Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

LAMZAP - What is this Demon? [Solved]

Malware Virus Lamzap

  • This topic is locked This topic is locked
101 replies to this topic

#1 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 11:52 AM

I can usually tell when I do something stupid on my computer because peculiar things happen without my input.  Then, of course, you are left with trying to figure out the Damage Control measures necessary to right the wrong.

 

Lamzap has been identified on my system by two Malware programs; UnHackMe & Malwarebytes Anti-Malware.  After initiating the corrective action in each of these two (I downloaded Malwarebytes on 27 July 16, so it is the current database) I still find a Directory for it in C:/ProgramData directory.  Also a directory titled, Lamzaps.

 

I had unprotected and un-hiddened the directory C:/ProgramData and all subdirectories prior to running both malware programs and "fixing" lamzap.  Aslo, my Firefox browser start page has been hijacked and the Home Page is now, http :// search .safefinder.c om/?st=sc&q= (Search.Safefinder. Com).  I can not select another page for the home page within Firefox.  When I reopen Firefox it has reverted to the "Demon" Home Page!

 

I find almost no info on this Lamzap on line anywhere.  What is it?  How do I acquire an Magic Wand to wave over it and make it disappear?

 

Please allow my to say, "Thanks" in advance for any assistance you may provide.  I assure you I appreciate it.


Top

 

US Army, Retired

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 July 2016 - 01:02 PM

:welcome:

 

Let me see some logs so we can determine exactly whats going on

 

 

 
1QYkxTZ.jpg Please download aswMBR to your DESKTOP <<<<<
 
  •  
  • Right click the aswMBR icon and select Run as Administrator
  • XP users just Double Click it to run
  • If it says that this computer supports VIRTUALIZATION TECHNOLOGY do you want to use it say Yes
  • Click the Scan button to start scan.
  • Select Quickscan on the dropdown list
  • If you are asked to update the Avast Virus database please allow it to do so.
  • The scan could take 20 minutes or more , please be patient and let it finish
  • It will say Scan Finished when its done.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
Please download Farbar Recovery Scan Tool and save it to your DESKTOP<<<<<<
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
A simple way to check your system: Start --> Computer (right click) --> Properties
 
FRST_zps5d956a1a.jpg
 
 
  •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Just keep the defaults as in the picture checkmarked
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 03:47 PM

OK, downloading files now and I will comply with your requests.


Top

 

US Army, Retired


#4 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 04:41 PM

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-07-27 16:44:04
-----------------------------
16:44:04.498    OS Version: Windows x64 6.1.7601 Service Pack 1
16:44:04.498    Number of processors: 2 586 0x170A
16:44:04.507    ComputerName: BUDS-GATEWAY  UserName: Bud Parker
16:44:06.758    Initialize success
16:44:06.855    VM: initialized successfully
16:44:06.856    VM: Intel CPU virtualization not supported
16:58:26.518    AVAST engine defs: 16072706
17:21:19.892    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:21:19.897    Disk 0 Vendor: WDC_WD7500BPKX-00HPJT0 01.01A01 Size: 715404MB BusType: 11
17:21:20.017    Disk 0 MBR read successfully
17:21:20.021    Disk 0 MBR scan
17:21:20.070    Disk 0 Windows 7 default MBR code
17:21:20.074    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       715402 MB offset 2048
17:21:20.094    Disk 0 Boot: NTFS     code=1
17:21:20.117    Disk 0 scanning C:\Windows\system32\drivers
17:21:31.026    Service scanning
17:21:54.935    Service Toughstreet C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe **INFECTED** Win32:Adware-gen [Adw]
17:21:59.316    Modules scanning
17:21:59.327    Disk 0 trace - called modules:
17:21:59.359    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:21:59.366    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c78790]
17:21:59.373    3 CLASSPNP.SYS[fffff88000e0c43f] -> nt!IofCallDriver -> [0xfffffa8004bc2520]
17:21:59.381    5 ACPI.sys[fffff88000e5c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004bbe680]
17:22:00.756    AVAST engine scan C:\Windows
17:22:03.974    AVAST engine scan C:\Windows\system32
17:26:18.170    AVAST engine scan C:\Windows\system32\drivers
17:26:35.933    AVAST engine scan C:\Users\Bud Parker
17:39:12.751    Disk 0 MBR has been saved successfully to "C:\Users\Bud Parker\Desktop\MBR.dat"
17:39:12.761    The log file has been saved successfully to "C:\Users\Bud Parker\Desktop\aswMBR27Jul16Bud.txt"


Here is the aswMBR scan results.


Top

 

US Army, Retired


#5 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 05:06 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2016
Ran by Bud Parker (administrator) on BUDS-GATEWAY (27-07-2016 17:43:25)
Running from C:\Users\Bud Parker\Desktop
Loaded Profiles: Bud Parker (Available Profiles: Bud Parker)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Atomic Alarm Clock\timeserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe
() C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Sonix Technology Co., Ltd.) C:\Windows\PLFSetL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Savard Software) C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
() C:\ProgramData\Lamzap\Lamzap.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(AVAST Software) C:\Users\Bud Parker\Downloads\aswMBR.exe
() C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2868496 2012-02-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [99712 2010-02-12] (Sonix Technology Co., Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-08-20] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => c:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [1609728 2014-06-10] ()
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2016-03-21] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Lamzap\Zooeco.dll => C:\ProgramData\Lamzap\Zooeco.dll [363008 2016-07-27] ()
AppInit_DLLs-x32: C:\ProgramData\Lamzap\Unijob.dll => C:\ProgramData\Lamzap\Unijob.dll [257536 2016-07-27] ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-07-27]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-07-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.334\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TurboLaunch.lnk [2016-07-27]
ShortcutTarget: TurboLaunch.lnk -> C:\Program Files (x86)\TurboLaunch\TurboLaunch.exe (Savard Software)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}: [DhcpNameServer] 192.168.1.254
ManualProxies:

