Help Removing: CouupScannero, SafeRwebe, DIIssCeountLLocaToor

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

leondela

Thread Starter
Joined
Feb 13, 2007
Messages
152
these viruses are bogging my computer down. it's hard to check to see if anyone has responded. pls help me to remove these. thanks.
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Hello and welcome to TSG,

Use the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.


  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next,

Any importand data, videos, music, pictures etc that you cannot afford to lose should be backed up if not already done. Go to the following link for basic help/instructions:

https://forums.malwarebytes.org/index.php?/topic/136226-backup-software/

Next,

Run the following scans and post the produced logs:

Step 1

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Step 2

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
  • Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Thank you,

Kevin...
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

1.Download Malwarebytes Anti-Rootkit from this link:

http://www.malwarebytes.org/products/mbar/

2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe



4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:



5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.



7. The following image opens, select Update



8. When the update completes select Next.



9. In the following window ensure "Targets" are ticked. Then select "Scan"



10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.



11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
12. If no threats were found you will see the following image, Select Exit:



13. Verify that your system is now running normally, making sure that the following items are functional:

  • Internet access
  • Windows Update
  • Windows Firewall

14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

15. Select "Y" from your Keyboard, tap Enter.

16. The fix will be applied, select any key to Exit.

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Thanks,

Kevin...
 

Attachments

leondela

Thread Starter
Joined
Feb 13, 2007
Messages
152
sorry i didn't do this right. i should have posted the logs rather than attaching them. i'll post in subsequent threads.

