bud Parker\Geofase\zunfind.exe
Task: {DA9841BD-4240-4FA0-9BA1-D60E90652432} - \TweakBit\PCSpeedUp\Start PCSpeedUp automatic scanning -> No File
<==== ATTENTION
Task: {EAF6FEA9-3B9C-4E7F-92B5-A29E11C3DB39} - \{BFABA680-077A-48B9-9010-C0C972D9D50F} -> No File <====
ATTENTION
Task: {F10F5315-42D1-42CA-A469-971541F574A8} - \TweakBit\PCBooster\Start PCBooster оn logon -> No File <====
ATTENTION
Task: {F62BC7C4-E170-4BF2-BE09-9251AD659D25} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {FA2BA5CD-7A6C-4928-AFC7-816B68D0D8AC} - System32\Tasks\Microsoft\Windows\MUI\Msectrans => C:\Users\Bud
Parker\AppData\Roaming\Zumhow\Kon-bam.exe
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
-> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash
\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Free Memory.job => C:\Program Files\Yamicsoft\Windows 7 Manager
\FreeMemory.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Logon Background Changer.job => C:\Program Files\Yamicsoft\Windows 7
Manager\LogonBackgroundChanger.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files
(x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
==================== Loaded Modules (Whitelisted) ==============
2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support
\libxml2.dll
2016-03-18 18:31 - 2013-04-24 18:20 - 02007040 _____ () C:\Program Files\Atomic Alarm Clock\timeserv.exe
2016-07-27 18:54 - 2016-07-27 18:55 - 01047520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE
\arwlib.dll
2013-12-18 03:38 - 2013-12-18 03:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared
\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office
\Office14\1033\GrooveIntlResource.dll
2016-03-18 18:31 - 2013-06-07 19:20 - 01875968 _____ () C:\Program Files\Atomic Alarm Clock\Clock.dll
2016-03-18 18:31 - 2014-06-10 02:20 - 01609728 _____ () C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
2016-07-27 18:54 - 2016-02-08 17:01 - 00759808 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls
\qtquickcontrolsplugin.dll
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup
\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup
\ACE.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-07-30 15:39 - 2016-07-30 15:39 - 01114136 _____ () C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles
\z8e15hin.default-1469908581429\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared
\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office
\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5B811727 [147]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [428]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [360]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:{4c8cc155-6c1e-11d1-8e41-
00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:SummaryInformation [223]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:SummaryInformation [219]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com ->
hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com ->
hxxps://apps.driversupport.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2016-07-30 18:03 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bud Parker\AppData
\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5)
(ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: commitments =>
MSCONFIG\startupreg: grassy =>
MSCONFIG\startupreg: heald =>
MSCONFIG\startupreg: IDSCCOM0SL =>
MSCONFIG\startupreg: neil =>
MSCONFIG\startupreg: Pritc =>
MSCONFIG\startupreg: recovers =>
MSCONFIG\startupreg: SNUVCDSM => C:\Windows\snuvcdsm.exe
MSCONFIG\startupreg: whiner =>
MSCONFIG\startupreg: WINCOMKKP =>
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{00A0CA64-A43F-4CFB-B5DF-2156BA87598F}] => (Allow) C:\Program Files (x86)\CyberLink
\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{8FDBC06C-00FA-4E34-BD52-4F20F7FC6DE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger
\wlcsdk.exe
FirewallRules: [{2B23FD99-239B-4BD9-A3E0-810815804E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger
\msnmsgr.exe
FirewallRules: [{585D81DB-B8E8-491A-BD10-F9D93DEBF3C8}] => (Allow) C:\Program Files (x86)\Windows Live\Sync
\WindowsLiveSync.exe
FirewallRules: [{532181D0-EBD9-4748-9941-D360B7AB2B71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99683E1B-01D4-45AA-BCF1-D01E8FE0A720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A303EC-6EA8-43D2-99FA-D697453377FD}] => (Allow) c:\Program Files (x86)\Common Files\Apple\Apple