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9MlTM_8ZcX8IN4Qoi_tSRqr0TI6a7AeoWNB2o0nudoo0Xb2z5Z_WDAWtrdDli_Om-3pFsmlMeZ5gQ6jQkmjCGlZkolw
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273603164505l03g4z125a4872v290
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}
HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {629E37F3-5E46-44D4-7C19-EFB2C2CDC1E6} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-bd0779e2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {D8F60375-AAD4-4073-A71F-CEB79C2DA690} URL = hxxps://startpage.com/do/dsearch?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13] (TechSmith Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13] (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001 -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [2009-02-06] (Microsoft Corporation)
Handler-x32: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll [2009-08-28] (Symantec Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: StartPage - English
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.startpage.com/eng/?&hmb=1
FF Keyword.URL: hxxps://www.google.com/search?q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-02-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-10-01] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-06-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_1.xml [2016-06-28]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_10.xml [2016-07-12]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_11.xml [2016-07-14]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_12.xml [2016-07-16]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_13.xml [2016-07-17]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_14.xml [2016-07-19]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_15.xml [2016-07-21]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_16.xml [2016-07-22]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_17.xml [2016-07-24]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_18.xml [2016-07-25]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_19.xml [2016-07-26]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_2.xml [2016-06-28]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_3.xml [2016-06-29]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_4.xml [2016-06-30]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_5.xml [2016-07-01]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_6.xml [2016-07-04]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_7.xml [2016-07-05]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_8.xml [2016-07-06]
FF SearchPlugin: C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\searchplugins\Google_9.xml [2016-07-11]
FF Extension: DownThemAll! - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-05-24]
FF Extension: EmotiConverter - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\{ec77f4a0-0b26-11dd-8911-54c255d89593}.xpi [2016-05-24]
FF Extension: easyComment - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\plugins@bf-itservice.de.xpi [2016-05-24]
FF Extension: AutoCopy 2 - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\autocopy2@teo.pl.xpi [2016-05-24]
FF Extension: Disconnect - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\2.0@disconnect.me.xpi [2016-05-24]
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\fvdmedia@gmail.com [2016-06-01]
FF Extension: Tab Mix Plus - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-05]
FF Extension: View Source Chart - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}.xpi [2016-06-20]
FF Extension: LastPass - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\support@lastpass.com [2016-06-20]
FF Extension: Speed Dial [FVD] - New Tab Page, Sync... - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\pavel.sherbakov@gmail.com [2016-07-14]
FF Extension: Download Manager (S3) - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\s3download@statusbar.xpi [2016-07-14]
FF Extension: Zoom Page - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\zoompage@DW-dev.xpi [2016-07-26]
FF Extension: Emoji Keyboard - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\@emojikeyboard.xpi [2016-06-21]
FF Extension: Simple Popup Blocker - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\@simplepopupblocker.xpi [2016-05-24]
FF Extension: AdBlocker Ultimate - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-05-24]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\fbp-signed@fbpurity.com.xpi [2016-07-25]
FF Extension: Ghostery - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\firefox@ghostery.com.xpi [2016-07-09]
FF Extension: Xmarks - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\foxmarks@kei.com [2016-05-25]
FF Extension: Facebook Secret Emoticons - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\jid0-XZn6pYCdV3ANrfYigxlyyGDrxAM@jetpack.xpi [2016-05-24]
FF Extension: AdBlock for YouTube™ - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2016-07-01]
FF Extension: Beyond Australis - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\thefoxonlybetter@quicksaver.xpi [2016-06-20]
FF Extension: uBlock Origin - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\uBlock0@raymondhill.net.xpi [2016-06-24]
FF Extension: Flagfox - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2016-07-22]
FF Extension: Reader - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}.xpi [2016-07-21]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-06-20]
FF Extension: Video DownloadHelper - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-24]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2016-07-16]
FF Extension: YouTube Video Download and Convert - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi [2016-07-13]
FF Extension: Theme Font & Size Changer - C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2016-07-21]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{85E85FF9-E50C-42DE-8A3D-61485FD6C8DB}] - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_FF.xpi
FF Extension: VideoGet FireFox extension - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_FF.xpi [2014-06-12] [not signed]
FF HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)
S3 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1080080 2016-06-21] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Lamzap; C:\ProgramData\\Lamzap\\Lamzap.exe [675840 2016-07-27] () [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.334\McCHSvc.exe [293128 2016-05-31] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230920 2012-10-01] (Nitro PDF Software)
S4 Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [117640 2009-08-28] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-09-11] ()
R2 Ronzafind; C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe [17920 2016-07-27] () [File not signed]
R2 Sumdrill; C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe [8192 2016-07-26] () [File not signed]
R2 Toughstreet; C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe [8704 2016-07-26] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Greg_Service; C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [38112 2014-08-22] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S2 CDRPDACC; C:\Program Files (x86)\Quintessential Player\cdrpdacc.sys [5273 2005-12-05] (Arrowkey) [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-01] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-06-02] ()
R3 ETDSMBus; C:\Windows\System32\DRIVERS\ETDSMBus.sys [31832 2016-02-22] (ELAN Microelectronic Corp.)
R0 FlashBoot; C:\Windows\System32\DRIVERS\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-14] (REALiX™)
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17136 2009-07-29] (JMicron Technology Corp.)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-07-26] (Greatis Software)
S3 rp24msdrv; C:\Windows\System32\drivers\rp24msdrv.sys [28416 2010-12-01] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1806592 2010-02-12] ()
S1 SRTSP; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS [476720 2009-08-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS [32304 2009-08-28] (Symantec Corporation)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2015-11-12] (Western Digital Technologies)
R2 WinVd32; C:\Windows\WinVd32.sys [197728 2016-03-31] ()
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.007\ENG64.SYS [X]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.007\EX64.SYS [X]
S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [X]
S1 rcpjibrp; \??\C:\Windows\system32\drivers\rcpjibrp.sys [X]
U3 aswMBR; \??\C:\Users\BUDPAR~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\BUDPAR~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 17:43 - 2016-07-27 17:45 - 00032277 _____ C:\Users\Bud Parker\Desktop\FRST.txt
2016-07-27 17:43 - 2016-07-27 17:43 - 00000000 ____D C:\FRST
2016-07-27 17:39 - 2016-07-27 17:39 - 00002082 _____ C:\Users\Bud Parker\Desktop\aswMBR27Jul16Bud.txt
2016-07-27 17:39 - 2016-07-27 17:39 - 00000512 _____ C:\Users\Bud Parker\Desktop\MBR.dat
2016-07-27 16:50 - 2016-07-27 16:46 - 02394112 _____ (Farbar) C:\Users\Bud Parker\Desktop\FRST64.exe
2016-07-27 16:45 - 2016-07-27 16:46 - 02394112 _____ (Farbar) C:\Users\Bud Parker\Downloads\FRST64.exe
2016-07-27 16:43 - 2016-07-27 16:43 - 05198336 _____ (AVAST Software) C:\Users\Bud Parker\Downloads\aswMBR.exe
2016-07-27 13:43 - 2016-07-27 13:43 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\Windows\kongreen
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\Users\Bud Parker\Lamdex
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Hexice
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\ProgramData\Lamzaps
2016-07-27 13:43 - 2016-07-27 13:43 - 00000000 ____D C:\ProgramData\Lamzap
2016-07-27 13:42 - 2016-07-27 13:42 - 00000000 ____D C:\Program Files\Common Files\Quotom
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zathplanet
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Program Files\Common Files\Dongphase
2016-07-27 13:30 - 2016-07-27 13:30 - 00000000 ____D C:\Program Files\Canesolozap
2016-07-27 13:29 - 2016-07-27 13:29 - 00000000 ____D C:\ProgramData\Quotezoom
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\Users\Bud Parker\Kon-bam
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\ProgramData\Overtechi
2016-07-27 13:21 - 2016-07-27 13:21 - 00000000 ____D C:\Program Files\Common Files\O-techno
2016-07-27 13:20 - 2016-07-27 13:20 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Codelane
2016-07-27 13:08 - 2016-07-26 15:14 - 03712064 _____ C:\Users\Bud Parker\Desktop\adwcleaner_5.201.exe
2016-07-27 11:05 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\Quocane
2016-07-27 11:05 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\Donquote
2016-07-27 11:05 - 2016-07-27 11:05 - 00000000 ____D C:\ProgramData\Bluetex
2016-07-27 11:03 - 2016-07-27 11:03 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\E-zoplex
2016-07-27 10:19 - 2016-07-27 10:48 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-27 09:23 - 2016-07-27 09:23 - 22851472 _____ (Malwarebytes ) C:\Users\Bud Parker\Downloads\mbam-setup-2.2.1.1043(1).exe
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Users\Bud Parker\doubleholding
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Vivacon
2016-07-27 09:04 - 2016-07-27 09:04 - 00000000 ____D C:\Program Files\Sumdrill
2016-07-27 09:03 - 2016-07-27 09:03 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Subcorporation
2016-07-27 08:55 - 2016-07-27 08:55 - 00483683 _____ C:\Users\Bud Parker\Desktop\regrunlog.txt
2016-07-27 08:04 - 2016-07-27 08:04 - 00000000 ____D C:\Windows\unolab
2016-07-27 08:02 - 2016-07-27 08:02 - 00000000 ____D C:\Users\Bud Parker\Tranzone
2016-07-27 07:33 - 2016-07-27 07:33 - 00000000 ____D C:\Users\Bud Parker\Bigholding
2016-07-27 07:33 - 2016-07-27 07:33 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Zerron
2016-07-27 07:32 - 2016-07-27 10:49 - 00000000 ____D C:\Windows\Saocore
2016-07-27 07:30 - 2016-07-27 07:30 - 00000000 ____D C:\Program Files\Common Files\Joymedbase
2016-07-27 07:25 - 2016-07-27 13:43 - 00001032 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-27 07:23 - 2016-07-27 07:23 - 48521840 _____ C:\Users\Bud Parker\Downloads\Firefox Setup 47.0.1.exe
2016-07-26 22:07 - 2016-07-27 08:08 - 00000000 ____D C:\@RestoreQuarantine
2016-07-26 22:02 - 2016-07-26 22:02 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zerzim
2016-07-26 22:02 - 2016-07-26 22:02 - 00000000 ____D C:\ProgramData\Mathkix
2016-07-26 22:01 - 2016-07-26 22:01 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Zaamcom
2016-07-26 21:57 - 2016-07-27 08:53 - 00002093 _____ C:\Windows\system32\Partizan.RRI
2016-07-26 17:50 - 2016-07-26 17:50 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Refind
2016-07-26 17:50 - 2016-07-26 17:50 - 00000000 ____D C:\Program Files\Common Files\Kondrill
2016-07-26 17:49 - 2016-07-26 17:49 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\J-bela
2016-07-26 17:15 - 2016-07-26 17:15 - 00000000 ____D C:\Program Files\Flexplex
2016-07-26 17:14 - 2016-07-26 17:14 - 00000000 ____D C:\ProgramData\Freetaway
2016-07-26 17:11 - 2016-07-26 17:11 - 00000000 ____D C:\Users\Bud Parker\Overtechi
2016-07-26 16:36 - 2016-07-27 11:47 - 00000000 ____D C:\ProgramData\RegRun
2016-07-26 16:34 - 2016-07-26 16:34 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys
2016-07-26 16:33 - 2016-07-27 15:11 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-07-26 16:33 - 2016-07-27 11:04 - 00003342 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler
2016-07-26 16:33 - 2016-07-27 10:47 - 00000978 _____ C:\Users\Bud Parker\Desktop\UnHackMe.lnk
2016-07-26 16:33 - 2016-07-26 17:14 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-07-26 16:33 - 2016-07-26 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-07-26 16:33 - 2016-07-07 13:06 - 00015016 _____ (Greatis Software, LLC.) C:\Windows\SysWOW64\Drivers\UnHackMeDrv.sys
2016-07-26 16:33 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\Windows\system32\partizan.exe
2016-07-26 16:30 - 2016-07-26 16:31 - 18064897 _____ C:\Users\Bud Parker\Downloads\unhackme.zip
2016-07-26 16:23 - 2016-07-27 16:23 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c03db66b-2d05-4c7b-b797-ccf0a7404475.job
2016-07-26 16:23 - 2016-07-27 02:00 - 00000520 _____ C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 14c1e4b0-33ed-4a41-b44d-2e66d2750e5b.job
2016-07-26 16:23 - 2016-07-26 16:23 - 00003616 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task 14c1e4b0-33ed-4a41-b44d-2e66d2750e5b
2016-07-26 16:23 - 2016-07-26 16:23 - 00003542 _____ C:\Windows\System32\Tasks\SUPERAntiSpyware Scheduled Task c03db66b-2d05-4c7b-b797-ccf0a7404475
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Windows\howtrans
2016-07-26 16:11 - 2016-07-26 16:11 - 00000000 ____D C:\Users\Bud Parker\Medialam
2016-07-26 16:10 - 2016-07-26 16:10 - 00000000 ____D C:\ProgramData\Techijob
2016-07-26 16:07 - 2016-07-26 16:07 - 00000000 ____D C:\Windows\Kon-bam
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Ronlux
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Solo-job
2016-07-26 15:39 - 2016-07-26 15:39 - 00000000 ____D C:\Program Files\Common Files\Ronlux
2016-07-26 15:38 - 2016-07-26 15:45 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Canunoing
2016-07-26 15:38 - 2016-07-26 15:38 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Roundtouch
2016-07-26 15:14 - 2016-07-26 15:14 - 03712064 _____ C:\Users\Bud Parker\Downloads\adwcleaner_5.201.exe
2016-07-26 13:18 - 2016-07-26 13:18 - 00000000 ____D C:\ProgramData\Stantexon
2016-07-26 13:17 - 2016-07-26 13:17 - 00000000 ____D C:\Users\Bud Parker\zunfind
2016-07-26 13:15 - 2016-07-26 13:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Toughstreet
2016-07-26 13:15 - 2016-07-26 13:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Sumdrill
2016-07-26 13:14 - 2016-07-27 11:05 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Ronzafind
2016-07-26 11:46 - 2016-07-26 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Anti-Malware
2016-07-26 11:44 - 2016-07-26 14:19 - 00000000 ____D C:\Program Files\GridinSoft Anti-Malware
2016-07-26 11:18 - 2016-07-26 11:19 - 52437728 _____ (Microsoft Corporation) C:\Users\Bud Parker\Downloads\Windows-KB890830-x64-V5.38.exe
2016-07-26 10:58 - 2016-07-26 10:58 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Tools
2016-07-26 09:49 - 2016-07-26 09:49 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-07-26 09:47 - 2016-07-26 12:33 - 00000000 ____D C:\Windows\SysWOW64\databases-incognito
2016-07-26 09:30 - 2016-07-25 23:25 - 00629760 _____ () C:\Users\Public\Documents\usblock.exe
2016-07-26 09:10 - 2016-07-26 09:10 - 07105536 _____ C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:10 - 2016-07-26 09:10 - 00018432 _____ C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-07-26 09:07 - 2016-07-26 09:07 - 00031411 _____ C:\Windows\cad59fc9af939f2528d349888eab9565.ps1
2016-07-26 09:06 - 2016-07-27 10:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Apps\2.0
2016-07-26 09:06 - 2016-07-26 09:06 - 00129024 _____ C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-26 08:51 - 2016-07-26 08:51 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\c
2016-07-26 08:50 - 2016-07-26 08:50 - 00000000 ___HD C:\Program Files (x86)\tai
2016-07-24 20:44 - 2016-07-24 20:44 - 08677830 _____ C:\Users\Bud Parker\Downloads\Sharkmouth AH-1G's in Vietnam (Récupéré).pdf
2016-07-24 20:44 - 2016-07-24 20:44 - 04353501 _____ C:\Users\Bud Parker\Downloads\68-17365 Rod Willis Loach 2nd Draft.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 03203865 _____ C:\Users\Bud Parker\Downloads\Loaches of the 4th cav 1st sqn D trp.pdf
2016-07-24 20:43 - 2016-07-24 20:43 - 02355380 _____ C:\Users\Bud Parker\Downloads\Miss Claude IV 1st update.pdf
2016-07-24 20:42 - 2016-07-24 20:43 - 02194618 _____ C:\Users\Bud Parker\Downloads\C Troop 16th Cav.pdf
2016-07-24 19:47 - 2016-07-24 20:37 - 00000000 ____D C:\Users\Bud Parker\Desktop\Stewart
2016-07-24 16:09 - 2016-07-27 13:41 - 00000294 _____ C:\Windows\Tasks\Windows 7 Manager - Free Memory.job
2016-07-24 15:24 - 2016-07-25 13:35 - 02713066 _____ C:\Users\Bud Parker\Desktop\EMS Claim DotDot.pdf
2016-07-24 14:15 - 2016-07-24 14:14 - 06901516 _____ C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-07-24 08:21 - 2016-07-24 08:21 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-07-23 22:14 - 2016-07-27 10:48 - 00002009 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-07-23 22:14 - 2016-07-23 22:14 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-07-23 18:00 - 2016-07-23 18:00 - 00000000 ____D C:\Users\Bud Parker\Documents\Paradox Interactive
2016-07-23 10:29 - 2016-07-23 10:29 - 00002170 _____ C:\Users\Bud Parker\Desktop\GREAT TRUTHS THAT LITTLE CHILDREN HAVE LEARNED.txt
2016-07-21 13:19 - 2016-07-21 13:19 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-07-20 17:03 - 2016-07-20 17:05 - 00014357 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 1 July to 20 July 16.xlsm
2016-07-20 16:38 - 2016-07-20 17:05 - 00013225 _____ C:\Users\Bud Parker\Desktop\BankPlus Checking 21 Jun to 20 July 16.xlsm
2016-07-20 15:13 - 2016-07-20 15:13 - 06525180 _____ C:\Users\Bud Parker\Desktop\Guide for Caregivers on Moving People Safely_ Wheelchair to Toilet Seat Transfer.MP4
2016-07-20 11:29 - 2016-07-20 11:30 - 00279521 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160720.zip
2016-07-20 11:28 - 2016-07-20 11:28 - 00084009 _____ C:\Users\Bud Parker\Documents\Dorothy Appt 8 Aug 16.pdf
2016-07-20 11:27 - 2016-07-20 11:27 - 00083178 _____ C:\Users\Bud Parker\Documents\Appt Dot.pdf
2016-07-19 12:27 - 2016-07-27 10:48 - 00001754 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-07-19 12:27 - 2016-07-19 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-07-19 12:26 - 2016-07-19 12:27 - 00000000 ____D C:\Program Files\iTunes
2016-07-19 12:16 - 2016-07-27 10:48 - 00001806 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-07-19 12:16 - 2016-07-19 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-07-19 08:54 - 2016-07-19 08:54 - 00014249 _____ C:\Users\Bud Parker\Desktop\On Sheep.txt
2016-07-18 21:11 - 2016-07-18 21:11 - 06686635 _____ C:\Users\Bud Parker\Desktop\Worlds Collide_ Appendix Carry, Your Way.MP4
2016-07-17 21:40 - 2016-07-17 21:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\DiskAid
2016-07-16 21:02 - 2016-07-16 21:03 - 00206885 _____ C:\Users\Bud Parker\Downloads\militarycallsignlist-apr09.pdf
2016-07-16 09:58 - 2016-07-16 09:58 - 00279514 _____ C:\Users\Bud Parker\Downloads\HealthSummary20160716.zip
2016-07-16 09:58 - 2016-07-16 09:58 - 00043839 _____ C:\Users\Bud Parker\Desktop\Dot Health Summary.pdf
2016-07-15 11:15 - 2016-07-15 12:04 - 00014455 _____ C:\Users\Bud Parker\Documents\Dot Med Schedule.xlsx
2016-07-14 22:37 - 2016-07-27 08:58 - 00000058 _____ C:\Windows\SysWOW64\Partizan.RRI
2016-07-14 22:19 - 2016-07-27 08:55 - 00000000 ____D C:\Users\Bud Parker\Documents\RegRun2
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\winstart.bat
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT
2016-07-14 22:19 - 2016-07-26 16:33 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT
2016-07-14 12:18 - 2016-06-11 01:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 23:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 12:18 - 2016-06-10 16:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 16:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 12:18 - 2016-06-10 16:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 12:18 - 2016-06-10 16:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 12:18 - 2016-06-10 16:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 12:18 - 2016-06-10 16:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 16:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 12:18 - 2016-06-10 16:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 16:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 12:18 - 2016-06-10 16:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 12:18 - 2016-06-10 16:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 12:18 - 2016-06-10 16:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 16:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 12:18 - 2016-06-10 16:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 12:18 - 2016-06-10 16:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 15:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 12:18 - 2016-06-10 15:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 15:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 12:18 - 2016-06-10 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 15:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 12:18 - 2016-06-10 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 12:18 - 2016-06-10 15:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 15:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 15:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 12:18 - 2016-06-10 15:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 12:18 - 2016-06-10 15:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 12:18 - 2016-06-10 15:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 15:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 15:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 14:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 12:18 - 2016-06-10 14:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 12:18 - 2016-06-10 14:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 12:18 - 2016-06-10 14:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 14:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 12:18 - 2016-06-10 13:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 12:18 - 2016-06-10 13:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 12:18 - 2016-06-10 13:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 12:18 - 2016-06-10 13:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 12:18 - 2016-06-10 13:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 12:18 - 2016-06-10 13:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 12:18 - 2016-06-10 13:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 12:18 - 2016-06-10 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 12:18 - 2016-06-10 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 12:18 - 2016-06-10 13:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 12:18 - 2016-06-10 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 12:18 - 2016-06-10 13:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 12:18 - 2016-06-10 13:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 12:18 - 2016-06-10 13:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 12:18 - 2016-06-10 13:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 12:18 - 2016-06-10 13:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 12:18 - 2016-06-10 13:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 12:18 - 2016-06-10 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 12:18 - 2016-06-10 13:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 12:18 - 2016-06-10 13:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 12:18 - 2016-06-10 13:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 12:18 - 2016-06-10 12:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 12:18 - 2016-06-10 12:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 12:18 - 2016-06-10 12:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 12:18 - 2016-06-10 12:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 09:08 - 2016-06-25 19:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 09:08 - 2016-06-25 14:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 09:08 - 2016-06-25 14:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 09:08 - 2016-06-25 14:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 09:08 - 2016-06-25 14:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 09:07 - 2016-06-25 19:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 09:07 - 2016-06-25 19:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 09:07 - 2016-06-22 08:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 09:07 - 2016-06-17 13:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 09:00 - 2016-06-14 10:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 08:40 - 2016-07-14 08:42 - 00000000 ____D C:\Users\Bud Parker\Desktop\Dot Wheel Chair
2016-07-14 07:28 - 2016-07-14 07:29 - 00690584 _____ (Dropbox, Inc.) C:\Users\Bud Parker\Downloads\DropboxInstaller.exe
2016-07-13 21:49 - 2016-07-13 22:00 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-13 20:16 - 2016-07-13 20:14 - 00549120 _____ C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg
2016-07-12 12:50 - 2016-07-13 22:24 - 00000000 ____D C:\Users\Bud Parker\Desktop\Sentra Wreck 11 Jul 16
2016-07-09 20:33 - 2016-07-09 20:33 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\HP
2016-07-09 13:18 - 2016-07-09 13:18 - 00000251 _____ C:\Users\Bud Parker\Desktop\Toshiba Laptop Error Message.txt
2016-07-06 11:12 - 2016-07-06 11:12 - 01712693 _____ C:\Users\Bud Parker\Desktop\Sanatize Poultry Water.pdf
2016-07-04 10:34 - 2016-07-04 10:56 - 00002751 _____ C:\Users\Bud Parker\Desktop\Railroad.txt
2016-07-02 22:01 - 2016-07-02 22:01 - 00000000 ____D C:\Users\Bud Parker\Documents\Important Documents Passport TWIC
2016-07-02 22:00 - 2010-09-17 20:19 - 00178378 _____ C:\Users\Bud Parker\Documents\Timesheet Parker McMoRan 2.xlsx
2016-07-02 22:00 - 2010-09-17 20:18 - 00178392 _____ C:\Users\Bud Parker\Documents\Timesheet Parker McMoRan 1.xlsx
2016-07-02 22:00 - 2010-04-06 11:22 - 00179200 _____ C:\Users\Bud Parker\Documents\Invoices, Parker, 2010.xls
2016-07-02 21:59 - 2016-07-02 21:59 - 00000000 ____D C:\Users\Bud Parker\Documents\Timesheets, Walsh
2016-07-02 21:58 - 2010-12-17 20:28 - 00028474 _____ C:\Users\Bud Parker\Documents\Opening Combination Locks and etc.odt
2016-07-02 15:17 - 2016-07-02 16:24 - 00000000 ____D C:\Users\Bud Parker\Television Series
2016-07-01 10:52 - 2016-07-01 10:55 - 00000047 _____ C:\Users\Bud Parker\Documents\SN List.txt
2016-06-29 17:50 - 2016-06-29 17:51 - 00000000 ____D C:\Users\Bud Parker\Documents\Freemake
2016-06-29 14:05 - 2016-06-29 14:05 - 05273164 _____ C:\Users\Bud Parker\Downloads\MS_Map-sheet-14.pdf
2016-06-29 14:03 - 2016-06-29 14:03 - 01334460 _____ C:\Users\Bud Parker\Downloads\MS_Map-Index.pdf
2016-06-29 14:01 - 2016-06-29 14:02 - 00781649 _____ C:\Users\Bud Parker\Downloads\MS_Study-Area-Map_FINAL.pdf
2016-06-28 19:07 - 2016-06-28 19:07 - 00000000 ____D C:\ProgramData\Auslogics
2016-06-28 12:21 - 2016-06-28 12:36 - 37229104 _____ (PandoraTV) C:\Users\Bud Parker\Downloads\KMPlayer_4.1.0.3.exe
2016-06-28 10:14 - 2016-07-27 07:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-27 20:39 - 2016-07-27 10:48 - 00001120 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-06-27 18:40 - 2016-06-27 18:40 - 07732416 _____ C:\Users\Bud Parker\Documents\BUDS-GATEWAY.arn