------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Delaune (administrator) on DLHII-2-HP on 27-01-2015 09:20:21
Running from C:\Users\Delaune\Downloads
Loaded Profiles: Delaune (Available profiles: Delaune)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\IHAMCNotify.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2281256 2010-09-13] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6489704 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [Facebook Update] => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-31] (Facebook Inc.)
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Delaune\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 3e05a546bd1f47d1931b4902a77b6259-3f3e6a21c03f97b98bf148621e2e377f0e1a6bab --CMPID 0913a
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [Google Update] => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-16] (Google Inc.)
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
Startup: C:\Users\Delaune\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KWLogon.vbs ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntreis.net/
HKU\S-1-5-21-597734462-1468123911-3078696002-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://accounts.google.com/ServiceLogin?service=adwords
http://www.resaas.com/leondelaune1
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {EBA74D51-3797-487F-AAF1-43EB43299CD5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3245482
SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm166^YYA^us&si=pd-angels&ptb=25A8FC95-0A42-42AD-A113-92787BF25C2F&ind=2013081411&n=77fd2f43&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\.DEFAULT -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\.DEFAULT -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> DefaultScope {2D617979-F441-4C9C-9D8F-69D7C9BFE065} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {0C89231B-F6F9-4B8A-B446-6B4495397CC3} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {2D617979-F441-4C9C-9D8F-69D7C9BFE065} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://searchservices.verizon.com/search/ws.portal?&_nfpb=true&_pageLabel=google_results&rs=&web_search_type=basic&sc=web&clientid=vz-cnsmr-tlbr&channel=Brwsr-v6IE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {6EEA6CB7-AD21-4DB0-A9AD-BC377E046AA5} URL = http://www.youtube.com/results?search_query={searchTerms}
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {6F0C7BBC-9E63-4758-9E3A-243DECDF95A0} URL = http://search.conduit.com/Results.aspx?ctid=CT3304763&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm166^YYA^us&si=pd-angels&ptb=25A8FC95-0A42-42AD-A113-92787BF25C2F&ind=2013081411&n=77fd2f43&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://www.bing.com/search?FORM=UP74DF&PC=UP74&dt=100813&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL =
SearchScopes: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: COupSScaNner -> {e867ae55-2021-49ae-ac25-5a1ce491d712} -> C:\Program Files (x86)\COupSScaNner\vTmnoLx9DB4AA4.x64.dll ()
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DefaultTab Browser Helper -> {7F6AFBF1-E065-4627-A2FD-810366367D01} -> C:\Users\Delaune\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Updater For Verizon Toolbar -> {96673559-e653-4cdc-8923-f89347a952c0} -> C:\Program Files (x86)\verizontb\auxi\verizonAu.dll (Visicom Media)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: COupSScaNner -> {e867ae55-2021-49ae-ac25-5a1ce491d712} -> C:\Program Files (x86)\COupSScaNner\vTmnoLx9DB4AA4.dll ()
BHO-x32: Verizon Toolbar -> {f8d96645-337c-419b-8792-b6c126145811} -> C:\Program Files (x86)\verizontb\verizonDx.dll ()
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - Verizon Toolbar - {f8d96645-337c-419b-8792-b6c126145811} - C:\Program Files (x86)\verizontb\verizonDx.dll ()
Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {EF48A53D-188E-4F31-9EAC-905D29793A76} - No File
Toolbar: HKU\S-1-5-21-597734462-1468123911-3078696002-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} https://app.nationalcreditors.com/W..._VLNz-glTChxTqRzQ_WD3fD0&t=634189554040000000
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin64.dll (Skype)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @citrixonline.com/appdetectorplugin -> C:\Users\Delaune\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Delaune\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-597734462-1468123911-3078696002-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-08]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-08]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "chrome://bookmarks/#2478", "https://us-mg6.mail.yahoo.com/neo/launch?.rand=1poodkvciqakr", "https://bay175.mail.live.com/", "hxxp://www.buysellhomesdallastx.com/adminlogin/", "hxxp://leondelaune.kwrealty.com/adminlogin/#/titles-and-descriptions/", "https://mail.google.com/mail/?shva=1&zx=pl2z6nd82q99#inbox", "https://secure.kw.com/sso/Login.do?ssoForwardUrl=http%3A%2F%2Fmykw.kw.com%2Fkwintranet%2FctPost.jsp%3Fpid%3D308%26id%3D264&ssoAuthenticator=KWIntranet"
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSearchURL: Default -> https://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL: Default -> https://www.bing.com/chrome/newtab?setmkt=en-US
CHR DefaultSuggestURL: Default -> http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR Profile: C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Yahoo Web) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (SafeRwebe) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgohjgpmnghlpkjblbhibfdhhjbdfmhn [2015-01-25]
CHR Extension: (Skype Click to Call) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-11]
