1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help Removing: CouupScannero, SafeRwebe, DIIssCeountLLocaToor

Discussion in 'Virus & Other Malware Removal' started by leondela, Jan 26, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    ]Hello,

    Please help me to remove:
    1. CouupScannero,
    2. SafeRwebe,
    3. DIIssCeountLLocaToor
     

    Attached Files:

  2. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    these viruses are bogging my computer down. it's hard to check to see if anyone has responded. pls help me to remove these. thanks.
     
  3. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hello and welcome to TSG,

    Use the instructions in the following link to show hidden files:

    http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

    Next,

    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

    • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
    • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
    • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
    • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
    • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
    • Make sure that at least the first two check boxes are selected.

      [​IMG]
    • Click on OK
    • Then click on YES to create the folder.
    • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    Next,

    Any importand data, videos, music, pictures etc that you cannot afford to lose should be backed up if not already done. Go to the following link for basic help/instructions:

    https://forums.malwarebytes.org/index.php?/topic/136226-backup-software/

    Next,

    Run the following scans and post the produced logs:

    Step 1

    Download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

    Step 2

    Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

    • Quit all running programs.
    • For Windows XP, double-click to start.
    • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
    • Read and accept the EULA (End User Licene Agreement)
    • Click Scan to scan the system.
    • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
    • Post back the report which should also be located here:

    C:\Programdata\RogueKiller\Logs <-------- W7/8
    C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

    Thank you,

    Kevin...
     
  4. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    Step 2 in process. Please see attached. THanks.
     

    Attached Files:

  5. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    please see attached
     

    Attached Files:

  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
    NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

    Next,

    1.Download Malwarebytes Anti-Rootkit from this link:

    http://www.malwarebytes.org/products/mbar/

    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the update completes select Next.

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

    [​IMG]

    11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
    12. If no threats were found you will see the following image, Select Exit:

    [​IMG]

    13. Verify that your system is now running normally, making sure that the following items are functional:

    • Internet access
    • Windows Update
    • Windows Firewall

    14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

    15. Select "Y" from your Keyboard, tap Enter.

    16. The fix will be applied, select any key to Exit.

    17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    Thanks,

    Kevin...
     

    Attached Files:

  7. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    pls see attached
     

    Attached Files:

  8. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    sorry i didn't do this right. i should have posted the logs rather than attaching them. i'll post in subsequent threads.

    ------------------------------------------------------------------------------------------------------------------------------------------