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-27 14:01 - 2016-06-20 10:09 - 00000000 ____D C:\Users\Bud Parker\AppData\LocalLow\LastPass
2016-07-27 13:50 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-27 13:50 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-27 13:45 - 2009-07-14 00:13 - 00782248 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-27 13:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-07-27 13:43 - 2016-03-18 16:58 - 00001038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-27 13:43 - 2016-03-18 16:31 - 00000994 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-27 13:43 - 2016-03-18 16:27 - 00000000 ____D C:\Users\Bud Parker
2016-07-27 13:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-27 13:40 - 2016-01-22 11:04 - 00000000 ____D C:\AdwCleaner
2016-07-27 11:50 - 2016-03-18 21:24 - 00240097 ____H C:\Users\Bud Parker\AppData\Roaming\TurboLaunch_IconCache.dat
2016-07-27 11:11 - 2009-08-28 06:06 - 00000000 ____D C:\ProgramData\Temp
2016-07-27 10:49 - 2016-06-10 10:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-27 10:48 - 2016-06-11 10:25 - 00002115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-07-27 10:48 - 2016-03-19 16:01 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-07-27 10:48 - 2016-03-18 21:24 - 00001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboLaunch.lnk
2016-07-27 10:48 - 2016-03-18 18:47 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2016-07-27 10:48 - 2016-03-18 16:41 - 00002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2016-07-27 10:48 - 2016-03-18 16:40 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2016-07-27 10:48 - 2009-08-28 06:05 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2016-07-27 10:48 - 2009-08-28 05:33 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-07-27 10:48 - 2009-08-28 05:33 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-07-27 10:48 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-27 10:48 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-07-27 10:48 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-07-27 10:48 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-07-27 10:48 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-07-27 10:47 - 2016-06-24 19:19 - 00000998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk
2016-07-27 10:47 - 2016-06-24 10:48 - 00001038 _____ C:\Users\Bud Parker\Desktop\Folder Lock 6.lnk
2016-07-27 10:47 - 2016-03-20 16:50 - 00001138 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Super DX-Ball Deluxe.lnk
2016-07-27 10:47 - 2016-03-19 16:41 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2016-07-27 10:47 - 2016-03-19 06:34 - 00001150 _____ C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-07-27 10:47 - 2014-12-11 13:27 - 00000355 _____ C:\Users\Bud Parker\Desktop\Computer.lnk
2016-07-27 10:47 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-07-27 10:47 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-07-27 10:20 - 2016-06-10 10:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-27 10:19 - 2016-06-10 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-27 09:09 - 2016-06-12 07:17 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-07-27 07:27 - 2016-03-18 16:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-26 22:15 - 2016-03-22 19:27 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-26 15:51 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\Portable
2016-07-26 09:23 - 2016-06-09 22:49 - 00000000 ____D C:\Windows\system32\SSL
2016-07-26 08:41 - 2016-04-30 17:21 - 00000000 ____D C:\Users\Bud Parker\Movies
2016-07-25 15:08 - 2016-03-18 18:48 - 00000000 ___SD C:\Users\Bud Parker\Desktop\NBC
2016-07-24 14:17 - 2016-03-18 19:01 - 00000000 ___RD C:\Users\Bud Parker\Documents\Scanned Documents
2016-07-23 22:52 - 2016-04-16 20:47 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\ElevatedDiagnostics
2016-07-23 22:14 - 2016-03-29 20:18 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-23 22:14 - 2016-03-29 20:18 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-23 22:14 - 2016-03-29 20:15 - 00000000 ____D C:\Users\Bud Parker\AppData\Local\Adobe
2016-07-23 22:14 - 2014-12-21 21:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-23 22:14 - 2009-08-28 06:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-23 12:41 - 2016-03-31 22:34 - 00000000 ____D C:\Users\Bud Parker\Documents\My Downloaded Video
2016-07-22 09:25 - 2016-03-21 10:20 - 00000000 __RSD C:\Users\Bud Parker\Desktop\Facebook Icons
2016-07-21 13:23 - 2016-03-26 21:35 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-07-21 07:12 - 2016-03-27 03:37 - 00000000 ___SD C:\Windows\system32\GWX
2016-07-20 11:27 - 2016-04-15 22:36 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Nitro PDF
2016-07-19 12:26 - 2016-04-18 13:09 - 00000000 ____D C:\Program Files\iPod
2016-07-19 12:19 - 2016-03-05 17:31 - 00000000 ____D C:\ProgramData\Apple
2016-07-19 12:16 - 2016-03-19 16:01 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-07-19 02:02 - 2016-03-21 20:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
2016-07-17 07:37 - 2016-03-20 16:28 - 00000000 ____D C:\i
2016-07-16 02:03 - 2016-06-25 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyWorship
2016-07-16 02:03 - 2016-06-22 12:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support
2016-07-16 02:03 - 2016-03-19 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMyPC Registry Cleaner
2016-07-14 22:38 - 2009-08-28 06:03 - 00000000 ____D C:\Windows\System32\Tasks\Recovery Management
2016-07-14 21:00 - 2009-07-13 23:45 - 00468856 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 20:59 - 2016-03-27 03:37 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 20:59 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 20:57 - 2016-03-22 19:27 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 19:04 - 2016-06-13 08:40 - 00000000 ____D C:\Users\Bud Parker\AppData\Roaming\vlc
2016-07-03 19:47 - 2016-05-09 21:27 - 00006999 _____ C:\Users\Bud Parker\Documents\A Soldier Died Today.odt
2016-07-03 19:21 - 2016-06-05 15:00 - 00000000 ____D C:\Users\Bud Parker\Desktop\Pickup Truck Music
2016-06-28 19:14 - 2016-06-14 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-06-28 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2016-06-28 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-06-28 19:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2016-06-28 18:40 - 2009-07-14 00:08 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-28 07:23 - 2016-06-24 19:19 - 00000000 ____D C:\Program Files\VueScan
2016-06-27 21:23 - 2016-06-11 10:24 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-27 21:23 - 2016-06-11 10:24 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-27 21:23 - 2016-03-19 10:38 - 00000318 _____ C:\Windows\Tasks\Windows 7 Manager - Logon Background Changer.job
2016-06-27 20:39 - 2016-03-19 06:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player