CHR Extension: (Connect DLC 5) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Delaune\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Delaune\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-16]
CHR HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Delaune\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
StartMenuInternet: Google Chrome.GMYSVP62H37BEX6G4IDR2EDLOU - C:\Users\Delaune\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 3c2d81f8; c:\Program Files (x86)\CutterInstance\CutterInstance.dll [2094080 2015-01-25] () [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [126464 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 RtVOsdService; C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [315392 2010-06-24] (Realtek Semiconductor Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 BrYNSvc; "C:\Program Files (x86)\Browny02\BrYNSvc.exe" [X]
S2 Update Solution Real; "C:\Program Files (x86)\Solution Real\updateSolutionReal.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 WFMC_VAD; C:\Windows\System32\DRIVERS\wfmcvad.sys [24064 2010-02-08] (WiFi Media Connect)
S1 hlnfd; system32\drivers\hlnfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 09:20 - 2015-01-27 09:21 - 00028128 _____ () C:\Users\Delaune\Downloads\FRST.txt
2015-01-27 09:19 - 2015-01-27 09:20 - 00000000 ____D () C:\FRST
2015-01-27 09:18 - 2015-01-27 09:19 - 02129920 _____ (Farbar) C:\Users\Delaune\Downloads\FRST64.exe
2015-01-27 09:16 - 2015-01-27 09:17 - 00000000 ____D () C:\Users\Delaune\Desktop\tECHgUY-15-0127
2015-01-27 09:10 - 2015-01-27 09:10 - 00000000 ____D () C:\Windows\ERDNT
2015-01-27 09:05 - 2015-01-27 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-27 09:05 - 2015-01-27 09:05 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-27 09:03 - 2015-01-27 09:03 - 00791393 _____ (Lars Hederer ) C:\Users\Delaune\Downloads\erunt-setup (1).exe
2015-01-27 08:52 - 2015-01-27 08:53 - 00791393 _____ (Lars Hederer ) C:\Users\Delaune\Downloads\erunt-setup.exe
2015-01-26 22:00 - 2015-01-26 22:00 - 00978333 _____ () C:\Users\Delaune\Downloads\TX085_10C_1 (1).tif
2015-01-26 21:56 - 2015-01-26 21:56 - 00978333 _____ () C:\Users\Delaune\Downloads\TX085_10C_1.tif
2015-01-26 08:46 - 2015-01-26 08:47 - 00594984 _____ () C:\Users\Delaune\Downloads\Java (1).exe
2015-01-25 14:38 - 2015-01-26 11:22 - 00000000 ____D () C:\ProgramData\d29bfb0af1214b0
2015-01-25 14:36 - 2015-01-25 14:37 - 00594976 _____ () C:\Users\Delaune\Downloads\Java.exe
2015-01-25 14:14 - 2015-01-25 14:14 - 00000000 ____D () C:\Program Files (x86)\SafeRwebe
2015-01-25 14:13 - 2015-01-25 14:40 - 00000000 ____D () C:\Program Files (x86)\tperfeCtcOupOn
2015-01-25 14:13 - 2015-01-25 14:13 - 00000000 ____D () C:\Program Files (x86)\IMG inspector
2015-01-25 14:13 - 2015-01-25 14:13 - 00000000 ____D () C:\Program Files (x86)\DIIssCeountLLocaToor
2015-01-25 14:13 - 2015-01-25 14:13 - 00000000 ____D () C:\Program Files (x86)\CouupScannero
2015-01-25 14:11 - 2015-01-25 14:14 - 00000000 ____D () C:\ProgramData\948499962110547120
2015-01-25 14:11 - 2015-01-25 14:11 - 00000000 ____D () C:\Program Files (x86)\COupSScaNner
2015-01-25 13:50 - 2015-01-25 13:50 - 00000000 ____D () C:\Program Files (x86)\CutterInstance
2015-01-24 15:25 - 2015-01-24 15:25 - 00000146 _____ () C:\Users\Delaune\Desktop\Internet Options - Shortcut.lnk
2015-01-24 15:17 - 2015-01-24 15:17 - 00767504 _____ (%VENDOR%) C:\Users\Delaune\Downloads\MediaPlayerSetup.exe
2015-01-23 16:09 - 2015-01-23 16:09 - 00726104 _____ () C:\Users\Delaune\Downloads\01 (6).wmv
2015-01-23 16:01 - 2015-01-23 16:02 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (10).wmv
2015-01-23 15:59 - 2015-01-23 16:00 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (8).wmv
2015-01-23 15:53 - 2015-01-23 15:54 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (7).wmv
2015-01-23 15:53 - 2015-01-23 15:53 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (6).wmv
2015-01-23 15:52 - 2015-01-23 15:52 - 00732754 _____ () C:\Users\Delaune\Downloads\05 (5).wmv
2015-01-23 15:51 - 2015-01-23 15:51 - 00746046 _____ () C:\Users\Delaune\Downloads\04 (6).wmv
2015-01-23 15:50 - 2015-01-23 15:51 - 00752704 _____ () C:\Users\Delaune\Downloads\02 (4).wmv
2015-01-23 15:50 - 2015-01-23 15:51 - 00732754 _____ () C:\Users\Delaune\Downloads\03 (3).wmv
2015-01-23 15:50 - 2015-01-23 15:50 - 00752704 _____ () C:\Users\Delaune\Downloads\02 (3).wmv
2015-01-23 15:49 - 2015-01-23 15:49 - 00766004 _____ () C:\Users\Delaune\Downloads\01 (5).wmv
2015-01-23 15:49 - 2015-01-23 15:49 - 00732754 _____ () C:\Users\Delaune\Downloads\05 (4).wmv
2015-01-23 15:49 - 2015-01-23 15:49 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (5).wmv
2015-01-23 15:44 - 2015-01-23 15:49 - 00726104 _____ () C:\Users\Delaune\Downloads\06 (4).wmv
2015-01-23 15:44 - 2015-01-23 15:45 - 00746046 _____ () C:\Users\Delaune\Downloads\04 (5).wmv
2015-01-23 15:44 - 2015-01-23 15:45 - 00732754 _____ () C:\Users\Delaune\Downloads\05 (3).wmv
2015-01-23 15:43 - 2015-01-23 15:44 - 00766004 _____ () C:\Users\Delaune\Downloads\01 (4).wmv
2015-01-23 15:00 - 2015-01-23 15:00 - 00819770 _____ () C:\Users\Delaune\Downloads\33474_1.wmv
2015-01-23 15:00 - 2015-01-23 15:00 - 00756242 _____ () C:\Users\Delaune\Downloads\33474_2.wmv
2015-01-23 15:00 - 2015-01-23 15:00 - 00738914 _____ () C:\Users\Delaune\Downloads\33474_3.wmv
2015-01-23 15:00 - 2015-01-23 15:00 - 00710034 _____ () C:\Users\Delaune\Downloads\33474_5.wmv
2015-01-23 15:00 - 2015-01-23 15:00 - 00707138 _____ () C:\Users\Delaune\Downloads\33474_6.wmv
2015-01-23 15:00 - 2015-01-23 15:00 - 00660930 _____ () C:\Users\Delaune\Downloads\33474_4.wmv
2015-01-23 14:54 - 2015-01-23 14:54 - 00717798 _____ () C:\Users\Delaune\Downloads\04 (4).wmv
2015-01-23 14:54 - 2015-01-23 14:54 - 00711148 _____ () C:\Users\Delaune\Downloads\06 (3).wmv