Application Support\WebKit2WebProcess.exe
FirewallRules: [{906D3DA7-9A77-45DA-8200-293F6920A9F6}] => (Block) %ProgramFiles%\CyberLink
\PowerDirector11\PDR11.exe
FirewallRules: [{390217F7-C2D3-4D12-81AA-505A32697EC9}] => (Block) %ProgramFiles%\CyberLink
\PowerDirector11\UACAgent.exe
FirewallRules: [{711F873D-0153-49EB-B27A-0DEAFDB18DE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqtra08.exe
FirewallRules: [{30968491-E410-4CA7-A062-CAA3ADB03907}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqste08.exe
FirewallRules: [{9879B054-053E-4A15-AEB7-AF04FAC2D4B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hposid01.exe
FirewallRules: [{C5CD2E40-540E-4F25-BFB4-86BBEEED5220}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpoews01.exe
FirewallRules: [{3BAC3C8F-4114-4229-BE90-A4EAE303173A}] => (Allow) C:\Program Files (x86)\common files\hp\digital
imaging\bin\hpqphotocrm.exe
FirewallRules: [{D50554F1-5545-4E93-9BA1-33ED014DD2D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqsudi.exe
FirewallRules: [{B8805A22-4C47-4C04-AE9C-15BD5EC04447}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqpsapp.exe
FirewallRules: [{05450412-6E11-4C8C-AB3B-C9AC6C365BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqpse.exe
FirewallRules: [{50D5D816-4BBC-4AE4-8BB2-1F87616D7812}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgplgtupl.exe
FirewallRules: [{512872A3-0660-44F0-BCD9-7984329AA973}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqgpc01.exe
FirewallRules: [{07272250-52CC-421D-AD38-CE0FC0C29E29}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgm.exe
FirewallRules: [{F8E584B0-14FF-478C-A2BC-A6285A09B186}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin
\hpqusgh.exe
FirewallRules: [{66F7FEC8-86A5-4781-8967-5F729A47FCCB}] => (Allow) C:\Program Files (x86)\HP\hp software update
\hpwucli.exe
FirewallRules: [{AE3495E2-4C1D-4A48-9439-96BEDC6170CD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web
printing\smartwebprintexe.exe
FirewallRules: [{A505376F-34B6-484D-89EA-12072D64F6FE}] => (Allow) LPort=1688
FirewallRules: [{7003A0AD-8897-4912-97C9-D5BFE439CDD2}] => (Allow) LPort=1688
FirewallRules: [{2DF8F17B-064A-423B-A95E-ABA95F8F4FB5}] => (Block) %ProgramFiles%\Atomic Alarm Clock
\AtomicAlarmClock.exe
FirewallRules: [{3B7BBD3B-F45B-4D5C-961B-124372A48F9D}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer
\GOM.EXE
FirewallRules: [{D457DB99-CB0C-482E-95F7-93003C116022}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer
\GrLauncher.exe
FirewallRules: [{5D78E78E-E35B-4768-8DFF-665DEDBB651B}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock
6.exe
FirewallRules: [{FE6BFB32-6F45-4E1E-83B4-41475718EAC9}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock
6.exe
FirewallRules: [{F5C26BA2-30D4-40E2-8EA3-432FD0F63321}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager
\LiveUpdate.exe
FirewallRules: [{EA00FA82-BF74-4AAC-8146-28D16B57C190}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager
\Windows7Manager.exe
FirewallRules: [{9C2619F8-5977-40E1-94D1-1AC7BE33F104}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{29A70F84-B7E1-4FCF-B32A-4D90AAC1D713}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{838216BF-90FD-48FF-B254-B03701542E27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6876953-D9E4-4665-AF0D-DDEF920A5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B92FFDB-CB43-4847-866A-FF2FA7E61037}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86E9E868-A808-45E9-BD98-B5641DD5B46F}] => (Block) %ProgramFiles% (x86)\TechSmith\Snagit
10\Snagit32.exe
FirewallRules: [{A1ABB005-55BA-43A5-BADF-E0DA27EC05D2}] => (Block) %ProgramFiles% (x86)\Quintessential Player
\QCDPlayer.exe
FirewallRules: [{42540FBF-9366-4091-8226-48423F77E3E3}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{15690439-D3C4-40C0-AA50-C40553775E81}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{AFBE4EB3-F073-4E1F-BC3C-56AEA2BB3A6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{9B3DE5B5-7918-4ADD-BA4F-653A980CEAE8}] => (Allow) C:\Users\BUDPAR~1\AppData\Local\Temp
\installer1.exe
==================== Restore Points =========================
27-07-2016 11:13:01 Revo Uninstaller Pro's restore point - Ashampoo Internet Accelerator 3 v.3.20
27-07-2016 19:48:32 JRT Pre-Junkware Removal
28-07-2016 14:12:19 Removed Apple Application Support (32-bit)
28-07-2016 14:35:43 Restore Point Created by FRST