==================== Files in the root of some directories =======

2014-06-11 13:21 - 2014-04-25 04:55 - 0011560 _____ () C:\Program Files (x86)\COPYING.Apachev2
2014-06-11 13:21 - 2014-04-25 04:55 - 0025859 _____ () C:\Program Files (x86)\COPYING.LGPLv2
2014-06-11 13:21 - 2014-04-25 04:55 - 0007820 _____ () C:\Program Files (x86)\COPYING.LGPLv3
2016-07-26 09:10 - 2016-07-26 09:10 - 7105536 _____ () C:\Users\Bud Parker\AppData\Roaming\agent.dat
2016-07-26 09:06 - 2016-07-26 09:06 - 0129024 _____ () C:\Users\Bud Parker\AppData\Roaming\Installer.dat
2016-07-26 09:10 - 2016-07-26 09:10 - 0018432 _____ () C:\Users\Bud Parker\AppData\Roaming\Main.dat
2016-03-31 16:57 - 2016-03-31 16:58 - 0000990 ___SH () C:\Users\Bud Parker\AppData\Roaming\systemfl.$dk
2016-03-21 21:14 - 2016-03-24 00:13 - 0000097 _____ () C:\Users\Bud Parker\AppData\Roaming\WB.CFG
2016-03-19 06:50 - 2016-03-31 16:35 - 0000700 ___SH () C:\Users\Bud Parker\AppData\Local\systemFL7.dat
2016-01-24 20:54 - 2016-01-24 20:54 - 0924950 _____ () C:\ProgramData\1453675051.bdinstall.bin
2016-01-25 17:46 - 2016-01-25 17:46 - 0037575 _____ () C:\ProgramData\1453761997.bdinstall.bin
2016-01-25 17:49 - 2016-01-25 17:49 - 0096747 _____ () C:\ProgramData\1453762002.bdinstall.bin
2016-05-18 08:18 - 2016-05-18 08:18 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
2016-03-19 16:35 - 2016-05-15 11:00 - 0003594 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Bud Parker\AppData\Local\Temp\libeay32.dll
C:\Users\Bud Parker\AppData\Local\Temp\msvcr120.dll
C:\Users\Bud Parker\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\146286.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)-
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-24 15:02