2015-01-23 14:54 - 2015-01-23 14:54 - 00711148 _____ () C:\Users\Delaune\Downloads\05 (2).wmv
2015-01-23 14:54 - 2015-01-23 14:54 - 00704498 _____ () C:\Users\Delaune\Downloads\03 (2).wmv
2015-01-23 14:54 - 2015-01-23 14:54 - 00704498 _____ () C:\Users\Delaune\Downloads\02 (2).wmv
2015-01-23 14:54 - 2015-01-23 14:54 - 00704498 _____ () C:\Users\Delaune\Downloads\01 (3).wmv
2015-01-23 14:53 - 2015-01-23 14:53 - 00757698 _____ () C:\Users\Delaune\Downloads\04 (2).wmv
2015-01-23 14:53 - 2015-01-23 14:53 - 00711148 _____ () C:\Users\Delaune\Downloads\04 (3).wmv
2015-01-23 14:52 - 2015-01-23 14:52 - 00704498 _____ () C:\Users\Delaune\Downloads\06 (2).wmv
2015-01-23 14:51 - 2015-01-23 14:51 - 00853572 _____ () C:\Users\Delaune\Downloads\06 (1).wmv
2015-01-23 14:51 - 2015-01-23 14:51 - 00845672 _____ () C:\Users\Delaune\Downloads\05 (1).wmv
2015-01-23 14:50 - 2015-01-23 14:50 - 00900972 _____ () C:\Users\Delaune\Downloads\02 (1).wmv
2015-01-23 14:50 - 2015-01-23 14:50 - 00900972 _____ () C:\Users\Delaune\Downloads\01 (2).wmv
2015-01-23 14:50 - 2015-01-23 14:50 - 00885164 _____ () C:\Users\Delaune\Downloads\03 (1).wmv
2015-01-23 14:50 - 2015-01-23 14:50 - 00829864 _____ () C:\Users\Delaune\Downloads\04 (1).wmv
2015-01-23 14:48 - 2015-01-23 14:48 - 01427663 _____ () C:\Users\Delaune\Downloads\002.wmv
2015-01-23 14:48 - 2015-01-23 14:48 - 01419671 _____ () C:\Users\Delaune\Downloads\004.wmv
2015-01-23 14:48 - 2015-01-23 14:48 - 01419671 _____ () C:\Users\Delaune\Downloads\003.wmv
2015-01-23 14:48 - 2015-01-23 14:48 - 01419655 _____ () C:\Users\Delaune\Downloads\001.wmv
2015-01-23 14:44 - 2015-01-23 14:44 - 00956272 _____ () C:\Users\Delaune\Downloads\02.wmv
2015-01-23 14:44 - 2015-01-23 14:44 - 00940472 _____ () C:\Users\Delaune\Downloads\06.wmv
2015-01-23 14:44 - 2015-01-23 14:44 - 00900972 _____ () C:\Users\Delaune\Downloads\05.wmv
2015-01-23 14:44 - 2015-01-23 14:44 - 00900972 _____ () C:\Users\Delaune\Downloads\03.wmv
2015-01-23 14:44 - 2015-01-23 14:44 - 00877272 _____ () C:\Users\Delaune\Downloads\04.wmv
2015-01-23 14:36 - 2015-01-23 14:42 - 00948364 _____ () C:\Users\Delaune\Downloads\01 (1).wmv
2015-01-23 14:36 - 2015-01-23 14:38 - 00948364 _____ () C:\Users\Delaune\Downloads\01.wmv
2015-01-22 13:32 - 2015-01-22 13:32 - 00007644 _____ () C:\Users\Delaune\Desktop\BILLS_TO_PAY.xlsx - Shortcut.lnk
2015-01-14 21:33 - 2015-01-24 18:33 - 03539632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-14 13:44 - 2015-01-26 18:06 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForDelaune
2015-01-14 13:44 - 2015-01-26 18:06 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForDelaune.job
2015-01-14 02:13 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 02:13 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 02:13 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 02:13 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 02:13 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 02:13 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 02:13 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 02:13 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 02:13 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 02:13 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 02:13 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 02:13 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 02:13 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 10:08 - 2015-01-13 10:08 - 00156542 _____ () C:\Users\Delaune\Downloads\Certificates.zip
2015-01-09 12:28 - 2015-01-09 12:28 - 00000000 ____D () C:\Users\Delaune\Downloads\TX-1319_Falcon-75051-636185-Closed
2015-01-07 06:57 - 2015-01-07 06:57 - 00307182 _____ () C:\Users\Delaune\Downloads\Attachments_201517.zip
2015-01-04 14:50 - 2015-01-04 14:50 - 00011146 _____ () C:\Users\Delaune\Downloads\2014 owed to personal.xlsx
2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014.TXT
2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014 (3).TXT
2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014 (2).TXT
2015-01-03 21:23 - 2015-01-03 21:23 - 00002424 _____ () C:\Users\Delaune\Downloads\DLHI profit & loss jan - nov 2014 (1).TXT
2015-01-03 21:17 - 2015-01-03 21:17 - 00001766 _____ () C:\Users\Delaune\Downloads\real estate profit & loss jan - nov 2014.TXT
2015-01-03 21:07 - 2015-01-03 21:07 - 00000000 ____D () C:\ProgramData\1887373585
2015-01-03 20:58 - 2015-01-03 20:59 - 00003248 _____ () C:\Windows\System32\Tasks\Digital Sites
2015-01-03 20:58 - 2015-01-03 20:59 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2015-01-03 20:58 - 2015-01-03 20:58 - 00000000 ____D () C:\Users\Delaune\AppData\Roaming\DigitalSites
2015-01-03 20:46 - 2015-01-03 20:49 - 00798080 _____ ( ) C:\Users\Delaune\Downloads\FileOpenerSetup (1).exe
2015-01-03 20:46 - 2015-01-03 20:47 - 00798080 _____ ( ) C:\Users\Delaune\Downloads\FileOpenerSetup.exe
2015-01-03 20:04 - 2015-01-03 20:04 - 35274752 _____ () C:\Users\Delaune\Downloads\D&L Home Inspection (Backup Jan 03,2015 06 28 PM) (1).QBB
2015-01-03 20:03 - 2015-01-03 20:03 - 35274752 _____ () C:\Users\Delaune\Downloads\D&L Home Inspection (Backup Jan 03,2015 06 28 PM).QBB
2014-12-31 18:38 - 2014-12-31 18:38 - 00413818 _____ () C:\Users\Delaune\Downloads\Attachments_20141231 (1).zip
2014-12-31 18:08 - 2014-12-31 18:08 - 00065421 _____ () C:\Users\Delaune\Downloads\Attachments_20141231.zip
2014-12-30 20:45 - 2014-12-30 20:45 - 00788406 _____ () C:\Users\Delaune\Downloads\E&O Insurance (2).zip
2014-12-30 20:44 - 2014-12-30 20:45 - 00788406 _____ () C:\Users\Delaune\Downloads\E&O Insurance (1).zip
2014-12-30 20:44 - 2014-12-30 20:44 - 00788406 _____ () C:\Users\Delaune\Downloads\E&O Insurance.zip
2014-12-30 20:32 - 2014-12-30 20:32 - 00000000 ____D () C:\Program Files\Verizon