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
    Ran by Delaune (administrator) on DLHII-2-HP on 27-01-2015 09:20:21
    Running from C:\Users\Delaune\Downloads
    Loaded Profiles: Delaune (Available profiles: Delaune)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    (TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\IHAMCNotify.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-21] (Realtek Semiconductor)
    HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [Facebook Update] => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-31] (Facebook Inc.)
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Delaune\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 3e05a546bd1f47d1931b4902a77b6259-3f3e6a21c03f97b98bf148621e2e377f0e1a6bab --CMPID 0913a
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [Google Update] => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-16] (Google Inc.)
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
    Startup: C:\Users\Delaune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KWLogon.vbs ()
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntreis.net/
    HKU\S-1-5-21-597734462-1468123911-3078696002-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://accounts.google.com/ServiceLogin?service=adwords
    http://www.resaas.com/leondelaune1
    SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
    SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {EBA74D51-3797-487F-AAF1-43EB43299CD5} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3245482
    SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm166^YYA^us&si=pd-angels&ptb=25A8FC95-0A42-42AD-A113-92787BF25C2F&ind=2013081411&n=77fd2f43&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
    SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
    SearchScopes: HKU\.DEFAULT -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    SearchScopes: HKU\.DEFAULT -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> DefaultScope {2D617979-F441-4C9C-9D8F-69D7C9BFE065} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {0C89231B-F6F9-4B8A-B446-6B4495397CC3} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {2D617979-F441-4C9C-9D8F-69D7C9BFE065} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Brwsr-v6IE&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {6EEA6CB7-AD21-4DB0-A9AD-BC377E046AA5} URL = http://www.youtube.com/results?search_query={searchTerms}
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {6F0C7BBC-9E63-4758-9E3A-243DECDF95A0} URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm166^YYA^us&si=pd-angels&ptb=25A8FC95-0A42-42AD-A113-92787BF25C2F&ind=2013081411&n=77fd2f43&psa=&st=sb&searchfor={searchTerms}
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://www.bing.com/search?FORM=UP74DF&PC=UP74&dt=100813&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
    SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO: COupSScaNner -> {e867ae55-2021-49ae-ac25-5a1ce491d712} -> C:\Program Files (x86)\COupSScaNner\vTmnoLx9DB4AA4.x64.dll ()
    BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Delaune\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Updater For Verizon Toolbar -> {96673559-e653-4cdc-8923-f89347a952c0} -> C:\Program Files (x86)\verizontb\auxi\verizonAu.dll (Visicom Media)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    BHO-x32: COupSScaNner -> {e867ae55-2021-49ae-ac25-5a1ce491d712} -> C:\Program Files (x86)\COupSScaNner\vTmnoLx9DB4AA4.dll ()
    BHO-x32: Verizon Toolbar -> {f8d96645-337c-419b-8792-b6c126145811} -> C:\Program Files (x86)\verizontb\verizonDx.dll ()
    Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKLM-x32 - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
    Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No File
    Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://app.nationalcreditors.com/W..._VLNz-glTChxTqRzQ_WD3fD0&t=634189554040000000
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll (Skype)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll (Skype)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Delaune\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Delaune\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-08]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-08]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "chrome://bookmarks/#2478", "https://us-mg6.mail.yahoo.com/neo/launch?.rand=1poodkvciqakr", "https://bay175.mail.live.com/", "hxxp://www.buysellhomesdallastx.com/adminlogin/", "hxxp://leondelaune.kwrealty.com/adminlogin/#/titles-and-descriptions/", "https://mail.google.com/mail/?shva=1&zx=pl2z6nd82q99#inbox", "https://secure.kw.com/sso/Login.do?ssoForwardUrl=http%3A%2F%2Fmykw.kw.com%2Fkwintranet%2FctPost.jsp%3Fpid%3D308%26id%3D264&ssoAuthenticator=KWIntranet"
    CHR DefaultSearchKeyword: Default -> bing.com
    CHR DefaultSearchURL: Default -> https://www.bing.com/search?setmkt=en-US&q={searchTerms}
    CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
    CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
    CHR Profile: C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Yahoo Web) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-01-24]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (SafeRwebe) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgohjgpmnghlpkjblbhibfdhhjbdfmhn [2015-01-25]
    CHR Extension: (Skype Click to Call) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-11]
    CHR Extension: (Connect DLC 5) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2014-05-02]
    CHR Extension: (Google Wallet) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
    CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Delaune\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-16]