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2016
Ran by Bud Parker (2016-07-27 17:47:16)
Running from C:\Users\Bud Parker\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-03-18 21:26:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2712942507-1312882600-3786330889-500 - Administrator - Disabled)
Bud Parker (S-1-5-21-2712942507-1312882600-3786330889-1001 - Administrator - Enabled) => C:\Users\Bud Parker
Guest (S-1-5-21-2712942507-1312882600-3786330889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2712942507-1312882600-3786330889-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atomic Alarm Clock 6.20 (HKLM\...\Atomic Alarm Clock_is1) (Version:  - Drive Software Company)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.61.7539 - AVG Technologies)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3108 - CyberLink Corp.)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.2321 - CyberLink Corp.)
CyberLink PowerDirector 11 (Version: 11.0.0.2321 - CyberLink Corp.) Hidden
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3201.50 - CyberLink Corp.)
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
Disk Doctors Windows Data Recovery 3.0.3.353 (HKLM-x32\...\Disk Doctors Windows Data Recovery_is1) (Version:  - Disk Doctors Labs Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - )
FMW 1 (Version: 1.102.4 - AVG Technologies) Hidden
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3002 - Acer Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.36.5083 - Gretech Corporation)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 3.0.45 - GridinSoft LLC)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.63 - Conexant Systems)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Printer Driver Software 13.0 Rel. 2 (HKLM\...\{F69E48F2-94B0-4272-845C-5F21F2A9815F}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Gateway Incorporated)
iExplorer 3.9.6.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Kutools for Word (HKLM\...\{1F20434C-8ECF-47DD-8D04-73914E36CEA7}) (Version: 7.10.112.0 - Detong Technology Ltd.)
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Gateway)
Magic ISO Maker v5.5 (build 0276) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0276)) (Version:  - )
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.334.1 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{0BEFCFE0-4373-41B6-8924-85FA78C9514D}) (Version: 8.0.3.1 - Nitro)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 16.7.0.30 - Symantec Corporation)
Nuclear Coffee - VideoGet (HKLM\...\VideoGet_is1) (Version: 2014 - Nuclear Coffee)
PS_SF_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_SF_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Quintessential Media Player (HKLM-x32\...\Quintessential Media Player) (Version: Version 5.0 - Quinnware)
Quintessential Player (HKLM-x32\...\Quintessential Player) (Version: 4.51 - Quinnware)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30102 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpeedConnect Internet Accelerator v.8.0 (HKLM-x32\...\SpeedConnect Internet Accelerator v.8.0_is1) (Version:  - CBS Software)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Super DX-Ball Deluxe (HKLM-x32\...\Super DX-Ball Deluxe) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.41.5 - Synaptics Incorporated)
Togethershare Data Recovery Trial 5.8.1 (HKLM-x32\...\Togethershare Data Recovery Trial 5.8.1_is1) (Version:  - Togethershare)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
TurboLaunch 5.1.4 (HKLM-x32\...\TurboLaunch_is1) (Version: 5.1.4.5 - Savard Software)
UnHackMe 8.12 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Video Web Camera (HKLM-x32\...\{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}) (Version: 0.5.11.1 - SuYin)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VueScan x64 (HKLM\...\VueScan x64) (Version:  - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3005 - Gateway Incorporated)
Windows 7 Manager (HKLM\...\{BA2DD58B-F35E-421F-AE30-0A856AEA8B38}) (Version: 4.3.9 - Yamicsoft)
Windows Driver Package - AMD (amdkmpfd) System  (08/18/2014 14.201.1006.1001) (HKLM\...\52CC88C17478DF9A496DD7C4B6545110B51589A4) (Version: 08/18/2014 14.201.1006.1001 - AMD)
Windows Driver Package - Apple, Inc. (USBAAPL64) USB  (12/12/2012 6.0.9999.65) (HKLM\...\0FEF654FC54561C3E984A0DB0704F76831FD35A2) (Version: 12/12/2012 6.0.9999.65 - Apple, Inc.)
Windows Driver Package - Broadcom (k57nd60a) Net  (10/30/2013 15.6.0.14) (HKLM\...\7C9CA8A432E0A7C6153832FCFFA30579EF8427D2) (Version: 10/30/2013 15.6.0.14 - Broadcom)
Windows Driver Package - Challenger Backup Solutions, LLC (FlashBoot) DiskDrive  (08/11/2013 2.3.72.0) (HKLM\...\CA8BFE662913F62CB908BA31685037C57A7DD973) (Version: 08/11/2013 2.3.72.0 - Challenger Backup Solutions, LLC)
Windows Driver Package - CXT (winachsf) Modem  (02/03/2010 7.80.4.63) (HKLM\...\07B690A855C6F3B41BA1827247649EC919D2F456) (Version: 02/03/2010 7.80.4.63 - CXT)
Windows Driver Package - ELAN SMBus (ETDSMBus) System  (08/06/2015 15.1.2.5) (HKLM\...\94D4ADBD3EF82E234DF58F1B9BD18B24B775A6D0) (Version: 08/06/2015 15.1.2.5 - ELAN SMBus)
Windows Driver Package - ELAN SMBus (ETDSMBus) System  (12/14/2015 15.1.2.8) (HKLM\...\6168882EA454F93FCDCE03E891193A3F56F09386) (Version: 12/14/2015 15.1.2.8 - ELAN SMBus)
Windows Driver Package - Hewlett-Packard Image  (04/01/2012 08.00.00.01) (HKLM\...\61339A68E39F445DE4C300A47EAC69A31C51C993) (Version: 04/01/2012 08.00.00.01 - Hewlett-Packard)
Windows Driver Package - Intel (NETwNs64) net  (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel Corporation (igfx) Display  (08/25/2010 8.15.10.2202) (HKLM\...\04E92E1774FD1C439D917D5BAC9589A81677C8BC) (Version: 08/25/2010 8.15.10.2202 - Intel Corporation)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\693856C0232B92FB409DC672B23A1C42AB5883E8) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel System  (07/25/2013 9.1.9.1005) (HKLM\...\B081E57B1455374FB610EEC26F6154A8870B8859) (Version: 07/25/2013 9.1.9.1005 - Intel)
Windows Driver Package - Intel USB  (07/09/2013 9.1.9.1004) (HKLM\...\0D3177F1E077022671B9E6C22E0EE7CA9A92EDDE) (Version: 07/09/2013 9.1.9.1004 - Intel)
Windows Driver Package - JMicron (usbccgp) USB  (07/28/2009 1.0.4.2) (HKLM\...\D3AAF0E65D8B1D5934711D3312BF76371DB14E42) (Version: 07/28/2009 1.0.4.2 - JMicron)
Windows Driver Package - Logicool (LHidEqd) HIDClass  (06/09/2015 5.90.38) (HKLM\...\9D0F3F167B773DDFAC11A04606DEC4C987EFFF7A) (Version: 06/09/2015 5.90.38 - Logicool)
Windows Driver Package - Logitech (HidUsb) HIDClass  (08/31/2012 1.10.77.0) (HKLM\...\5498ECA18B56D1C7C4EC25B46FBEA3A008C6545A) (Version: 08/31/2012 1.10.77.0 - Logitech)
Windows Driver Package - Logitech (LEqdUsb) HIDClass  (06/09/2015 5.90.38) (HKLM\...\3D88081D327A12E9348E1EADDE35513319822FE0) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) HIDClass  (06/09/2015 5.90.38) (HKLM\...\DC76EF7E815182273AEA399A974A9D69D6D152D4) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Keyboard  (06/09/2015 5.90.38) (HKLM\...\ECB9A872456DA502A6B195D7AEEF6FEB7355ECB6) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (LHidFilt) Mouse  (06/09/2015 5.90.38) (HKLM\...\3A23CE434CCC10D23CD098DBBFD5A4C5D855E356) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - Logitech (usbccgp) USB  (11/04/2010 1.0.2.11) (HKLM\...\8A87028F68EFC3B6D4F26F7EF2DDB31C8F6767EF) (Version: 11/04/2010 1.0.2.11 - Logitech)
Windows Driver Package - Logitech DriverInterface  (06/09/2015 5.90.38) (HKLM\...\F6909E6D7225F7497F97F04808BC1B7489703274) (Version: 06/09/2015 5.90.38 - Logitech)
Windows Driver Package - MLK (KMWDFILTER) HIDClass  (07/28/2010 6.6.6000.0) (HKLM\...\490CF824D92DA6BB45D9F15423217769BCC14ABF) (Version: 07/28/2010 6.6.6000.0 - MLK)
Windows Driver Package - RAPOO (HidUsb) HIDClass  (11/30/2010 1.1.0.0) (HKLM\...\316A1A4D2C39A747662D9199884CD782691EE14D) (Version: 11/30/2010 1.1.0.0 - RAPOO)
Windows Driver Package - Screenovate Technologies Ltd. (WidockVhid) Screenovate  (02/29/2016 5.0.0.501) (HKLM\...\2DF704FFC8BE30DEDE37DC61848EFD4166CF26E9) (Version: 02/29/2016 5.0.0.501 - Screenovate Technologies Ltd.)
Windows Driver Package - Sonix (SNP2UVC) Image  (02/12/2010 5.8.54.008) (HKLM\...\56BAE2352D00B2AE9C3B48D84C43914BAC6C1619) (Version: 02/12/2010 5.8.54.008 - Sonix)
Windows Driver Package - Synaptics (SynTP) Mouse  (02/14/2012 15.3.41.5) (HKLM\...\190C63B15D229BC6A294BE717E05905B5765F493) (Version: 02/14/2012 15.3.41.5 - Synaptics)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (10/09/2015 1.1.0000.0) (HKLM\...\B059937637538DCA2E38E5A4C00BF67BE79C335E) (Version: 10/09/2015 1.1.0000.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8064.0206 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wondershare Video Editor(Build 5.1.3) (HKLM-x32\...\Wondershare Video Editor_is1) (Version:  - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F196B9E-7822-4238-86C8-DF8A5FE36806} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2773AF30-0B0F-41B6-9285-42612D38BBCE} - \{780F7F47-0B09-0A08-0C11-7F0F7D0B110E} -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {33C71173-D2D4-4F8A-823E-0F23AE833053} - \Nuafti -> No File <==== ATTENTION
Task: {3C77F7CE-0AEB-4DDE-B533-8DB26ADCBE8E} - \Windows 7 Manager - Logon Background Changer -> No File <==== ATTENTION
Task: {457E19F9-1642-4860-BFDC-F1736A1C2064} - \Driver Booster Scheduler -> No File <==== ATTENTION
Task: {48127161-63FA-4471-80C7-1BBF0B2DF394} - \Windows 7 Manager - Free Memory -> No File <==== ATTENTION
Task: {4D37D876-256E-404D-AA6C-EB690F7D0EF5} - \Driver Support-RTMUpdater -> No File <==== ATTENTION
Task: {59F7E622-58BA-4586-A482-0567074C1743} - System32\Tasks\Microsoft\Windows\Media Center\SecurityCenterUpdate => C:\Windows\kongreen\Geofase.exe [2016-07-11] ()
Task: {5D0C04FD-4463-48F9-B0AF-BA26C437581C} - \Driver Support-RTMRules -> No File <==== ATTENTION
Task: {5E5125AD-B70C-4CBA-8966-016476ABE17D} - System32\Tasks\SUPERAntiSpyware Scheduled Task 14c1e4b0-33ed-4a41-b44d-2e66d2750e5b => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {5F181AC9-68FD-4707-A713-553AB9B13718} - \GridinSoft Anti-Malware -> No File <==== ATTENTION
Task: {6AEDEFCA-1D1F-41F2-8D59-1EB15CCB9DD2} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {6D27F417-027E-424D-8740-D5DBE165529F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {6E6EA461-E140-4163-9A8B-A70AA308E593} - \Driver Support-RTMScan -> No File <==== ATTENTION
Task: {70C411B4-A80F-4EF1-B766-FE52C7BA03BF} - \cad59fc9af939f2528d349888eab9565 -> No File <==== ATTENTION
Task: {722B9063-5102-48B3-8596-ED30B06BE771} - \Trojan Killer -> No File <==== ATTENTION
Task: {84BC6AE1-B3B0-4F5C-8B0C-778C47E4105F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {8CBC52E6-A71C-44E4-BC04-11A69CB3D793} - \Recovery Management\Burn Notification -> No File <==== ATTENTION
Task: {946D61B8-B2AE-4178-8623-6E2222066E16} - \Driver Support -> No File <==== ATTENTION
Task: {97A2E49F-9200-4A91-989F-82A0B674CF14} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {A1D89EEA-B491-4D35-BF74-2B93D6331E2C} - \Fucsybf -> No File <==== ATTENTION
Task: {AB3A406B-B85B-4BA6-83D4-991886A8D0E5} - System32\Tasks\SUPERAntiSpyware Scheduled Task c03db66b-2d05-4c7b-b797-ccf0a7404475 => C:\Program Files\SUPERAntiSpyware\SASTask.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B7828516-B3D4-4D6D-9FD4-D47BB4ECA2C5} - \Driver Booster SkipUAC (Bud Parker) -> No File <==== ATTENTION
Task: {BA6E7936-A908-495B-847F-E63F4C29AA10} - \TweakBit\Driver Updater\Time for deal -> No File <==== ATTENTION
Task: {C79AB5FD-ED63-4F53-98CD-B2048F360540} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-07-07] (Greatis Software)
Task: {CE95725C-6C29-40F8-94DA-FC9D8A311A0C} - \Driver Support-RTMScanRunOnce -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D27318B5-30D1-4F08-BC23-61ED61BE6E27} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Opertaing System Transaction Task => Users\Bud Parker\Lamdex\Overranzim.exe
Task: {DA9841BD-4240-4FA0-9BA1-D60E90652432} - \TweakBit\PCSpeedUp\Start PCSpeedUp automatic scanning -> No File <==== ATTENTION
Task: {EAF6FEA9-3B9C-4E7F-92B5-A29E11C3DB39} - \{BFABA680-077A-48B9-9010-C0C972D9D50F} -> No File <==== ATTENTION
Task: {F10F5315-42D1-42CA-A469-971541F574A8} - \TweakBit\PCBooster\Start PCBooster оn logon -> No File <==== ATTENTION
Task: {F62BC7C4-E170-4BF2-BE09-9251AD659D25} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FE50A091-84D0-41F3-A30A-80E51C219080} - System32\Tasks\Microsoft\Windows\MUI\Msectrans => C:\Users\Bud Parker\AppData\Local\Hexice\Hotsolhigh.exe [2016-07-11] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 14c1e4b0-33ed-4a41-b44d-2e66d2750e5b.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task c03db66b-2d05-4c7b-b797-ccf0a7404475.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Free Memory.job => C:\Program Files\Yamicsoft\Windows 7 Manager\FreeMemory.exe
Task: C:\Windows\Tasks\Windows 7 Manager - Logon Background Changer.job => C:\Program Files\Yamicsoft\Windows 7 Manager\LogonBackgroundChanger.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> %SNF%