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 09:19 - 2010-12-01 02:38 - 02044035 _____ () C:\Windows\WindowsUpdate.log
2015-01-27 08:59 - 2013-11-17 19:39 - 00000286 _____ () C:\Windows\Tasks\bench-Updater removing.job
2015-01-27 08:57 - 2012-06-16 11:47 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job
2015-01-27 08:33 - 2014-05-08 20:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-27 08:28 - 2014-02-08 14:49 - 00000574 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002.job
2015-01-27 07:50 - 2012-07-31 00:45 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job
2015-01-27 07:09 - 2013-11-17 10:54 - 00000348 _____ () C:\Windows\Tasks\bench-sys.job
2015-01-27 01:50 - 2012-07-31 00:45 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job
2015-01-26 22:57 - 2012-06-16 11:47 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job
2015-01-26 21:24 - 2011-04-02 09:53 - 00000000 ____D () C:\Users\Delaune\AppData\Local\CrashDumps
2015-01-26 11:42 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-26 11:42 - 2009-07-13 22:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-26 09:55 - 2013-08-07 14:55 - 00000000 ___RD () C:\Users\Delaune\Desktop\LeonsDropBox
2015-01-26 09:31 - 2011-05-08 21:16 - 00000000 ____D () C:\Users\Public\Documents\Personal
2015-01-26 09:21 - 2009-07-13 23:13 - 00801092 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-26 08:04 - 2014-03-02 01:00 - 00037576 _____ () C:\Windows\setupact.log
2015-01-24 18:33 - 2014-05-08 20:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-24 18:33 - 2014-05-08 20:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 18:33 - 2014-05-08 20:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:11 - 2014-02-08 14:49 - 00003608 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002
2015-01-23 08:03 - 2014-11-11 22:25 - 00002376 _____ () C:\Users\Delaune\Desktop\Google Chrome.lnk
2015-01-22 19:39 - 2011-03-28 10:00 - 00000000 ____D () C:\Users\Delaune
2015-01-22 17:46 - 2011-07-10 10:49 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-22 17:45 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 12:59 - 2011-04-11 15:22 - 00000059 _____ () C:\Windows\wpd99.drv
2015-01-22 12:59 - 2011-04-11 15:22 - 00000000 ____D () C:\ProgramData\pdf995
2015-01-20 11:49 - 2011-10-12 15:49 - 00000000 ____D () C:\Users\Delaune\AppData\Roaming\ZoomBrowser EX
2015-01-14 13:32 - 2011-11-16 10:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-14 13:32 - 2011-03-30 16:16 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-01-10 19:21 - 2011-04-06 15:58 - 00038686 _____ () C:\Users\Delaune\Desktop\rpt changes.txt
2015-01-03 21:12 - 2012-03-23 08:54 - 00000000 ____D () C:\Program Files\Google
2015-01-03 21:12 - 2012-03-23 08:53 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-03 21:12 - 2011-03-29 05:55 - 00494044 _____ () C:\Windows\PFRO.log
2015-01-03 21:03 - 2012-03-23 08:53 - 00000000 ____D () C:\Users\Delaune\AppData\Local\Google
2015-01-03 21:03 - 2012-03-23 08:53 - 00000000 ____D () C:\ProgramData\Google
2015-01-03 09:36 - 2014-08-21 11:48 - 00000000 ____D () C:\Users\Delaune\AppData\Local\Adobe
2014-12-31 05:14 - 2011-05-30 15:44 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-05-18 20:11 - 2011-06-01 20:29 - 0001854 _____ () C:\Users\Delaune\AppData\Roaming\GhostObjGAFix.xml
2011-10-26 09:27 - 2014-06-30 21:57 - 0007168 _____ () C:\Users\Delaune\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 11:32 - 2014-12-20 11:32 - 0009662 _____ () C:\Users\Delaune\AppData\Local\MessageCenter.ico
2014-12-20 11:32 - 2014-12-20 11:32 - 0009662 _____ () C:\Users\Delaune\AppData\Local\MyVerizon.ico
2012-01-27 13:33 - 2014-11-16 10:14 - 0007614 _____ () C:\Users\Delaune\AppData\Local\Resmon.ResmonCfg
2014-12-20 11:31 - 2014-12-20 11:31 - 0103749 _____ () C:\Users\Delaune\AppData\Local\VZWifiIcon.ico
2013-08-22 20:32 - 2013-08-22 20:31 - 5401808 _____ (PC Cleaners) C:\ProgramData\pclunst.exe
2010-12-01 02:49 - 2010-12-01 02:49 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-16 13:30 - 2010-10-16 13:31 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-12-01 02:49 - 2010-12-01 02:49 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-16 13:24 - 2010-10-16 13:25 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-12-01 02:48 - 2010-12-01 02:48 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-12-01 02:49 - 2010-12-01 02:49 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-16 13:23 - 2010-10-16 13:23 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-16 13:25 - 2010-10-16 13:30 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-16 13:31 - 2010-12-01 02:49 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\ProgramData\pclunst.exe
C:\Users\Delaune\MetricCollection.dll