29-07-2016 12:30:03 Revo Uninstaller Pro's restore point - GridinSoft Anti-Malware
29-07-2016 17:57:01 Malwarebytes Anti-Rootkit Restore Point
29-07-2016 23:22:45 Malwarebytes Anti-Rootkit Restore Point
30-07-2016 18:02:36 Restore Point Created by FRST
31-07-2016 09:26:31 Revo Uninstaller Pro's restore point - ParetoLogic PC Health Advisor
31-07-2016 14:18:30 Installed AVG PC TuneUp 2014
01-08-2016 06:30:10 Revo Uninstaller Pro's restore point - AVG Protection
01-08-2016 09:29:50 Removed Kutools for Word
==================== Faulty Device Manager Devices =============
Name: NAVEX15
Description: NAVEX15
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVEX15
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/02/2016 01:55:44 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 01:05:10 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 01:04:59 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 12:46:15 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 11:27:48 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 11:27:33 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:
Error: (08/02/2016 11:21:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x6f8
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
Error: (08/02/2016 11:21:37 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an
unhandled exception.
Exception Info: System.Management.ManagementException
at
System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at
System.Management.ManagementEventWatcher.WaitForNextEvent()
at first.Service1.checkmultipleservices(System.String[])
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run
(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at
System.Threading.ThreadHelper.ThreadStart()
Error: (08/02/2016 09:38:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x12d8
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3
Error: (08/02/2016 09:38:31 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an
unhandled exception.
Exception Info: System.Management.ManagementException
at
System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
at
System.Management.ManagementEventWatcher.WaitForNextEvent()
at first.Service1.checkmultipleservices(System.String[])
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext,
System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run
(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at
System.Threading.ThreadHelper.ThreadStart()
System errors:
=============
Error: (08/02/2016 04:48:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:48:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:48:54 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:46:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:46:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:46:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (08/02/2016 04:44:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
CodeIntegrity:
===================================
Date: 2016-08-01 07:26:59.282
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-08-01 07:26:59.126
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 13:51:40.025
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 13:51:39.948
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 10:14:13.807
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 10:14:13.745
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:30:50.060
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:30:49.982
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:07:05.281
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
Date: 2016-07-31 08:07:05.203
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files
(x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software
change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown
source.
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 55%
Total physical RAM: 4025.98 MB
Available physical RAM: 1783.04 MB
Total Virtual: 8050.14 MB
Available Virtual: 5689.82 MB
==================== Drives ================================
Drive c: (Gateway) (Fixed) (Total:698.64 GB) (Free:141.76 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (BUD'S 32) (Fixed) (Total:30.44 GB) (Free:30.1 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1E15AC1C)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)
==================== End of Addition.txt ============================
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