==================== Loaded Modules (Whitelisted) ==============

2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 18:31 - 2013-04-24 18:20 - 02007040 _____ () C:\Program Files\Atomic Alarm Clock\timeserv.exe
2016-03-19 16:02 - 2012-09-11 23:14 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-07-26 13:15 - 2016-07-26 13:15 - 00008192 _____ () C:\Users\Bud Parker\AppData\Roaming\Sumdrill\Sumdrill.exe
2016-07-26 13:15 - 2016-07-26 13:15 - 00008704 _____ () C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-18 18:31 - 2013-06-07 19:20 - 01875968 _____ () C:\Program Files\Atomic Alarm Clock\Clock.dll
2016-07-25 12:21 - 2016-07-25 12:21 - 01784832 _____ () C:\Program Files\GridinSoft Anti-Malware\shellext.dll
2016-03-18 18:31 - 2014-06-10 02:20 - 01609728 _____ () C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
2016-07-27 13:43 - 2016-07-27 14:35 - 00675840 _____ () C:\ProgramData\Lamzap\Lamzap.exe
2016-07-27 11:05 - 2016-07-27 11:05 - 00017920 _____ () C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe
2009-02-02 19:33 - 2009-02-02 19:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2008-09-28 19:55 - 2008-09-28 19:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 20:59 - 2009-06-03 20:59 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2016-07-27 13:43 - 2016-07-27 13:43 - 00257536 _____ () C:\ProgramData\Lamzap\Unijob.dll
2016-06-20 10:08 - 2016-06-20 10:08 - 01114136 _____ () C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2004-04-15 15:03 - 2004-04-15 15:03 - 00215040 _____ () C:\Program Files (x86)\Quintessential Player\QCDIcons.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5B811727 [147]
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8 [109]
AlternateDataStreams: C:\ProgramData\Temp:B755D674 [428]
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2 [121]
AlternateDataStreams: C:\ProgramData\Temp:ECF54A0E [360]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\MedStat EMS.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Bud Parker\Desktop\Sentra Wreck-Parker Dorothy.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:SummaryInformation [223]
AlternateDataStreams: C:\Users\Bud Parker\Documents\NBC Outside.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:SummaryInformation [219]
AlternateDataStreams: C:\Users\Bud Parker\Documents\Nursery.ppp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SymEFA.sys => ""="FSFilter Activity Monitor"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-06-08 09:27 - 00000897 ___RH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1 www.bitsumactivationserver.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: commitments =>
MSCONFIG\startupreg: grassy =>
MSCONFIG\startupreg: heald =>
MSCONFIG\startupreg: IDSCCOM0SL =>
MSCONFIG\startupreg: neil =>
MSCONFIG\startupreg: Pritc =>
MSCONFIG\startupreg: recovers =>
MSCONFIG\startupreg: SNUVCDSM => C:\Windows\snuvcdsm.exe
MSCONFIG\startupreg: whiner => "C:\Program Files (x86)\tai\whiner.exe"
MSCONFIG\startupreg: WINCOMKKP =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00A0CA64-A43F-4CFB-B5DF-2156BA87598F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [{8FDBC06C-00FA-4E34-BD52-4F20F7FC6DE0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2B23FD99-239B-4BD9-A3E0-810815804E9A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5F599676-02F0-44D6-B27D-924DFF873832}] => (Allow) svchost.exe
FirewallRules: [{585D81DB-B8E8-491A-BD10-F9D93DEBF3C8}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{532181D0-EBD9-4748-9941-D360B7AB2B71}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99683E1B-01D4-45AA-BCF1-D01E8FE0A720}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3A303EC-6EA8-43D2-99FA-D697453377FD}] => (Allow) c:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{906D3DA7-9A77-45DA-8200-293F6920A9F6}] => (Block) %ProgramFiles%\CyberLink\PowerDirector11\PDR11.exe
FirewallRules: [{390217F7-C2D3-4D12-81AA-505A32697EC9}] => (Block) %ProgramFiles%\CyberLink\PowerDirector11\UACAgent.exe
FirewallRules: [{711F873D-0153-49EB-B27A-0DEAFDB18DE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{30968491-E410-4CA7-A062-CAA3ADB03907}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{9879B054-053E-4A15-AEB7-AF04FAC2D4B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{C5CD2E40-540E-4F25-BFB4-86BBEEED5220}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{3BAC3C8F-4114-4229-BE90-A4EAE303173A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D50554F1-5545-4E93-9BA1-33ED014DD2D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{B8805A22-4C47-4C04-AE9C-15BD5EC04447}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{05450412-6E11-4C8C-AB3B-C9AC6C365BDD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{50D5D816-4BBC-4AE4-8BB2-1F87616D7812}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{512872A3-0660-44F0-BCD9-7984329AA973}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{07272250-52CC-421D-AD38-CE0FC0C29E29}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{F8E584B0-14FF-478C-A2BC-A6285A09B186}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{66F7FEC8-86A5-4781-8967-5F729A47FCCB}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{AE3495E2-4C1D-4A48-9439-96BEDC6170CD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{A505376F-34B6-484D-89EA-12072D64F6FE}] => (Allow) LPort=1688
FirewallRules: [{7003A0AD-8897-4912-97C9-D5BFE439CDD2}] => (Allow) LPort=1688
FirewallRules: [{2DF8F17B-064A-423B-A95E-ABA95F8F4FB5}] => (Block) %ProgramFiles%\Atomic Alarm Clock\AtomicAlarmClock.exe
FirewallRules: [{3B7BBD3B-F45B-4D5C-961B-124372A48F9D}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer\GOM.EXE
FirewallRules: [{D457DB99-CB0C-482E-95F7-93003C116022}] => (Block) %ProgramFiles% (x86)\GRETECH\GomPlayer\GrLauncher.exe
FirewallRules: [{5D78E78E-E35B-4768-8DFF-665DEDBB651B}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock 6.exe
FirewallRules: [{FE6BFB32-6F45-4E1E-83B4-41475718EAC9}] => (Block) %ProgramFiles% (x86)\Folder Lock 6\Folder Lock 6.exe
FirewallRules: [{AC487498-42A9-4484-BF61-8B4CE0AD192C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{085E7EF1-042A-420E-B569-EF6697CA4ADE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{336E446C-1793-4757-900D-6687091F32C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F852F6D3-C3E0-4FF2-B088-965792BBF2EE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{C953CD7A-3F79-490D-8F24-B5F6082743ED}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{1251D3A8-16EB-467F-8A27-9F5077C362CC}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{0F37D96E-A388-42B2-8556-7473B1D48349}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{25DA3935-7913-45A0-A58D-CB6239D8C8C6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{F5C26BA2-30D4-40E2-8EA3-432FD0F63321}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager\LiveUpdate.exe
FirewallRules: [{EA00FA82-BF74-4AAC-8146-28D16B57C190}] => (Block) %ProgramFiles%\Yamicsoft\Windows 7 Manager\Windows7Manager.exe
FirewallRules: [{9C2619F8-5977-40E1-94D1-1AC7BE33F104}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{29A70F84-B7E1-4FCF-B32A-4D90AAC1D713}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{838216BF-90FD-48FF-B254-B03701542E27}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6876953-D9E4-4665-AF0D-DDEF920A5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B92FFDB-CB43-4847-866A-FF2FA7E61037}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86E9E868-A808-45E9-BD98-B5641DD5B46F}] => (Block) %ProgramFiles% (x86)\TechSmith\Snagit 10\Snagit32.exe
FirewallRules: [{A1ABB005-55BA-43A5-BADF-E0DA27EC05D2}] => (Block) %ProgramFiles% (x86)\Quintessential Player\QCDPlayer.exe
FirewallRules: [{B1B1572B-B695-4BE5-BC0B-B8AB903DF780}] => (Block) %ProgramFiles% (x86)\Quintessential Media Player\QMPlayer.exe
FirewallRules: [{42540FBF-9366-4091-8226-48423F77E3E3}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{15690439-D3C4-40C0-AA50-C40553775E81}] => (Allow) C:\Program Files\VueScan\vuescan.exe
FirewallRules: [{A7118F06-A8FA-448C-9A5D-65BA9BA43A6C}] => (Block) %USERPROFILE%\Desktop\Portable\Portable Windows System Tools\Tweakers\WinUtilities Professional Edition 13.0\WinUtilities Professional Edition 13.0\WinUtilities.exe
FirewallRules: [{AFBE4EB3-F073-4E1F-BC3C-56AEA2BB3A6F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DCC979A6-E8DF-458F-8E25-00C21CBFE3D4}] => (Allow) C:\Users\Bud Parker\AppData\Local\ddnowyes.exe
FirewallRules: [{9B3DE5B5-7918-4ADD-BA4F-653A980CEAE8}] => (Allow) C:\Users\BUDPAR~1\AppData\Local\Temp\installer1.exe
FirewallRules: [{A62C2074-3420-4F50-9382-1BA25EA3FFF5}] => (Allow) C:\Users\Bud Parker\AppData\Local\59848303.exe
FirewallRules: [{628927C8-90BA-49A8-9A54-B8B136802E6C}] => (Allow) C:\Program Files (x86)\cataloged\royden.exe