Some content of TEMP:
====================
C:\Users\Delaune\AppData\Local\Temp\goylk6wk.dll
C:\Users\Delaune\AppData\Local\Temp\ICReinstall_MediaPlayerSetup.exe
C:\Users\Delaune\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Delaune\AppData\Local\Temp\optprosetup.exe
C:\Users\Delaune\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:23

==================== End Of Log ============================
 

leondela

Thread Starter
Joined
Feb 13, 2007
Messages
152
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Delaune at 2015-01-27 09:23:04
Running from C:\Users\Delaune\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Wonders: Magical Mystery Tour (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG PC Tuneup 2011 (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.24 - AVG)
Bejeweled (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{8D3903E2-4B1B-4A69-B8F6-A3D1BE075BDB}) (Version: 2.2.6484 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM-x32\...\Software Guide) (Version: 1.1.0.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.0.8 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.1.0.2 - Canon Inc.)
Canon PowerShot A3100 IS and PowerShot A3000 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSA3100ISandPSA3000IS) (Version: 1.0.0.2 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.0.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.0.14 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12844.3519 - Hewlett-Packard Company)
CouupScannero (HKLM-x32\...\{80E8B0A0-117D-1402-7CDE-688156237115}) (Version: - CoupScanner) <==== ATTENTION
CutterInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{3c2d81f8}) (Version: - Software Publisher) <==== ATTENTION
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3320 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1920 - CyberLink Corp.)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.4604 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Detective Agency (x32 Version: 2.2.0.97 - WildTangent) Hidden
DIIssCeountLLocaToor (HKLM-x32\...\{194FED75-9C74-BDB7-53F8-8CFFEF1AFEC9}) (Version: - DiscountLocator) <==== ATTENTION
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}) (Version: 1.1.2.1 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0.2 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.4042 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{AF306BD8-F9D1-4627-89B9-246E59074A05}) (Version: 1.1.2 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{53469506-A37E-4314-A9D9-38724EC23A75}) (Version: 8.4.4400.3525 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{97174E88-52F9-445A-A28E-704A45332D19}) (Version: 4.0.108.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IHA_MessageCenter (HKLM-x32\...\{C3300989-DAF5-4F3A-81FF-404729267C0B}) (Version: 2.0.63 - Verizon)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KONICA MINOLTA C754Series(PS_PCL_FAX) (HKLM\...\KONICA MINOLTA C754Series Installer(PS_PCL_FAX)) (Version: - KONICA MINOLTA)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3220 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3220 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{705B639E-FAAF-40D7-AD58-C445321C7C3F}) (Version: 1.18.18.1 - LightScribe)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
PdfEdit995 (HKLM-x32\...\PdfEdit995) (Version: - )
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4419 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4419 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3320 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3320 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.1.13.0 - Ralink)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6206 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3223 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)
SafeRwebe (HKLM-x32\...\{5F488658-35A7-2AB8-A756-560BA8F103C3}) (Version: - "")
Signature995 (HKLM-x32\...\Signature995) (Version: - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{15AF46DB-9EBA-4662-AA52-29EF23585035}) (Version: 3.2.0.23388 - Skype Technologies S.A.)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{D0E2AD1D-07B7-491C-8877-171A03680AE0}) (Version: 4.0.29702 - SlimWare Utilities, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.64 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Verizon Toolbar (HKLM-x32\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.68.0 - Verizon)
VzDownloadManager (HKU\S-1-5-21-597734462-1468123911-3078696002-1002\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wi-Fi MediaConnect (HKLM-x32\...\{AA58346A-A5D7-4659-91D6-38D07345BDCF}) (Version: 1.6.425 - PHILIPS)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.36 - WildTangent)
WildTangent Games App (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
zipForm6 (HKLM-x32\...\zipForm6) (Version: 1.0.0.0 - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Delaune\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Citrix\GoToMeeting\1960\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-597734462-1468123911-3078696002-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Delaune\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