    CHR HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
    CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Delaune\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-16]
    CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
    StartMenuInternet: Google Chrome.GMYSVP62H37BEX6G4IDR2EDLOU - C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 3c2d81f8; c:\Program Files (x86)\CutterInstance\CutterInstance.dll [2094080 2015-01-25] () [File not signed]
    R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X]
    S2 Update Solution Real; "C:\Program Files (x86)\Solution Real\updateSolutionReal.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
    R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
    S1 hlnfd; system32\drivers\hlnfd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-27 09:20 - 2015-01-27 09:21 - 00028128 _____ () C:\Users\Delaune\Downloads\FRST.txt
    2015-01-27 09:19 - 2015-01-27 09:20 - 00000000 ____D () C:\FRST
    2015-01-27 09:18 - 2015-01-27 09:19 - 02129920 _____ (Farbar) C:\Users\Delaune\Downloads\FRST64.exe
    2015-01-27 09:16 - 2015-01-27 09:17 - 00000000 ____D () C:\Users\Delaune\Desktop\tECHgUY-15-0127
    2015-01-27 09:10 - 2015-01-27 09:10 - 00000000 ____D () C:\Windows\ERDNT
    2015-01-27 09:05 - 2015-01-27 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    2015-01-27 09:05 - 2015-01-27 09:05 - 00000000 ____D () C:\Program Files (x86)\ERUNT
    2015-01-27 09:03 - 2015-01-27 09:03 - 00791393 _____ (Lars Hederer ) C:\Users\Delaune\Downloads\erunt-setup (1).exe
    2015-01-27 08:52 - 2015-01-27 08:53 - 00791393 _____ (Lars Hederer ) C:\Users\Delaune\Downloads\erunt-setup.exe
    2015-01-26 22:00 - 2015-01-26 22:00 - 00978333 _____ () C:\Users\Delaune\Downloads\TX085_10C_1 (1).tif
    2015-01-26 21:56 - 2015-01-26 21:56 - 00978333 _____ () C:\Users\Delaune\Downloads\TX085_10C_1.tif
    2015-01-26 08:46 - 2015-01-26 08:47 - 00594984 _____ () C:\Users\Delaune\Downloads\Java (1).exe
    2015-01-25 14:38 - 2015-01-26 11:22 - 00000000 ____D () C:\ProgramData\d29bfb0af1214b0
    2015-01-25 14:36 - 2015-01-25 14:37 - 00594976 _____ () C:\Users\Delaune\Downloads\Java.exe
    2015-01-25 14:14 - 2015-01-25 14:14 - 00000000 ____D () C:\Program Files (x86)\SafeRwebe
    2015-01-25 14:13 - 2015-01-25 14:40 - 00000000 ____D () C:\Program Files (x86)\tperfeCtcOupOn
    2015-01-25 14:13 - 2015-01-25 14:13 - 00000000 ____D () C:\Program Files (x86)\IMG inspector
    2015-01-25 14:13 - 2015-01-25 14:13 - 00000000 ____D () C:\Program Files (x86)\DIIssCeountLLocaToor
    2015-01-25 14:13 - 2015-01-25 14:13 - 00000000 ____D () C:\Program Files (x86)\CouupScannero
    2015-01-25 14:11 - 2015-01-25 14:14 - 00000000 ____D () C:\ProgramData\948499962110547120
    2015-01-25 14:11 - 2015-01-25 14:11 - 00000000 ____D () C:\Program Files (x86)\COupSScaNner
    2015-01-25 13:50 - 2015-01-25 13:50 - 00000000 ____D () C:\Program Files (x86)\CutterInstance
    2015-01-24 15:25 - 2015-01-24 15:25 - 00000146 _____ () C:\Users\Delaune\Desktop\Internet Options - Shortcut.lnk
    2015-01-24 15:17 - 2015-01-24 15:17 - 00767504 _____ (%VENDOR%) C:\Users\Delaune\Downloads\MediaPlayerSetup.exe
    2015-01-23 16:09 - 2015-01-23 16:09 - 00726104 _____ () C:\Users\Delaune\Downloads\01 (6).wmv
    2015-01-23 16:01 - 2015-01-23 16:02 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (10).wmv
    2015-01-23 15:59 - 2015-01-23 16:00 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (8).wmv
    2015-01-23 15:53 - 2015-01-23 15:54 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (7).wmv
    2015-01-23 15:53 - 2015-01-23 15:53 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (6).wmv
    2015-01-23 15:52 - 2015-01-23 15:52 - 00732754 _____ () C:\Users\Delaune\Downloads\05 (5).wmv
    2015-01-23 15:51 - 2015-01-23 15:51 - 00746046 _____ () C:\Users\Delaune\Downloads\04 (6).wmv
    2015-01-23 15:50 - 2015-01-23 15:51 - 00752704 _____ () C:\Users\Delaune\Downloads\02 (4).wmv
    2015-01-23 15:50 - 2015-01-23 15:51 - 00732754 _____ () C:\Users\Delaune\Downloads\03 (3).wmv
    2015-01-23 15:50 - 2015-01-23 15:50 - 00752704 _____ () C:\Users\Delaune\Downloads\02 (3).wmv
    2015-01-23 15:49 - 2015-01-23 15:49 - 00766004 _____ () C:\Users\Delaune\Downloads\01 (5).wmv
    2015-01-23 15:49 - 2015-01-23 15:49 - 00732754 _____ () C:\Users\Delaune\Downloads\05 (4).wmv
    2015-01-23 15:49 - 2015-01-23 15:49 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (5).wmv
    2015-01-23 15:44 - 2015-01-23 15:49 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (4).wmv
    2015-01-23 15:44 - 2015-01-23 15:45 - 00746046 _____ () C:\Users\Delaune\Downloads\04 (5).wmv
    2015-01-23 15:44 - 2015-01-23 15:45 - 00732754 _____ () C:\Users\Delaune\Downloads\05 (3).wmv
    2015-01-23 15:43 - 2015-01-23 15:44 - 00766004 _____ () C:\Users\Delaune\Downloads\01 (4).wmv
    2015-01-23 15:00 - 2015-01-23 15:00 - 00819770 _____ () C:\Users\Delaune\Downloads\33474_1.wmv
    2015-01-23 15:00 - 2015-01-23 15:00 - 00756242 _____ () C:\Users\Delaune\Downloads\33474_2.wmv
    2015-01-23 15:00 - 2015-01-23 15:00 - 00738914 _____ () C:\Users\Delaune\Downloads\33474_3.wmv
    2015-01-23 15:00 - 2015-01-23 15:00 - 00710034 _____ () C:\Users\Delaune\Downloads\33474_5.wmv
    2015-01-23 15:00 - 2015-01-23 15:00 - 00707138 _____ () C:\Users\Delaune\Downloads\33474_6.wmv
    2015-01-23 15:00 - 2015-01-23 15:00 - 00660930 _____ () C:\Users\Delaune\Downloads\33474_4.wmv
    2015-01-23 14:54 - 2015-01-23 14:54 - 00717798 _____ () C:\Users\Delaune\Downloads\04 (4).wmv
    2015-01-23 14:54 - 2015-01-23 14:54 - 00711148 _____ () C:\Users\Delaune\Downloads\06 (3).wmv
    2015-01-23 14:54 - 2015-01-23 14:54 - 00711148 _____ () C:\Users\Delaune\Downloads\05 (2).wmv