==================== Restore Points =========================

26-07-2016 09:37:36 Revo Uninstaller Pro's restore point - System Healer
26-07-2016 09:51:11 Revo Uninstaller Pro's restore point - Advanced ScreenSnapshotTool 1.1.0.3011418
26-07-2016 09:54:45 Revo Uninstaller Pro's restore point - Power WebCam
26-07-2016 10:58:57 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters
26-07-2016 12:39:39 Removed Itibiti RTC
26-07-2016 21:51:21 RegRun Virus Scan
26-07-2016 22:02:26 RegRun Virus Scan
26-07-2016 22:07:10 RegRun Virus Scan
27-07-2016 07:32:34 RegRun Virus Scan
27-07-2016 07:57:37 RegRun Virus Scan
27-07-2016 08:03:25 RegRun Virus Scan
27-07-2016 08:07:42 RegRun Virus Scan
27-07-2016 08:15:07 RegRun Virus Scan
27-07-2016 10:57:21 RegRun Virus Scan
27-07-2016 11:06:30 Revo Uninstaller Pro's restore point - SUPERAntiSpyware
27-07-2016 11:13:01 Revo Uninstaller Pro's restore point - Ashampoo Internet Accelerator 3 v.3.20

==================== Faulty Device Manager Devices =============

Name: NAVEX15
Description: NAVEX15
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NAVEX15
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/27/2016 05:44:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x4d4
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3

Error: (07/27/2016 05:44:24 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
   at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
   at System.Management.ManagementEventWatcher.WaitForNextEvent()
   at first.Service1.checkmultipleservices(System.String[])
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (07/27/2016 04:44:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x89c
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3

Error: (07/27/2016 04:44:21 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
   at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
   at System.Management.ManagementEventWatcher.WaitForNextEvent()
   at first.Service1.checkmultipleservices(System.String[])
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (07/27/2016 03:44:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x12ec
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3

Error: (07/27/2016 03:44:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
   at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
   at System.Management.ManagementEventWatcher.WaitForNextEvent()
   at first.Service1.checkmultipleservices(System.String[])
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (07/27/2016 02:44:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ronzafind.exe, version: 1.0.0.0, time stamp: 0x578353ac
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23418, time stamp: 0x5708a89c
Exception code: 0xe0434352
Fault offset: 0x000000000001a06d
Faulting process id: 0x728
Faulting application start time: 0xRonzafind.exe0
Faulting application path: Ronzafind.exe1
Faulting module path: Ronzafind.exe2
Report Id: Ronzafind.exe3

Error: (07/27/2016 02:44:08 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Ronzafind.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Management.ManagementException
   at System.Management.ManagementException.ThrowWithExtendedInfo(System.Management.ManagementStatus)
   at System.Management.ManagementEventWatcher.WaitForNextEvent()
   at first.Service1.checkmultipleservices(System.String[])
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (07/27/2016 02:00:49 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (07/27/2016 02:00:48 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:


System errors:
=============
Error: (07/27/2016 05:49:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:49:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:49:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:47:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:44:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:44:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:44:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (07/27/2016 05:44:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.



CodeIntegrity:
===================================
  Date: 2016-07-27 13:41:23.359
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 13:41:23.297
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 13:28:15.643
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 13:28:15.580
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 13:19:04.747
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 13:19:04.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 11:47:03.273
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 11:47:03.195
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 11:02:44.385
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-07-27 11:02:44.322
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Quintessential Player\cdrpdacc.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 79%
Total physical RAM: 4025.98 MB
Available physical RAM: 836.1 MB
Total Virtual: 8050.14 MB
Available Virtual: 4487.85 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:698.64 GB) (Free:190.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (BUD'S 32) (Fixed) (Total:30.44 GB) (Free:30.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1E15AC1C)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30.5 GB) - (Type=0C)

==================== End of Addition.txt ============================


Top

 

US Army, Retired


#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 July 2016 - 05:37 PM

There's no need to add any color to the logs, these old eyes are trying as hard as I can to view your logs.

 

 

Lets run some programs and see what they remove, what they dont we can remove manually after I see the logs from the scans.  I am including instructions for Malwarebytes, you have the latest version and thats good. open it, check for updates and run the Threat scan. Make sure you have it set up the way that I am posting

 

 

 

All our tools and scanners work more efficiently when run from the DESKTOP in lieu of being buried in some folder, so download and run these tools right from the DESKTOP
 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner TO YOUR DESKTOP
 
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
 
AdwCleaner4.201_zpsxrbk2llq.jpg
 
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
 
 
Capture_zpsge1t2tk9.jpg Please download Junkware Removal Tool TO YOUR DESKTOP
  •  
  • Download the one from Bleeping Computer
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  TO YOUR DESKTOP
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
 
 
MBAM220_zpsox89gdej.jpg
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 

 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 06:45 PM

Phase One:  ADWCleaner...

 

# AdwCleaner v5.201 - Logfile created 27/07/2016 at 19:25:27
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Bud Parker - BUDS-GATEWAY
# Running from : C:\Users\Bud Parker\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : Lamzap

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\lamzaps
[#] Folder Deleted : C:\ProgramData\Lamzap
[#] Folder Deleted : C:\ProgramData\Lamzaps
[#] Folder Deleted : C:\ProgramData\Application Data\lamzaps
[#] Folder Deleted : C:\ProgramData\Application Data\Lamzap
[#] Folder Deleted : C:\ProgramData\Application Data\Lamzaps

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysWOW64\findit.xml

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Value Deleted : HKCU\Environment [SNF]
[-] Value Deleted : HKCU\Environment [SNP]
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Lamzap.exe
[-] Key Deleted : HKLM\SOFTWARE\mtLamzap
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [19710 bytes] - [22/01/2016 11:07:00]
C:\AdwCleaner\AdwCleaner[C2].txt - [7905 bytes] - [26/07/2016 15:33:38]
C:\AdwCleaner\AdwCleaner[C3].txt - [2933 bytes] - [26/07/2016 16:05:41]
C:\AdwCleaner\AdwCleaner[C4].txt - [2683 bytes] - [27/07/2016 13:17:39]
C:\AdwCleaner\AdwCleaner[C5].txt - [2829 bytes] - [27/07/2016 13:27:08]
C:\AdwCleaner\AdwCleaner[C6].txt - [6571 bytes] - [27/07/2016 13:40:07]
C:\AdwCleaner\AdwCleaner[C7].txt - [2375 bytes] - [27/07/2016 19:25:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [19260 bytes] - [22/01/2016 11:04:06]
C:\AdwCleaner\AdwCleaner[S2].txt - [741 bytes] - [25/01/2016 11:14:41]
C:\AdwCleaner\AdwCleaner[S3].txt - [8070 bytes] - [26/07/2016 15:16:08]
C:\AdwCleaner\AdwCleaner[S4].txt - [2788 bytes] - [26/07/2016 15:52:56]
C:\AdwCleaner\AdwCleaner[S5].txt - [2559 bytes] - [27/07/2016 13:09:24]
C:\AdwCleaner\AdwCleaner[S6].txt - [2713 bytes] - [27/07/2016 13:24:20]
C:\AdwCleaner\AdwCleaner[S7].txt - [10519 bytes] - [27/07/2016 13:36:54]
C:\AdwCleaner\AdwCleaner[S8].txt - [2994 bytes] - [27/07/2016 19:16:57]
C:\AdwCleaner\AdwCleaner[S9].txt - [3065 bytes] - [27/07/2016 19:21:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C7].txt - [3106 bytes] ##########
 

I looked on C;/ and the two folders ADWCleaner said it deleted are both still there, along with it's contents.


Top

 

US Army, Retired


#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 July 2016 - 07:06 PM

These infections leave crappola all over the place, lets see what Junkware Removal and Malwarebytes removes.



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 07:24 PM

Just a little more info.  Yesterday while I was trying to figure out what was going on I went to "Task Manager" and looked at Processes to see if anything stood out a unusual.  Normally I look for anything that does not list a Description.  I found this Lamzap.exe running and the description said "nine".  When I would end the process, it would very quickly restart.  Soon I found a hidden directory that was read only in C:\ProgramData\Lamzap.  I unhid it and unselected Read Only.  But, I could only delete about 20 items in that folder and four others would not delete because they were in use.

 

When I went back in a few minutes to look at it again, something had replaced all the deleted items in the directory.  Next I tried to be fast enough to stop the process in Task Manager and try to delete the directory.  Even if I did manage to do it, the directory would reappear.  Something else in my computer is actually running this carp** and if I disable it be deleting files in that directory "it" replaces them.

 

Also, my start page is hijacked.