05-01-2015 21:29:47 Windows Update
09-01-2015 09:37:31 Windows Update
13-01-2015 07:00:00 Windows Update
14-01-2015 03:00:17 Windows Update
18-01-2015 12:42:26 Windows Update
21-01-2015 14:57:17 Windows Update
24-01-2015 18:02:50 Windows Update
26-01-2015 09:44:38 Windows Backup
26-01-2015 13:18:20 Windows Backup
26-01-2015 21:32:42 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00EB0277-A81E-45E6-AB3F-06E90EF0EC34} - System32\Tasks\{54A74F0E-B57A-4832-8B37-F2290C83A01F} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {01473C89-0880-4848-8B0E-6C7A96CEADDF} - System32\Tasks\{49C5FC09-FDE9-4398-BFFE-166E5EA20C10} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVNPHBS4\setup-free[1].exe" -d C:\Users\Delaune\Desktop
Task: {07119EBD-AF4C-4865-85EA-A0B247C8BD4E} - System32\Tasks\Digital Sites => C:\Users\Delaune\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {0B0066A8-426C-4101-B51B-F5674B6FE512} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-05-22] (SlimWare Utilities, Inc.)
Task: {0BB5D7F1-171E-401B-831E-921A7C9C3170} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {0F03BAD9-3CE4-4D0E-8F16-C3DF4AB93EE6} - System32\Tasks\{EB9B9F8E-688E-4E43-8506-DB88FEAB8A6E} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {16435809-DAE1-46D4-A7CD-1A9601D52F15} - System32\Tasks\{603FF5FA-9B0D-4388-90D7-4D8277C99F32} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {1A709A38-06F6-4DE0-BC57-ACB3B70FDC95} - System32\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002 => C:\Users\Delaune\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1B5CF90C-EDC4-4DA8-BD63-2ECC965907C5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {254AC929-7184-4E1B-8EFA-F5E0BD0CFF7D} - System32\Tasks\{E16B5618-927B-4878-AFAA-716B819BB22A} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {2E373047-D34B-495C-895A-13121543F267} - System32\Tasks\HPCeeScheduleForDelaune => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2E38A2A1-89DB-4349-98B4-06A1CD81C631} - System32\Tasks\{DAACBE85-217C-4ED9-AC87-03714D7F3425} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {361E39B3-EA2B-42EC-8DE9-765D5790B433} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {38487F4E-091D-4001-9451-08F2A9E27BE4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {386B5FD7-77F7-4EB7-B9A2-DA58E4E54A0A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-31] (Facebook Inc.)
Task: {4FB12AAA-A254-4DA7-A346-9ABD18F757C2} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {529C0E69-BFA5-4098-99AC-46D72B8DFA96} - System32\Tasks\{8E79DF47-C67D-4A1B-BF4D-1494A84E94B8} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {5420C49A-A01D-4B8D-9996-012B5FDC4927} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {5A1A4C1F-47A2-426C-90F1-5E51157CB3C5} - System32\Tasks\{21108726-E3BA-4D76-B414-7CDEB831ADD6} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {622EFFFA-A2B5-42F2-A286-7AFC66BD2047} - System32\Tasks\{C4D05E04-A11F-405B-8089-475A738BF445} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZM7OIHS\epson13457[1].exe" -d C:\Users\Delaune\Desktop
Task: {64B52EFB-62CD-4593-95D5-F5836B200CEF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-16] (Google Inc.)
Task: {6850E023-237F-4733-A0C6-FDA1983891F4} - System32\Tasks\{EC2EB830-BFDA-4E11-9D76-884ACE9F9AAF} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1618
Task: {6D0F3E63-5336-4B34-88E8-EF0D943EC91B} - System32\Tasks\{0B303615-BF7F-4360-9008-1452F0B05C47} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {71AEB17D-9022-4D7E-B5F9-A65FEF24A610} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7853DC0E-025D-4650-B6AF-9D8B026D0548} - System32\Tasks\{734D881C-C722-4845-BFE7-6E4A19A5FB11} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {7A94263C-324F-41AC-99BC-C3F096550F9B} - System32\Tasks\{C25D9FF4-E9C0-4C38-915F-05EDC2CFED54} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {7C803129-F5AF-43B5-A3E7-314AD420046C} - System32\Tasks\{AD35177D-75A7-456D-A9C2-10C9F16560C7} => pcalua.exe -a "C:\Program Files (x86)\ZipLogix\zipForm6\zipForm6.exe" -d "C:\Program Files (x86)\ZipLogix\zipForm6\"
Task: {7DA76C04-131E-42DA-840A-CF57FDF82D01} - System32\Tasks\{5C96CD67-C0AF-4416-A040-287A787CD969} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG9MWTF0\epson12586[1].exe" -d C:\Users\Delaune\Desktop
Task: {82703718-ED13-40B3-9D89-D008711B0C2C} - System32\Tasks\{6E89FE3D-4D4D-4B25-8122-8B5FC6CCC3AE} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {82A7FCD1-F969-4305-9002-F260F8F4BB89} - System32\Tasks\{9631C106-71E9-4D73-AA0F-BDFC41A0D05B} => pcalua.exe -a C:\Users\Delaune\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe -c --uninstall
Task: {87D0152B-E813-4D71-9FE2-9A35D5480662} - System32\Tasks\{9D1DD381-D8C1-4B76-A219-A33AD2F4E9EC} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {8A01D00A-1C6A-4C62-8188-BA2F83B75951} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {8FE03CCF-DC59-4DBC-9F17-DD11645D117F} - System32\Tasks\{4CA1DD07-68EE-41DC-AABE-D46848C1A856} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {8FE3C093-718B-4DB6-9AB3-2E3A0F4E3879} - System32\Tasks\{8BA9311D-15E8-4424-9D78-D5EB4620079D} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {954636DF-C733-4563-B4A9-20B544F30DC2} - System32\Tasks\{1D0E477F-99A9-4369-BFBF-4D6AEFD8FED9} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {9B91B168-85A6-4A88-8047-696F5F450826} - System32\Tasks\{54C94340-C620-4DC9-9785-2EF5D8C669DD} => Chrome.exe http://ui.skype.com/ui/0/6.0.59.126/en/abandoninstall?page=tsProgressBar
Task: {9EB92DD4-0534-49E6-8B7B-03DDB43ADB22} - System32\Tasks\{50514FF4-98F8-4A86-9B4D-B3DA89532609} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {A3733BB9-3F1D-46AE-BB69-3ED0C7AD1248} - System32\Tasks\{E0F61F55-35CF-45C7-A94A-7B2DA040BAC4} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVNPHBS4\ps2pdf995[1].exe" -d C:\Users\Delaune\Desktop
Task: {A62D8F3D-DD75-483F-B8F7-209C04FAA11D} - System32\Tasks\{B8AC1B96-561D-4313-A9AB-EF0AF85D0F10} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {A6BF40A4-6F84-448C-AD18-7F25941EEC9A} - System32\Tasks\{5282C112-4760-4B1F-9D8F-2815F17B8F67} => Chrome.exe http://ui.skype.com/ui/0/6.9.0.106/en/go/help.faq.installer?LastError=1618
Task: {A895D4ED-2F12-41B0-97EB-4F03ECCB218F} - System32\Tasks\{3153CA5A-0ABB-47E0-B202-AC4721AD208F} => pcalua.exe -a C:\Users\Delaune\Downloads\QuickTimeInstaller.exe -d C:\Users\Delaune\Downloads
Task: {AB8D2A76-0294-4199-9D6A-A730018B26E4} - System32\Tasks\{4CBF9714-D842-49DA-97B3-BF0744E14639} => pcalua.exe -a "C:\Users\Delaune\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XZM7OIHS\epson13458[1].exe" -d C:\Users\Delaune\Desktop
Task: {BA0AE3B4-4457-4944-A5E4-6CC364AA336A} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {BE304359-6897-4877-8157-D7B6810AEC43} - System32\Tasks\bench-sys => C:\Program Files (x86)\Bench\Updater\Updater.exe [2013-10-25] () <==== ATTENTION
Task: {BE4229E9-2778-415D-8814-86877A2D2127} - System32\Tasks\{CDB5C323-5E30-4934-AF3E-F482C722D988} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {BF1198F6-5551-4DFE-BA81-8329B6655C9D} - System32\Tasks\{324673D4-3F9E-425C-9E69-5527E6DA4A59} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {C37D9B47-2E3C-4603-BD3B-1380036926FA} - System32\Tasks\{CCF867E7-3AB5-41BF-A2DC-A47FAB237D53} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {C466A57F-3D1E-437F-803C-55056A10F071} - System32\Tasks\{C9A88E95-C961-47CE-8585-8851BA5101A6} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {CF1B8669-90E7-4822-8E07-09E1E887AD8D} - System32\Tasks\{9902B073-F56D-48DE-9A8C-9C6711DFFD28} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {D1738E0C-906D-460F-AFD6-FDAB0F07F6C4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-31] (Facebook Inc.)
Task: {D5E037D1-AA64-48CF-AB42-378DA0B460FB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D72EE4CE-9173-4FD8-9CA4-0E75171AC0D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {DBAE4812-0BDA-45C2-B818-01379843DA97} - System32\Tasks\{10D81279-F7CA-47B8-8741-1E3C0536DCE3} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {DDB9DD8D-FD56-4912-9F76-44270C68A4E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN47GC42DB => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {DDEE52D7-A8E9-44A6-83FE-8262952A47CB} - System32\Tasks\{7DFD85C0-5AB1-483A-B443-5269281F0E3A} => Chrome.exe http://ui.skype.com/ui/0/6.0.59.126/en/abandoninstall?page=tsProgressBar
Task: {E2855F11-166C-407D-98E2-51FBFAC91624} - System32\Tasks\{E8049217-1D2F-4F00-A3FE-D1E261016B4D} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {E4CE46E9-7ACC-4296-A71C-1CC7FB78AB5D} - System32\Tasks\{7338125C-BF59-4565-8CE9-6F158A91094E} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {E5C893F9-577E-43B3-9A7C-550550077321} - System32\Tasks\{0B5C1E36-2817-4BB7-B76D-25418361A9F4} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {F0F2FF9A-D595-404B-9E0D-BD816B55F53E} - System32\Tasks\{0E0871E9-340D-41F4-9892-D9DC125BAF9A} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {F422EB5D-EC1F-4CBB-8750-AA28F96A2B63} - System32\Tasks\bench-Updater removing
Task: {F922C0CE-7CA1-4792-A3B0-DB50C5EE2850} - System32\Tasks\{6872C24E-364F-4F0B-BAF8-68E66B6D3CC7} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {FC834F89-6BE0-4C0A-8062-501F0DBE1561} - System32\Tasks\{4F30DFFD-E660-4DDF-89B6-C65A2B89B194} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: {FDE287D0-B0BD-4765-BEFD-1EF72EAD6CB5} - System32\Tasks\{6CC276D4-0682-449F-ABAE-E8E6C7EB99C0} => Chrome.exe http://ui.skype.com/ui/0/6.10.0.104/en/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\bench-sys.job => C:\Program Files (x86)\Bench\Updater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\bench-Updater removing.job => ? <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Delaune\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job => C:\Users\Delaune\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-597734462-1468123911-3078696002-1002.job => C:\Users\Delaune\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002Core.job => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-597734462-1468123911-3078696002-1002UA.job => C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForDelaune.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2011-04-11 15:22 - 2006-10-19 20:44 - 00047616 _____ () C:\Windows\System32\pdf995mon64.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-08-16 15:21 - 2010-08-16 15:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-08-16 15:21 - 2010-08-16 15:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-08-16 15:21 - 2010-08-16 15:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-10-03 06:04 - 2014-10-03 06:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 06:04 - 2014-10-03 06:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 06:04 - 2014-10-03 06:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2015-01-23 08:03 - 2015-01-20 21:50 - 01117512 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-23 08:02 - 2015-01-20 21:50 - 00211272 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-23 08:03 - 2015-01-20 21:50 - 09171272 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\pdf.dll
2015-01-23 08:03 - 2015-01-20 21:50 - 14913352 _____ () C:\Users\Delaune\AppData\Local\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Google Update => "C:\Users\Delaune\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\Delaune\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 3e05a546bd1f47d1931b4902a77b6259-3f3e6a21c03f97b98bf148621e2e377f0e1a6bab --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013