    2015-01-23 14:54 - 2015-01-23 14:54 - 00704498 _____ () C:\Users\Delaune\Downloads\03 (2).wmv
    2015-01-23 14:54 - 2015-01-23 14:54 - 00704498 _____ () C:\Users\Delaune\Downloads\02 (2).wmv
    2015-01-23 14:54 - 2015-01-23 14:54 - 00704498 _____ () C:\Users\Delaune\Downloads\01 (3).wmv
    2015-01-23 14:53 - 2015-01-23 14:53 - 00757698 _____ () C:\Users\Delaune\Downloads\04 (2).wmv
    2015-01-23 14:53 - 2015-01-23 14:53 - 00711148 _____ () C:\Users\Delaune\Downloads\04 (3).wmv
    2015-01-23 14:52 - 2015-01-23 14:52 - 00704498 _____ () C:\Users\Delaune\Downloads\06 (2).wmv
    2015-01-23 14:51 - 2015-01-23 14:51 - 00853572 _____ () C:\Users\Delaune\Downloads\06 (1).wmv
    2015-01-23 14:51 - 2015-01-23 14:51 - 00845672 _____ () C:\Users\Delaune\Downloads\05 (1).wmv
    2015-01-23 14:50 - 2015-01-23 14:50 - 00900972 _____ () C:\Users\Delaune\Downloads\02 (1).wmv
    2015-01-23 14:50 - 2015-01-23 14:50 - 00900972 _____ () C:\Users\Delaune\Downloads\01 (2).wmv
    2015-01-23 14:50 - 2015-01-23 14:50 - 00885164 _____ () C:\Users\Delaune\Downloads\03 (1).wmv
    2015-01-23 14:50 - 2015-01-23 14:50 - 00829864 _____ () C:\Users\Delaune\Downloads\04 (1).wmv
    2015-01-23 14:48 - 2015-01-23 14:48 - 01427663 _____ () C:\Users\Delaune\Downloads\002.wmv
    2015-01-23 14:48 - 2015-01-23 14:48 - 01419671 _____ () C:\Users\Delaune\Downloads\004.wmv
    2015-01-23 14:48 - 2015-01-23 14:48 - 01419671 _____ () C:\Users\Delaune\Downloads\003.wmv
    2015-01-23 14:48 - 2015-01-23 14:48 - 01419655 _____ () C:\Users\Delaune\Downloads\001.wmv
    2015-01-23 14:44 - 2015-01-23 14:44 - 00956272 _____ () C:\Users\Delaune\Downloads\02.wmv
    2015-01-23 14:44 - 2015-01-23 14:44 - 00940472 _____ () C:\Users\Delaune\Downloads\06.wmv
    2015-01-23 14:44 - 2015-01-23 14:44 - 00900972 _____ () C:\Users\Delaune\Downloads\05.wmv
    2015-01-23 14:44 - 2015-01-23 14:44 - 00900972 _____ () C:\Users\Delaune\Downloads\03.wmv
    2015-01-23 14:44 - 2015-01-23 14:44 - 00877272 _____ () C:\Users\Delaune\Downloads\04.wmv
    2015-01-23 14:36 - 2015-01-23 14:42 - 00948364 _____ () C:\Users\Delaune\Downloads\01 (1).wmv
    2015-01-23 14:36 - 2015-01-23 14:38 - 00948364 _____ () C:\Users\Delaune\Downloads\01.wmv
    2015-01-22 13:32 - 2015-01-22 13:32 - 00007644 _____ () C:\Users\Delaune\Desktop\BILLS_TO_PAY.xlsx - Shortcut.lnk
    2015-01-14 21:33 - 2015-01-24 18:33 - 03539632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2015-01-14 13:44 - 2015-01-26 18:06 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDelaune
    2015-01-14 13:44 - 2015-01-26 18:06 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDelaune.job
    2015-01-14 02:13 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 02:13 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 02:13 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 02:13 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 02:13 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 02:13 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 02:13 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 02:13 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 02:13 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 02:13 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 02:13 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 02:13 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 02:13 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-13 10:08 - 2015-01-13 10:08 - 00156542 _____ () C:\Users\Delaune\Downloads\Certificates.zip
    2015-01-09 12:28 - 2015-01-09 12:28 - 00000000 ____D () C:\Users\Delaune\Downloads\TX-1319_Falcon-75051-636185-Closed
    2015-01-07 06:57 - 2015-01-07 06:57 - 00307182 _____ () C:\Users\Delaune\Downloads\Attachments_201517.zip
    2015-01-04 14:50 - 2015-01-04 14:50 - 00011146 _____ () C:\Users\Delaune\Downloads\2014 owed to personal.xlsx
    2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014.TXT
    2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014 (3).TXT
    2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014 (2).TXT
    2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014 (1).TXT
    2015-01-03 21:17 - 2015-01-03 21:17 - 00001766 _____ () C:\Users\Delaune\Downloads\real estate profit & loss jan - nov 2014.TXT
    2015-01-03 21:07 - 2015-01-03 21:07 - 00000000 ____D () C:\ProgramData\1887373585
    2015-01-03 20:58 - 2015-01-03 20:59 - 00003248 _____ () C:\Windows\System32\Tasks\Digital Sites
    2015-01-03 20:58 - 2015-01-03 20:59 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
    2015-01-03 20:58 - 2015-01-03 20:58 - 00000000 ____D () C:\Users\Delaune\AppData\Roaming\DigitalSites
    2015-01-03 20:46 - 2015-01-03 20:49 - 00798080 _____ ( ) C:\Users\Delaune\Downloads\FileOpenerSetup (1).exe
    2015-01-03 20:46 - 2015-01-03 20:47 - 00798080 _____ ( ) C:\Users\Delaune\Downloads\FileOpenerSetup.exe
    2015-01-03 20:04 - 2015-01-03 20:04 - 35274752 _____ () C:\Users\Delaune\Downloads\D&L Home Inspection (Backup Jan 03,2015 06 28 PM) (1).QBB
    2015-01-03 20:03 - 2015-01-03 20:03 - 35274752 _____ () C:\Users\Delaune\Downloads\D&L Home Inspection (Backup Jan 03,2015 06 28 PM).QBB
    2014-12-31 18:38 - 2014-12-31 18:38 - 00413818 _____ () C:\Users\Delaune\Downloads\Attachments_20141231 (1).zip
    2014-12-31 18:08 - 2014-12-31 18:08 - 00065421 _____ () C:\Users\Delaune\Downloads\Attachments_20141231.zip
    2014-12-30 20:45 - 2014-12-30 20:45 - 00788406 _____ () C:\Users\Delaune\Downloads\E&O Insurance (2).zip
    2014-12-30 20:44 - 2014-12-30 20:45 - 00788406 _____ () C:\Users\Delaune\Downloads\E&O Insurance (1).zip
    2014-12-30 20:44 - 2014-12-30 20:44 - 00788406 _____ () C:\Users\Delaune\Downloads\E&O Insurance.zip
    2014-12-30 20:32 - 2014-12-30 20:32 - 00000000 ____D () C:\Program Files\Verizon