Top

 

US Army, Retired


#10 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 07:24 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Home Premium x64
Ran by Bud Parker (Limited) on Wed 07/27/2016 at 19:48:20.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 38

Failed to delete: C:\Users\Bud Parker\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf (Folder)
Successfully deleted: C:\ProgramData\1453675051.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1453761997.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\1453762002.bdinstall.bin (File)
Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\ProgramData\iobit\driver booster (Folder)
Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Bud Parker\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Roaming\cleanmypc software (Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Roaming\iobit\driver booster (Folder)
Successfully deleted: C:\Windows\SysWOW64\findit.xml (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\303N1SZT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38930UNB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XQC1FYM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H0HJQ4S (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1BSVT5O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8HN0N4T (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFVZ7534 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Bud Parker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP8UR9HI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\DRIVERSUPPORT.EXE-96EABB6E.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEMEM.EXE-0156137A.pf (File)
Successfully deleted: C:\Windows\prefetch\FREEMEMORY.EXE-514B43E0.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\303N1SZT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\38930UNB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XQC1FYM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8H0HJQ4S (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1BSVT5O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8HN0N4T (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFVZ7534 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LP8UR9HI (Temporary Internet Files Folder)
Successfully repaired: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk (Shortcut)
Successfully repaired: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk (Shortcut)
Successfully repaired: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk (Shortcut)
Successfully repaired: C:\Users\Bud Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk (Shortcut)

Deleted the following from C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);
user_pref(extensions.fbp-signed@fbpurity.com.oldfriendstore-1384504120, {\1318698\:\Aaron Day\,\6512650\:\Tara Henderson Melton\,\10205103\:\Joshua Rubin\,\113
user_pref(extensions.lastpass.searchforsiteswithinaddressbar, true);
user_pref(extensions.skipityforfirefox.oldhomeurl, hxxps://www.startpage.com/);
user_pref(extensions.thefoxonlybetter.suggestSearchesInPB, true);



Registry: 11

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D8F60375-AAD4-4073-A71F-CEB79C2DA690} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/27/2016 at 20:01:13.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Top

 

US Army, Retired

    Advertisements

Register to Remove


#11 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 27 July 2016 - 07:36 PM

You had some other garbage that was removed. Just hang in and we will get it all. Lets see what Malwarebytes finds and removes. Been a looooooong day, be back in the am



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#12 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 07:55 PM

I hope you're not up to read this post.  I'm running MBAM now.  As you know it takes a while. . .  When it's done I'll post the results.

 

In case you don't receive mush gratitude for your efforts let me say a hearty "Thank You."  Even if we don't annihilate this Demonically possessed Lamzap!


Top

 

US Army, Retired


#13 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 27 July 2016 - 08:02 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/27/2016
Scan Time: 8:31 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.27.11
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bud Parker

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357373
Time Elapsed: 28 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Backdoor.Agent.PGen, C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe, 3480, , [a067b9702e6c91a56333a1aa936e738d]
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Lamzap.exe, 4160, , [f71081a83367ab8b83454ab200033cc4]

Modules: 1
PUP.Optional.Linkury, C:\ProgramData\Lamzap\Lotstock.dll, , [b354bd6cd7c387af2b83bafca75aed13],

Registry Keys: 10
Backdoor.Agent.PGen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Ronzafind, , [a067b9702e6c91a56333a1aa936e738d],
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Lamzap, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAMZAP.EXE, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAMZAP.EXE, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\mtLamzap, , [0403b0798812ba7c9835ae4e4eb5916f],
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [8f78bc6d6337f0466d0fba3ae320d52b],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Lamzap_RASAPI32, , [20e737f27723b185c80325d78c7745bb],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Lamzap_RASMANCS, , [67a039f03367b581a823c834ed163ec2],
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Lamzap.exe, , [8780b871fc9e092d9f2df20aac573fc1],
PUP.Optional.Linkury, HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [689fe14864360135f289d222798a8d73],

Registry Values: 7
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [8f78bc6d6337f0466d0fba3ae320d52b]
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}, , [49be59d04d4db87e031c46b147bc18e8]
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LAMZAP|ImagePath, C:\ProgramData\\Lamzap\\Lamzap.exe shuz -f "C:\ProgramData\\Lamzap\\Lamzap.dat" -l -a, , [bb4ce5445941e84e547aec109b68e21e]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFClickMeIn&co=US&userid=e5295532-cfef-2cfc-b916-e5ddde5765fe&searchtype=sc&installDate=27/07/2016&barcodeid=51107003&channelid=3&av=windows, , [8f78f633a7f34cea113748adaf548c74]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\ENVIRONMENT|SNF, C:\ProgramData\Lamzaps\snp.sc, , [13f4de4bd1c9cf67ed5ae90c2bd847b9]
PUP.Optional.Linkury, HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [689fe14864360135f289d222798a8d73]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPhuTaZ17vJ3frYn59HrL-X3ClkPrJO7VoWVZ3t7tPNQGvKjF72C367JmhiWsudzFrQPH9hVxOGkdTp9-MDd2zs5uzDEDtGzS4DPOk4v-3JEy6wXan7Zt58nF2gcyl6BCXVvhpGeBEWbGd1kxW9kLxWxpeyNCVXm3OpW9yl1gT&q={searchTerms}, , [7196d1584456d4621eff1dda9b685ea2]

Registry Data: 4
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Lamzap\Lotstock.dll, Good: (), Bad: (C:\ProgramData\Lamzap\Lotstock.dll),,[b354bd6cd7c387af2b83bafca75aed13]
PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\ProgramData\Lamzap\Vaialab.dll, Good: (), Bad: (C:\ProgramData\Lamzap\Vaialab.dll),,[fa0d13166139f640d3bca944946da35d]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),,[e62186a33763e353fed3f287d331916f]
PUP.Optional.Linkury, HKU\S-1-5-21-2712942507-1312882600-3786330889-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),,[bb4cc36605950b2be1ef7afff80cbd43]

Folders: 4
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar, , [b0576ebb1486ad894634b0441ae9718f],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\ondemand, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzaps, , [47c0aa7f1b7f8aac211c435a21e337c9],

Files: 32
PUP.Optional.Linkury, C:\ProgramData\Lamzap\Lotstock.dll, , [b354bd6cd7c387af2b83bafca75aed13],
Backdoor.Agent.PGen, C:\Users\Bud Parker\AppData\Roaming\Ronzafind\Ronzafind.exe, , [a067b9702e6c91a56333a1aa936e738d],
PUP.Optional.Linkury, C:\ProgramData\Lamzap\Vaialab.dll, , [fa0d13166139f640d3bca944946da35d],
PUP.Optional.Linkury, C:\ProgramData\Lamzap\Insoft.exe, , [cf38b673a0fab1859000fcf14db440c0],
PUP.Optional.Linkury, C:\ProgramData\Lamzap\Statquadkix.exe, , [ff083cedf2a8a5914baff694c33e7d83],
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\NewLam.ico, , [b0576ebb1486ad894634b0441ae9718f],
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\VoyaZaming.ico, , [b0576ebb1486ad894634b0441ae9718f],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Canlatcof.dat, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Ozergofan.bin, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\conf.config, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Config.xml, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Dongtam.dat, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Insoft.exe.config, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Isplus.bin, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Kayis.bin, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Lamzap.d.dat, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Lamzap.dat, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Lamzap.exe, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\md.xml, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Nam-Fax.dat, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\SailCore.exe, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\SailCore.exe.config, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Sangotip.bin, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Statquadkix.exe.config, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Stiming.bin, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Techhome.bin, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\uninstall.dat, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzap\Villacore.bin, , [f71081a83367ab8b83454ab200033cc4],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzaps\ff.HP, , [47c0aa7f1b7f8aac211c435a21e337c9],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzaps\ff.NT, , [47c0aa7f1b7f8aac211c435a21e337c9],
PUP.Optional.Linkury.ACMB1, C:\ProgramData\Lamzaps\snp.sc, , [47c0aa7f1b7f8aac211c435a21e337c9],
PUP.Optional.Linkury.ACMB1, C:\Users\Bud Parker\AppData\Roaming\Mozilla\Firefox\Profiles\kjqunreh.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwareb...storebrowser/),Bad: (user_pref("browser.startup.homepage", "C:\\ProgramData\\Lamzaps\\ff.HP), ,[c93ec762980293a30f1d00a0e71d5aa6]

Physical Sectors: 0
(No malicious items detected)


(end)


Top

 

US Army, Retired


#14 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 July 2016 - 05:13 AM

Good Morning,

 

Not to worry we willl remove this pest so its gone for good.

 

17:21:54.935    Service Toughstreet C:\Users\Bud Parker\AppData\Roaming\Toughstreet\Toughstreet.exe **INFECTED** Win32:Adware-gen [Adw]   <--- aswMBR found this, if you downloaded it via the torrents its most likely bad, almost 100% of programs downloaded via the torrents are infected.   I dont see it in your installed programs so not sure where it came from. None of the scans removed it. We can deal with this a bit later.

 

 

Look at your Malwarebytes log, it found a ton of files , folders and registry entries related to Lamzap, but its not showing they where removed 

 

These entries are not yours there from someone elses log, just showing it to you as an example, see the way its showing these entries as quarantined

 

PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [d8771a9c444610265bd9f3af73904ab6],

 

Run the program again
 
  •  
  • You can highlight one of the detections by left clicking on it.
  • Then, right click on the highlighted detection, and select 'Check All Items'.
  • Next, click 'Remove Selected'. That should remove them all

 

 
 
 
Once your sure all those entries have been Quarantined and Malwarebyes comes back clean then do this. 
 
Right click on FRST64 and select RUN AS ADMINISTRATOR, when it opens besure to put a checkmark in ADDITIONS , leave everything else as it, then click on SCAN and post both the new FRST64 and Additions logs please


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#15 Top

Top

    Authentic Member

  • Authentic Member
  • PipPip
  • 73 posts

Posted 28 July 2016 - 08:38 AM

I ran the MBAM again.  Lamzap & Lamzaps still there. . .

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/28/2016
Scan Time: 8:31 AM
Logfile: 57 quarantined MBAM 29Jul16.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.28.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bud Parker

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357970
Time Elapsed: 34 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

---------------------------------------------------

 

Also, Lamzap is loading in the address bar whenever I start a browser.

 

First, I can see this loading in the Address Bar:  file:///C:/programdata/lamzaps/ff.HP

(It only stays in the address bar for a fleeting second normally, but my system was v-e-r-y slow and I could copy it.)

Then this site loads in the address bar.
http://search.safefi...r.com/?st=hp&q=

This safefinder is affiliated with Yahoo, who is hurting financially and was just bought out by a cellular company.  Verizon, I think.


Top

 

US Army, Retired

Related Topics




Also tagged with one or more of these keywords: Malware, Virus, Lamzap

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users