========================= Accounts: ==========================

Administrator (S-1-5-21-597734462-1468123911-3078696002-500 - Administrator - Disabled)
Delaune (S-1-5-21-597734462-1468123911-3078696002-1002 - Administrator - Enabled) => C:\Users\Delaune
Guest (S-1-5-21-597734462-1468123911-3078696002-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-597734462-1468123911-3078696002-1014 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: hlnfd
Description: hlnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hlnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/27/2015 08:59:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0x3100
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3

Error: (01/27/2015 06:07:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 436: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (01/27/2015 06:07:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (01/27/2015 04:59:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0x2198
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3

Error: (01/27/2015 00:59:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0x13e0
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3

Error: (01/26/2015 10:48:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 436: DNSServiceResolve 00:88:65:ed:f8:[email protected]::288:65ff:feed:f811._apple-mobdev2._tcp.local.

Error: (01/26/2015 10:48:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 436: Could not write data to client because of error - aborting connection

Error: (01/26/2015 10:48:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: send_msg ERROR: failed to write 137 of 137 bytes to fd 436 errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (01/26/2015 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 436: ERROR: read_msg errno 0 (The operation completed successfully.)

Error: (01/26/2015 10:41:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053


System errors:
=============
Error: (01/26/2015 11:09:22 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/26/2015 08:23:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CutterInstance service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2015 08:21:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The IHA_MessageCenter service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2015 08:12:30 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (01/26/2015 08:06:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2015 07:59:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Wireless Assistant Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/26/2015 09:15:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

Error: (01/26/2015 09:06:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IHA_MessageCenter service.

Error: (01/26/2015 08:03:35 AM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{CDD62C84-A4BD-4A97-916B-A628539E797A} because another computer on the network has the same name. The server could not start.

Error: (01/26/2015 08:03:31 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0


Microsoft Office Sessions:
=========================
Error: (06/30/2014 10:14:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 469 seconds with 180 seconds of active time. This session ended with a crash.

Error: (04/02/2014 09:25:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 30563 seconds with 420 seconds of active time. This session ended with a crash.

Error: (03/07/2014 09:21:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3581 seconds with 720 seconds of active time. This session ended with a crash.

Error: (11/20/2013 09:00:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 36721 seconds with 300 seconds of active time. This session ended with a crash.

Error: (11/20/2013 10:48:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 1288 seconds with 300 seconds of active time. This session ended with a crash.

Error: (11/18/2013 06:17:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 60 seconds of active time. This session ended with a crash.

Error: (11/10/2013 02:08:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 7325 seconds with 120 seconds of active time. This session ended with a crash.

Error: (09/24/2013 07:08:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6679.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39096 seconds with 600 seconds of active time. This session ended with a crash.

Error: (02/10/2013 00:03:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 101685 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/23/2013 04:40:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29918 seconds with 540 seconds of active time. This session ended with a crash.
 

leondela

Thread Starter
Joined
Feb 13, 2007
Messages
152
OK! THANK YOU VERY MUCH FOR THE HELP KEVIN!!!!! AWESOME!

I believe my computer is running ok now. The items in #13 below appear to be functioning.

13. Verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

I am continuing with the rest of the diagnostic.

In looking at my control panel, the 3 items are still there. How do I get rid of them? (see attachment)
 

Attachments

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Why have you reposted the logs from the initial run of FRST, i`ve already seen those logs. Can you post the logs from MBAR as requested in reply #6?

To remove the following entries in the installed programs list do the following:

CouupScannero,
SafeRwebe,
DIIssCeountLLocaToor


Go to the following link and download MyUninstaller Open the link and scroll down below "Feedback" to find access to the d/l. Also read all of the available information at the link, specifically the section marked "Removing an Uninstall entry"

http://www.nirsoft.net/utils/myuninst.html

When you have the d/l unzip to your Desktop. Right click on the application and select "Run as Administrator" the program is a standalone executable so will not install.

When the program runs wait and the main interface will populate with an Installed Programs list.

Check through the list until you see an entry for CouupScannero . Below the menu bar are column headers, look under Obsolete and Uninstall If the word Yes is listed under Obsolete and not Uninstall against the CouupScannero entry it means we can safely delete that entry.

With CouupScannero Highlighted, either select > File > Delete Selected Entry or with CouupScannero selected (highlighted) click on the icon from the menu bar for "Delete selected entry". It looks like a red cross. I`ve also added a screen shot of the interface.



Repeat again for the two remaining entries....
 

leondela

Thread Starter
Joined
Feb 13, 2007
Messages
152
this is what "myuninstall" looks like after being run. botht the "uninstall" and the "obsolete" columns have a "yes" in them. do i uninstall or delete?
 

Attachments

leondela

Thread Starter
Joined
Feb 13, 2007
Messages
152
kevin, thanks a million! i just deleted the files and it seemed to work using myuninstall.

do the logs i provided look ok? (mbar and system)
 

kevinf80

Kevin
Malware Specialist
Joined
Mar 21, 2006
Messages
11,470
Yes logs from MBAR look good, still couple of scans to run:

Download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  • Now select > Scan > Threat scan > Scan now
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt. Where n in the scan reference number

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop
Ensure to get the correct version for your system....
32 Bit version:
https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
64 Bit version:
https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns....

Thank you,

Kevin....
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top