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-27 09:19 - 2010-12-01 02:38 - 02044035 _____ () C:\Windows\WindowsUpdate.log
    2015-01-27 08:59 - 2013-11-17 19:39 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
    2015-01-27 08:57 - 2012-06-16 11:47 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job
    2015-01-27 08:33 - 2014-05-08 20:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-01-27 08:28 - 2014-02-08 14:49 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002.job
    2015-01-27 07:50 - 2012-07-31 00:45 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job
    2015-01-27 07:09 - 2013-11-17 10:54 - 00000348 _____ () C:\Windows\Tasks\bench-sys.job
    2015-01-27 01:50 - 2012-07-31 00:45 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job
    2015-01-26 22:57 - 2012-06-16 11:47 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job
    2015-01-26 21:24 - 2011-04-02 09:53 - 00000000 ____D () C:\Users\Delaune\AppData\Local\CrashDumps
    2015-01-26 11:42 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-26 11:42 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-26 09:55 - 2013-08-07 14:55 - 00000000 ___RD () C:\Users\Delaune\Desktop\LeonsDropBox
    2015-01-26 09:31 - 2011-05-08 21:16 - 00000000 ____D () C:\Users\Public\Documents\Personal
    2015-01-26 09:21 - 2009-07-13 23:13 - 00801092 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-26 08:04 - 2014-03-02 01:00 - 00037576 _____ () C:\Windows\setupact.log
    2015-01-24 18:33 - 2014-05-08 20:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-24 18:33 - 2014-05-08 20:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-01-24 18:33 - 2014-05-08 20:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-01-24 13:11 - 2014-02-08 14:49 - 00003608 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002
    2015-01-23 08:03 - 2014-11-11 22:25 - 00002376 _____ () C:\Users\Delaune\Desktop\Google Chrome.lnk
    2015-01-22 19:39 - 2011-03-28 10:00 - 00000000 ____D () C:\Users\Delaune
    2015-01-22 17:46 - 2011-07-10 10:49 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
    2015-01-22 17:45 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-22 12:59 - 2011-04-11 15:22 - 00000059 _____ () C:\Windows\wpd99.drv
    2015-01-22 12:59 - 2011-04-11 15:22 - 00000000 ____D () C:\ProgramData\pdf995
    2015-01-20 11:49 - 2011-10-12 15:49 - 00000000 ____D () C:\Users\Delaune\AppData\Roaming\ZoomBrowser EX
    2015-01-14 13:32 - 2011-11-16 10:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2015-01-14 13:32 - 2011-03-30 16:16 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
    2015-01-10 19:21 - 2011-04-06 15:58 - 00038686 _____ () C:\Users\Delaune\Desktop\rpt changes.txt
    2015-01-03 21:12 - 2012-03-23 08:54 - 00000000 ____D () C:\Program Files\Google
    2015-01-03 21:12 - 2012-03-23 08:53 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-03 21:12 - 2011-03-29 05:55 - 00494044 _____ () C:\Windows\PFRO.log
    2015-01-03 21:03 - 2012-03-23 08:53 - 00000000 ____D () C:\Users\Delaune\AppData\Local\Google
    2015-01-03 21:03 - 2012-03-23 08:53 - 00000000 ____D () C:\ProgramData\Google
    2015-01-03 09:36 - 2014-08-21 11:48 - 00000000 ____D () C:\Users\Delaune\AppData\Local\Adobe
    2014-12-31 05:14 - 2011-05-30 15:44 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2011-05-18 20:11 - 2011-06-01 20:29 - 0001854 _____ () C:\Users\Delaune\AppData\Roaming\GhostObjGAFix.xml
    2011-10-26 09:27 - 2014-06-30 21:57 - 0007168 _____ () C:\Users\Delaune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-12-20 11:32 - 2014-12-20 11:32 - 0009662 _____ () C:\Users\Delaune\AppData\Local\MessageCenter.ico
    2014-12-20 11:32 - 2014-12-20 11:32 - 0009662 _____ () C:\Users\Delaune\AppData\Local\MyVerizon.ico
    2012-01-27 13:33 - 2014-11-16 10:14 - 0007614 _____ () C:\Users\Delaune\AppData\Local\Resmon.ResmonCfg
    2014-12-20 11:31 - 2014-12-20 11:31 - 0103749 _____ () C:\Users\Delaune\AppData\Local\VZWifiIcon.ico
    2013-08-22 20:32 - 2013-08-22 20:31 - 5401808 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
    2010-12-01 02:49 - 2010-12-01 02:49 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    2010-10-16 13:30 - 2010-10-16 13:31 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    2010-12-01 02:49 - 2010-12-01 02:49 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    2010-10-16 13:24 - 2010-10-16 13:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    2010-12-01 02:48 - 2010-12-01 02:48 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    2010-12-01 02:49 - 2010-12-01 02:49 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    2010-10-16 13:23 - 2010-10-16 13:23 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2010-10-16 13:25 - 2010-10-16 13:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    2010-10-16 13:31 - 2010-12-01 02:49 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    Files to move or delete:
    ====================
    C:\ProgramData\pclunst.exe
    C:\Users\Delaune\MetricCollection.dll


    Some content of TEMP:
    ====================
    C:\Users\Delaune\AppData\Local\Temp\goylk6wk.dll
    C:\Users\Delaune\AppData\Local\Temp\ICReinstall_MediaPlayerSetup.exe
    C:\Users\Delaune\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Delaune\AppData\Local\Temp\optprosetup.exe
    C:\Users\Delaune\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-14 00:23

    ==================== End Of Log ============================
     
  9. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
    Ran by Delaune at 2015-01-27 09:23:04
    Running from C:\Users\Delaune\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7 Wonders: Magical Mystery Tour (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
    Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
    Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
    Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG PC Tuneup 2011 (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.24 - AVG)
    Bejeweled (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Blio (HKLM-x32\...\{8D3903E2-4B1B-4A69-B8F6-A3D1BE075BDB}) (Version: 2.2.6484 - K-NFB Reading Technology, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.1.0.2 - Canon Inc.)
    CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
    Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
    Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
    Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.1.0.2 - Canon Inc.)
    Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA3100ISandPSA3000IS) (Version: 1.0.0.2 - Canon Inc.)
    Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
    Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
    Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
    Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
    Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
    Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
    Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
    Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
    CouupScannero (HKLM-x32\...\{80E8B0A0-117D-1402-7CDE-688156237115}) (Version: - CoupScanner) <==== ATTENTION
    CutterInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3c2d81f8}) (Version: - Software Publisher) <==== ATTENTION
    CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3320 - CyberLink Corp.)
    CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1920 - CyberLink Corp.)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4604 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Detective Agency (x32 Version: 2.2.0.97 - WildTangent) Hidden
    DIIssCeountLLocaToor (HKLM-x32\...\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}) (Version: - DiscountLocator) <==== ATTENTION
    Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
    EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
    ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
    Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
    FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Google Chrome (HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
    GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
    Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP Documentation (HKLM-x32\...\{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}) (Version: 1.1.2.1 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)
    HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
    HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
    HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    IHA_MessageCenter (HKLM-x32\...\{C3300989-DAF5-4F3A-81FF-404729267C0B}) (Version: 2.0.63 - Verizon)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
    Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
    Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    KONICA MINOLTA C754Series(PS_PCL_FAX) (HKLM\...\KONICA MINOLTA C754Series Installer(PS_PCL_FAX)) (Version: - KONICA MINOLTA)
    LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
    LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
    LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
    MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
    MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
    MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
    PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
    Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
    PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version: - )
    Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
    PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
    Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
    Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
    PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
    PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.13.0 - Ralink)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
    Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
    RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
    RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
    SafeRwebe (HKLM-x32\...\{5F488658-35A7-2AB8-A756-560BA8F103C3}) (Version: - "")
    Signature995 (HKLM-x32\...\Signature995) (Version: - )
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
    Skype Web Plugin (HKLM-x32\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
    Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
    SlimCleaner (HKLM-x32\...\{D0E2AD1D-07B7-491C-8877-171A03680AE0}) (Version: 4.0.29702 - SlimWare Utilities, Inc.)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Verizon Toolbar (HKLM-x32\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)
    Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.68.0 - Verizon)
    VzDownloadManager (HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
    Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.425 - PHILIPS)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.5.36 - WildTangent) Hidden
    Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    zipForm6 (HKLM-x32\...\zipForm6) (Version: 1.0.0.0 - )
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Delaune\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Citrix\GoToMeeting\1960\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

    ==================== Restore Points =========================

    05-01-2015 21:29:47 Windows Update
    09-01-2015 09:37:31 Windows Update
    13-01-2015 07:00:00 Windows Update
    14-01-2015 03:00:17 Windows Update
    18-01-2015 12:42:26 Windows Update
    21-01-2015 14:57:17 Windows Update
    24-01-2015 18:02:50 Windows Update
    26-01-2015 09:44:38 Windows Backup
    26-01-2015 13:18:20 Windows Backup
    26-01-2015 21:32:42 Windows Backup

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00EB0277-A81E-45E6-AB3F-06E90EF0EC34} - System32\Tasks\{54A74F0E-B57A-4832-8B37-F2290C83A01F} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {01473C89-0880-4848-8B0E-6C7A96CEADDF} - System32\Tasks\{49C5FC09-FDE9-4398-BFFE-166E5EA20C10} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVNPHBS4\setup-free[1].exe" -d C:\Users\Delaune\Desktop
    Task: {07119EBD-AF4C-4865-85EA-A0B247C8BD4E} - System32\Tasks\Digital Sites => C:\Users\Delaune\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {0B0066A8-426C-4101-B51B-F5674B6FE512} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-05-22] (SlimWare Utilities, Inc.)
    Task: {0BB5D7F1-171E-401B-831E-921A7C9C3170} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {0F03BAD9-3CE4-4D0E-8F16-C3DF4AB93EE6} - System32\Tasks\{EB9B9F8E-688E-4E43-8506-DB88FEAB8A6E} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {16435809-DAE1-46D4-A7CD-1A9601D52F15} - System32\Tasks\{603FF5FA-9B0D-4388-90D7-4D8277C99F32} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {1A709A38-06F6-4DE0-BC57-ACB3B70FDC95} - System32\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002 => C:\Users\Delaune\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-24] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {1B5CF90C-EDC4-4DA8-BD63-2ECC965907C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {254AC929-7184-4E1B-8EFA-F5E0BD0CFF7D} - System32\Tasks\{E16B5618-927B-4878-AFAA-716B819BB22A} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {2E373047-D34B-495C-895A-13121543F267} - System32\Tasks\HPCeeScheduleForDelaune => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {2E38A2A1-89DB-4349-98B4-06A1CD81C631} - System32\Tasks\{DAACBE85-217C-4ED9-AC87-03714D7F3425} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {361E39B3-EA2B-42EC-8DE9-765D5790B433} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
    Task: {38487F4E-091D-4001-9451-08F2A9E27BE4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
    Task: {386B5FD7-77F7-4EB7-B9A2-DA58E4E54A0A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-31] (Facebook Inc.)
    Task: {4FB12AAA-A254-4DA7-A346-9ABD18F757C2} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
    Task: {529C0E69-BFA5-4098-99AC-46D72B8DFA96} - System32\Tasks\{8E79DF47-C67D-4A1B-BF4D-1494A84E94B8} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {5420C49A-A01D-4B8D-9996-012B5FDC4927} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
    Task: {5A1A4C1F-47A2-426C-90F1-5E51157CB3C5} - System32\Tasks\{21108726-E3BA-4D76-B414-7CDEB831ADD6} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {622EFFFA-A2B5-42F2-A286-7AFC66BD2047} - System32\Tasks\{C4D05E04-A11F-405B-8089-475A738BF445} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZM7OIHS\epson13457[1].exe" -d C:\Users\Delaune\Desktop
    Task: {64B52EFB-62CD-4593-95D5-F5836B200CEF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
    Task: {6850E023-237F-4733-A0C6-FDA1983891F4} - System32\Tasks\{EC2EB830-BFDA-4E11-9D76-884ACE9F9AAF} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1618
    Task: {6D0F3E63-5336-4B34-88E8-EF0D943EC91B} - System32\Tasks\{0B303615-BF7F-4360-9008-1452F0B05C47} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {71AEB17D-9022-4D7E-B5F9-A65FEF24A610} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {7853DC0E-025D-4650-B6AF-9D8B026D0548} - System32\Tasks\{734D881C-C722-4845-BFE7-6E4A19A5FB11} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {7A94263C-324F-41AC-99BC-C3F096550F9B} - System32\Tasks\{C25D9FF4-E9C0-4C38-915F-05EDC2CFED54} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {7C803129-F5AF-43B5-A3E7-314AD420046C} - System32\Tasks\{AD35177D-75A7-456D-A9C2-10C9F16560C7} => pcalua.exe -a "C:\Program Files (x86)\ZipLogix\zipForm6\zipForm6.exe" -d "C:\Program Files (x86)\ZipLogix\zipForm6\"
    Task: {7DA76C04-131E-42DA-840A-CF57FDF82D01} - System32\Tasks\{5C96CD67-C0AF-4416-A040-287A787CD969} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG9MWTF0\epson12586[1].exe" -d C:\Users\Delaune\Desktop
    Task: {82703718-ED13-40B3-9D89-D008711B0C2C} - System32\Tasks\{6E89FE3D-4D4D-4B25-8122-8B5FC6CCC3AE} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {82A7FCD1-F969-4305-9002-F260F8F4BB89} - System32\Tasks\{9631C106-71E9-4D73-AA0F-BDFC41A0D05B} => pcalua.exe -a C:\Users\Delaune\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
    Task: {87D0152B-E813-4D71-9FE2-9A35D5480662} - System32\Tasks\{9D1DD381-D8C1-4B76-A219-A33AD2F4E9EC} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {8A01D00A-1C6A-4C62-8188-BA2F83B75951} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {8FE03CCF-DC59-4DBC-9F17-DD11645D117F} - System32\Tasks\{4CA1DD07-68EE-41DC-AABE-D46848C1A856} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {8FE3C093-718B-4DB6-9AB3-2E3A0F4E3879} - System32\Tasks\{8BA9311D-15E8-4424-9D78-D5EB4620079D} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {954636DF-C733-4563-B4A9-20B544F30DC2} - System32\Tasks\{1D0E477F-99A9-4369-BFBF-4D6AEFD8FED9} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {9B91B168-85A6-4A88-8047-696F5F450826} - System32\Tasks\{54C94340-C620-4DC9-9785-2EF5D8C669DD} => Chrome.exe http://ui.skype.com/ui/0/6.0.59.126/en/abandoninstall?page=tsProgressBar
    Task: {9EB92DD4-0534-49E6-8B7B-03DDB43ADB22} - System32\Tasks\{50514FF4-98F8-4A86-9B4D-B3DA89532609} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {A3733BB9-3F1D-46AE-BB69-3ED0C7AD1248} - System32\Tasks\{E0F61F55-35CF-45C7-A94A-7B2DA040BAC4} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVNPHBS4\ps2pdf995[1].exe" -d C:\Users\Delaune\Desktop
    Task: {A62D8F3D-DD75-483F-B8F7-209C04FAA11D} - System32\Tasks\{B8AC1B96-561D-4313-A9AB-EF0AF85D0F10} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {A6BF40A4-6F84-448C-AD18-7F25941EEC9A} - System32\Tasks\{5282C112-4760-4B1F-9D8F-2815F17B8F67} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1618
    Task: {A895D4ED-2F12-41B0-97EB-4F03ECCB218F} - System32\Tasks\{3153CA5A-0ABB-47E0-B202-AC4721AD208F} => pcalua.exe -a C:\Users\Delaune\Downloads\QuickTimeInstaller.exe -d C:\Users\Delaune\Downloads
    Task: {AB8D2A76-0294-4199-9D6A-A730018B26E4} - System32\Tasks\{4CBF9714-D842-49DA-97B3-BF0744E14639} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZM7OIHS\epson13458[1].exe" -d C:\Users\Delaune\Desktop
    Task: {BA0AE3B4-4457-4944-A5E4-6CC364AA336A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    Task: {BE304359-6897-4877-8157-D7B6810AEC43} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\Updater.exe [2013-10-25] () <==== ATTENTION
    Task: {BE4229E9-2778-415D-8814-86877A2D2127} - System32\Tasks\{CDB5C323-5E30-4934-AF3E-F482C722D988} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {BF1198F6-5551-4DFE-BA81-8329B6655C9D} - System32\Tasks\{324673D4-3F9E-425C-9E69-5527E6DA4A59} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {C37D9B47-2E3C-4603-BD3B-1380036926FA} - System32\Tasks\{CCF867E7-3AB5-41BF-A2DC-A47FAB237D53} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {C466A57F-3D1E-437F-803C-55056A10F071} - System32\Tasks\{C9A88E95-C961-47CE-8585-8851BA5101A6} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {CF1B8669-90E7-4822-8E07-09E1E887AD8D} - System32\Tasks\{9902B073-F56D-48DE-9A8C-9C6711DFFD28} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {D1738E0C-906D-460F-AFD6-FDAB0F07F6C4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-31] (Facebook Inc.)
    Task: {D5E037D1-AA64-48CF-AB42-378DA0B460FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D72EE4CE-9173-4FD8-9CA4-0E75171AC0D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {DBAE4812-0BDA-45C2-B818-01379843DA97} - System32\Tasks\{10D81279-F7CA-47B8-8741-1E3C0536DCE3} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {DDB9DD8D-FD56-4912-9F76-44270C68A4E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN47GC42DB => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
    Task: {DDEE52D7-A8E9-44A6-83FE-8262952A47CB} - System32\Tasks\{7DFD85C0-5AB1-483A-B443-5269281F0E3A} => Chrome.exe http://ui.skype.com/ui/0/6.0.59.126/en/abandoninstall?page=tsProgressBar
    Task: {E2855F11-166C-407D-98E2-51FBFAC91624} - System32\Tasks\{E8049217-1D2F-4F00-A3FE-D1E261016B4D} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {E4CE46E9-7ACC-4296-A71C-1CC7FB78AB5D} - System32\Tasks\{7338125C-BF59-4565-8CE9-6F158A91094E} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {E5C893F9-577E-43B3-9A7C-550550077321} - System32\Tasks\{0B5C1E36-2817-4BB7-B76D-25418361A9F4} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {F0F2FF9A-D595-404B-9E0D-BD816B55F53E} - System32\Tasks\{0E0871E9-340D-41F4-9892-D9DC125BAF9A} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {F422EB5D-EC1F-4CBB-8750-AA28F96A2B63} - System32\Tasks\bench-Updater removing
    Task: {F922C0CE-7CA1-4792-A3B0-DB50C5EE2850} - System32\Tasks\{6872C24E-364F-4F0B-BAF8-68E66B6D3CC7} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {FC834F89-6BE0-4C0A-8062-501F0DBE1561} - System32\Tasks\{4F30DFFD-E660-4DDF-89B6-C65A2B89B194} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: {FDE287D0-B0BD-4765-BEFD-1EF72EAD6CB5} - System32\Tasks\{6CC276D4-0682-449F-ABAE-E8E6C7EB99C0} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\Updater.exe <==== ATTENTION
    Task: C:\Windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION
    Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Delaune\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002.job => C:\Users\Delaune\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForDelaune.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-04-11 15:22 - 2006-10-19 20:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
    2010-07-21 15:33 - 2010-07-21 15:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
    2010-07-21 15:33 - 2010-07-21 15:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
    2010-07-21 15:33 - 2010-07-21 15:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-08-16 15:21 - 2010-08-16 15:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-08-16 15:21 - 2010-08-16 15:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-08-16 15:21 - 2010-08-16 15:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2014-10-03 06:04 - 2014-10-03 06:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
    2014-10-03 06:04 - 2014-10-03 06:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
    2014-10-03 06:04 - 2014-10-03 06:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
    2015-01-23 08:03 - 2015-01-20 21:50 - 01117512 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
    2015-01-23 08:02 - 2015-01-20 21:50 - 00211272 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\libegl.dll
    2015-01-23 08:03 - 2015-01-20 21:50 - 09171272 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll
    2015-01-23 08:03 - 2015-01-20 21:50 - 14913352 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
    AlternateDataStreams: C:\ProgramData\Temp:373E1720

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: SkypeUpdate => 2
    MSCONFIG\Services: YahooAUService => 2
    MSCONFIG\startupreg: Google Update => "C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\Delaune\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3e05a546bd1f47d1931b4902a77b6259-3f3e6a21c03f97b98bf148621e2e377f0e1a6bab --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-597734462-1468123911-3078696002-500 - Administrator - Disabled)
    Delaune (S-1-5-21-597734462-1468123911-3078696002-1002 - Administrator - Enabled) => C:\Users\Delaune
    Guest (S-1-5-21-597734462-1468123911-3078696002-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-597734462-1468123911-3078696002-1014 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: hlnfd
    Description: hlnfd
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: hlnfd
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/27/2015 08:59:00 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
    Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
    Exception code: 0xc0000005
    Fault offset: 0x00000000000027de
    Faulting process id: 0x3100
    Faulting application start time: 0xtaskeng.exe0
    Faulting application path: taskeng.exe1
    Faulting module path: taskeng.exe2
    Report Id: taskeng.exe3

    Error: (01/27/2015 06:07:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: 436: ERROR: read_msg errno 0 (The operation completed successfully.)

    Error: (01/27/2015 06:07:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: mDNSPlatformReadTCP - recv: 10053

    Error: (01/27/2015 04:59:00 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
    Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
    Exception code: 0xc0000005
    Fault offset: 0x00000000000027de
    Faulting process id: 0x2198
    Faulting application start time: 0xtaskeng.exe0
    Faulting application path: taskeng.exe1
    Faulting module path: taskeng.exe2
    Report Id: taskeng.exe3

    Error: (01/27/2015 00:59:02 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
    Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
    Exception code: 0xc0000005
    Fault offset: 0x00000000000027de
    Faulting process id: 0x13e0
    Faulting application start time: 0xtaskeng.exe0
    Faulting application path: taskeng.exe1
    Faulting module path: taskeng.exe2
    Report Id: taskeng.exe3

    Error: (01/26/2015 10:48:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: 436: DNSServiceResolve 00:88:65:ed:f8:[email protected]::288:65ff:feed:f811._apple-mobdev2._tcp.local.

    Error: (01/26/2015 10:48:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: 436: Could not write data to client because of error - aborting connection

    Error: (01/26/2015 10:48:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: send_msg ERROR: failed to write 137 of 137 bytes to fd 436 errno 10054 (An existing connection was forcibly closed by the remote host.)

    Error: (01/26/2015 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: 436: ERROR: read_msg errno 0 (The operation completed successfully.)

    Error: (01/26/2015 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: ERROR: mDNSPlatformReadTCP - recv: 10053


    System errors:
    =============
    Error: (01/26/2015 11:09:22 PM) (Source: ipnathlp) (EventID: 31004) (User: )
    Description: 0

    Error: (01/26/2015 08:23:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The CutterInstance service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 08:21:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The IHA_MessageCenter service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 08:12:30 PM) (Source: ipnathlp) (EventID: 31004) (User: )
    Description: 0

    Error: (01/26/2015 08:06:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 07:59:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (01/26/2015 09:15:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

    Error: (01/26/2015 09:06:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IHA_MessageCenter service.

    Error: (01/26/2015 08:03:35 AM) (Source: Server) (EventID: 2505) (User: )
    Description: The server could not bind to the transport \Device\NetBT_Tcpip_{CDD62C84-A4BD-4A97-916B-A628539E797A} because another computer on the network has the same name. The server could not start.

    Error: (01/26/2015 08:03:31 AM) (Source: ipnathlp) (EventID: 31004) (User: )
    Description: 0


    Microsoft Office Sessions:
    =========================
    Error: (06/30/2014 10:14:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 469 seconds with 180 seconds of active time. This session ended with a crash.

    Error: (04/02/2014 09:25:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 30563 seconds with 420 seconds of active time. This session ended with a crash.

    Error: (03/07/2014 09:21:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3581 seconds with 720 seconds of active time. This session ended with a crash.

    Error: (11/20/2013 09:00:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 36721 seconds with 300 seconds of active time. This session ended with a crash.

    Error: (11/20/2013 10:48:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1288 seconds with 300 seconds of active time. This session ended with a crash.

    Error: (11/18/2013 06:17:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 60 seconds of active time. This session ended with a crash.

    Error: (11/10/2013 02:08:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7325 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (09/24/2013 07:08:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39096 seconds with 600 seconds of active time. This session ended with a crash.

    Error: (02/10/2013 00:03:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 101685 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (01/23/2013 04:40:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29918 seconds with 540 seconds of active time. This session ended with a crash.
     
  10. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    OK! THANK YOU VERY MUCH FOR THE HELP KEVIN!!!!! AWESOME!

    I believe my computer is running ok now. The items in #13 below appear to be functioning.

    13. Verify that your system is now running normally, making sure that the following items are functional:
    Internet access
    Windows Update
    Windows Firewall

    I am continuing with the rest of the diagnostic.

    In looking at my control panel, the 3 items are still there. How do I get rid of them? (see attachment)
     

    Attached Files:

  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Why have you reposted the logs from the initial run of FRST, i`ve already seen those logs. Can you post the logs from MBAR as requested in reply #6?

    To remove the following entries in the installed programs list do the following:

    CouupScannero,
    SafeRwebe,
    DIIssCeountLLocaToor


    Go to the following link and download MyUninstaller Open the link and scroll down below "Feedback" to find access to the d/l. Also read all of the available information at the link, specifically the section marked "Removing an Uninstall entry"

    http://www.nirsoft.net/utils/myuninst.html

    When you have the d/l unzip to your Desktop. Right click on the application and select "Run as Administrator" the program is a standalone executable so will not install.

    When the program runs wait and the main interface will populate with an Installed Programs list.

    Check through the list until you see an entry for CouupScannero . Below the menu bar are column headers, look under Obsolete and Uninstall If the word Yes is listed under Obsolete and not Uninstall against the CouupScannero entry it means we can safely delete that entry.

    With CouupScannero Highlighted, either select > File > Delete Selected Entry or with CouupScannero selected (highlighted) click on the icon from the menu bar for "Delete selected entry". It looks like a red cross. I`ve also added a screen shot of the interface.

    [​IMG]

    Repeat again for the two remaining entries....
     
  12. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    pls see attached

    i'm sorry but i didn't know which mbar log to include so i included both that were there.

    thanks again.
     

    Attached Files:

  13. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    this is what "myuninstall" looks like after being run. botht the "uninstall" and the "obsolete" columns have a "yes" in them. do i uninstall or delete?
     

    Attached Files:

  14. leondela

    leondela Thread Starter

    Joined:
    Feb 13, 2007
    Messages:
    152
    kevin, thanks a million! i just deleted the files and it seemed to work using myuninstall.

    do the logs i provided look ok? (mbar and system)
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Yes logs from MBAR look good, still couple of scans to run:

    Download Malwarebytes Anti-Malware to your desktop.
    • Double-click mbam-setup and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
    • Now select > Scan > Threat scan > Scan now
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
    Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

    Next,

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Scan
    • Once the scan is done, click on the Clean button.
    • You will get a prompt asking to close all programs. Click OK.
    • Click OK again to reboot your computer.
    • A text file will open after the restart. Please post the content of that logfile in your reply.
    • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

    Next,

    Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
    Ensure to get the correct version for your system....
    32 Bit version:
    https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
    64 Bit version:
    https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

    Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
    In the "Scan Type" window, select Quick Scan
    Perform a scan and Click Finish when the scan is done.
    Retrieve the MSRT log as follows, and post it in your next reply:

    1) Select the Windows key and R key together to open the "Run" function
    2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

    notepad c:\windows\debug\mrt.log

    Let me see those logs, also give an update on any remaining issues or concerns....

    Thank you,

    Kevin....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1141888

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice