Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pctuner malware infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 Lmhteach

Lmhteach

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 20 April 2015 - 05:03 PM

I joined this group in March because I was infected with some malware or something.  I believe the culprit was pccleaner, and I had posted about it.  In the meantime, I was fortunate enough to have someone remove it for me.  At least I thought it was removed.  My grandson clicked on a shortcut to one of the games he had downloaded and hadn't used since then, and the 'malware' (or whatever it is) came back, with even more messages, this time.  The first time around, a program called pccleaner showed up on my start menu.  This time, a program called pctuner showed up.  Both times, I've gotten a message in a non-movable box in the middle of the screen saying:  Warning  X Your PC may be at Risk  Check for malware and registry issues  You need to fix your PC problem immediately.  Your Data is on 94% Risk.  FIX  

This time, however I also got two other messages behind this one:  Windows Detected Security Error, Due to third party Suspicious Activity  AND   Action REquired  Dear Comcast User, Your PC is at Risk  Threats Detected  Title Adware Deal play, etc  (most of the message on those are behind the non moving message, making it hard to decipher it all, but it gives me a number to call to fix it.  Of course, I didn't call.

So I wrote all of this, downloaded FRST and was copy and pasting it to this site (while not in safe mode) and the computer froze.  I cold booted and am in safe mode at this time to try once again.  By the way, the last time I was infected with this, I was able to boot into safe mode in the beginning, but then it would no longer let me do it.  So far, I can boot into safe mode this time.

 

 

Thanks for any help you can give me.

Lynn 

 

Below is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Lynn (administrator) on LYNN-HP on 20-04-2015 16:02:18
Running from C:\Users\Lynn\Desktop
Loaded Profiles: Lynn (Available profiles: Lynn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\AdminService64.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\ConfigServer64.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\MainServer64.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(eMPIA Technology, Inc.) C:\Windows\emMON.exe
(Google Inc.) C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Kworld Computer Co., Ltd.) C:\Program Files (x86)\Tevion Multimedia\External TV Tuner and Recorder Device Utilities\EMRCtl.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\MainServerGui64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Salient Systems Corp.) C:\Program Files (x86)\CompleteView\CV SpotLight\CV SpotLight.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Probsalert) C:\Program Files (x86)\Tuneup computer\Probsalert.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_169_ActiveX.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
HKLM\...\Run: [emMON] => C:\WINDOWS\emmon.exe [61440 2006-12-15] (eMPIA Technology, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-09-17] (Hewlett-Packard)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [Google Update] => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-30] (Google Inc.)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [Google+ Auto Backup] => C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: G - G:\unlock.exe autoplay=true
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {413d2c01-8169-11e3-8092-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {f871d524-1dcc-11e4-ab14-f0921cdca03a} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {f871d55f-1dcc-11e4-ab14-f0921cdca03a} - G:\LaunchU3.exe -a
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-11-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk [2015-04-08]
ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\Tevion Multimedia\External TV Tuner and Recorder Device Utilities\EMRCtl.exe (Kworld Computer Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server GUI.lnk [2014-04-13]
ShortcutTarget: Server GUI.lnk -> C:\Program Files\CompleteView\MainServerGui64.exe (Salient Systems Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-04-08]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CV SpotLight.lnk [2014-04-13]
ShortcutTarget: CV SpotLight.lnk -> C:\Program Files (x86)\CompleteView\CV SpotLight\CV SpotLight.exe (Salient Systems Corp.)
ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-17] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C ->  No File
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E19E79EC-F62E-40A0-952D-E49AEC7BEC2F} http://192.168.1.10/control/nvA1Media.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-10-03] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @microsoft.com/Office on Demand;version=1 -> C:\Users\Lynn\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @nsroblox.roblox.com/launcher -> C:\Users\Lynn\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @nsroblox.roblox.com/launcher64 -> C:\Users\Lynn\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Lynn\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Lynn\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-04-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-30]
FF HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [210432 2013-04-26] (Broadcom Corporation) [File not signed]
R2 CompleteView Administrative Service; C:\Program Files\CompleteView\AdminService64.exe [698368 2014-03-06] (Salient Systems Corporation) [File not signed]
R2 CompleteView Config Server; C:\Program Files\CompleteView\ConfigServer64.exe [2988544 2014-03-06] (Salient Systems Corporation) [File not signed]
R2 CompleteView Server; C:\Program Files\CompleteView\MainServer64.exe [20081152 2014-03-06] (Salient Systems Corporation) [File not signed]
R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1390552 2013-10-02] (CryptoMill Technologies Ltd.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-10-03] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [558392 2013-08-23] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11776 2014-05-02] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-05] (AVG Technologies)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
R3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [401368 2013-09-30] (CryptoMill Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-21] ()
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2014-01-19] (Microsoft Corporation) [File not signed]
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 16:02 - 2015-04-20 16:03 - 00027087 _____ () C:\Users\Lynn\Desktop\FRST.txt
2015-04-20 16:02 - 2015-04-20 16:02 - 00000000 ____D () C:\FRST
2015-04-20 15:57 - 2015-04-20 15:56 - 02099712 _____ (Farbar) C:\Users\Lynn\Desktop\FRST64.exe
2015-04-19 21:17 - 2015-04-19 21:17 - 00000143 _____ () C:\Users\Lynn\Desktop\esetscan419.txt
2015-04-19 15:33 - 2015-04-19 15:33 - 00009478 _____ () C:\Windows\PFRO.log
2015-04-14 13:56 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 13:56 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 13:56 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 13:56 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 13:56 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 13:56 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 13:56 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 13:56 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 13:56 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 13:56 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 13:56 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 13:56 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 13:56 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 13:56 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 13:56 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 13:56 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 13:56 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 13:56 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 13:56 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 13:56 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 13:56 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 13:56 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 13:56 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 13:56 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 13:56 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 13:56 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 13:56 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 13:56 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 13:56 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 13:56 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 13:56 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:56 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 13:56 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 13:56 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 13:56 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 13:56 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 13:56 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 13:56 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 13:56 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 13:56 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 13:56 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 13:56 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 13:56 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 13:56 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 13:56 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 13:56 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 13:56 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 13:56 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 13:56 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 13:56 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 13:56 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 13:56 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 13:56 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 13:56 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 13:56 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 13:56 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 13:56 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 13:56 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 13:56 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 13:56 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 13:56 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 13:56 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 13:56 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 13:56 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 13:56 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 13:56 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 13:56 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 13:56 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 13:56 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 13:56 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 13:56 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 13:56 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 13:56 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 13:56 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 13:56 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 13:56 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 13:56 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 13:56 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 13:56 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 13:56 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 13:56 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 13:56 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 13:56 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 13:56 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 13:56 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 13:56 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 13:56 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 13:56 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 13:56 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 13:56 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 13:56 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 13:56 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 13:56 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 13:56 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 13:55 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 13:55 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 13:55 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 08:08 - 2015-04-19 21:03 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer
2015-04-14 08:08 - 2015-04-14 08:08 - 00001933 _____ () C:\Users\Public\Desktop\PCTuner.lnk
2015-04-14 08:08 - 2015-04-14 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuner
2015-04-08 17:12 - 2015-04-08 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tevion Multimedia
2015-04-08 17:12 - 2015-04-08 17:12 - 00002312 _____ () C:\Users\Public\Desktop\HyperMediaCenter.lnk
2015-04-08 17:12 - 2006-09-22 20:37 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-04-08 17:10 - 2015-04-08 17:13 - 00000000 ____D () C:\Program Files (x86)\Tevion Multimedia
2015-04-08 17:09 - 2007-06-29 05:23 - 00002465 _____ () C:\Windows\TVEpaDrv.ini
2015-04-08 17:09 - 2007-06-29 05:23 - 00001877 _____ () C:\Windows\English.lng
2015-04-08 17:09 - 2007-06-15 02:49 - 00356864 _____ (Kworld Computer Co., Ltd.) C:\Windows\emunist.exe
2015-04-08 17:08 - 2007-01-12 03:54 - 00461824 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emBDA64.sys
2015-04-08 17:08 - 2007-01-12 03:53 - 00123904 _____ (eMPIA Technology, Inc.) C:\Windows\system32\emPRP64.ax
2015-04-08 17:08 - 2007-01-12 03:53 - 00106496 _____ (eMPIA Technology, Inc.) C:\Windows\SysWOW64\emPRP.ax
2015-04-08 17:08 - 2006-12-15 02:54 - 00061440 _____ (eMPIA Technology, Inc.) C:\Windows\emMON.exe
2015-04-08 17:08 - 2006-11-08 23:50 - 00016382 _____ () C:\Windows\system32\Drivers\merlinC.rom
2015-04-08 15:41 - 2015-04-08 15:41 - 00000000 ____D () C:\Users\Lynn\AppData\Local\Western_Digital
2015-04-08 15:38 - 2015-04-08 15:38 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-08 15:37 - 2015-04-08 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
2015-04-08 15:37 - 2015-04-08 15:37 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-08 15:37 - 2015-04-08 15:37 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-05 15:25 - 2015-04-05 15:25 - 00000156 _____ () C:\Users\Lynn\Desktop\Salient Server.acsf
2015-04-05 03:00 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-25 11:21 - 2015-03-25 11:21 - 00281056 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2015-03-24 17:06 - 2015-03-24 17:06 - 00000000 _____ () C:\autoexec.bat
2015-03-24 17:05 - 2015-03-24 17:05 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Lynn\Downloads\SpyHunter-Installer.exe
2015-03-24 17:05 - 2015-03-24 17:05 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-24 16:29 - 2015-03-24 16:29 - 02168320 _____ () C:\Users\Lynn\Downloads\adwcleaner_4.113.exe
2015-03-24 16:24 - 2015-03-24 16:24 - 00000000 ____D () C:\Users\Lynn\Downloads\backups
2015-03-24 16:11 - 2015-03-24 16:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lynn\Downloads\HijackThis.exe
2015-03-24 16:11 - 2015-03-24 16:11 - 00015984 _____ () C:\Users\Lynn\Downloads\hijackthis.log
2015-03-24 15:50 - 2015-04-20 15:33 - 00000775 _____ () C:\Windows\setupact.log
2015-03-24 15:50 - 2015-03-24 15:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-22 16:16 - 2015-03-22 16:16 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Lynn\Downloads\mbam-setup-2.1.4.1018.exe
2015-03-22 16:16 - 2015-03-22 16:16 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Lynn\Downloads\mbam-setup-2.1.4.1018 (1).exe
2015-03-22 16:15 - 2015-03-22 16:15 - 00116972 _____ () C:\Users\Lynn\Documents\cc_20150322_161500.reg
2015-03-22 16:09 - 2015-03-22 16:09 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-22 16:09 - 2015-03-22 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-22 16:08 - 2015-03-22 16:08 - 05325696 _____ (Piriform Ltd) C:\Users\Lynn\Downloads\ccsetup503 (2).exe
2015-03-21 10:55 - 2015-03-21 10:55 - 00005181 _____ () C:\Users\Lynn\Desktop\RKreport2_SCN_03212015_105122.txt
2015-03-21 10:47 - 2015-03-21 10:47 - 00005101 _____ () C:\Users\Lynn\Desktop\RKreport_SCN_03212015_103823.log
2015-03-21 10:10 - 2015-03-21 10:10 - 15648856 _____ () C:\Users\Lynn\Desktop\RogueKiller.exe
2015-03-21 10:10 - 2015-03-21 10:10 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-03-21 10:10 - 2015-03-21 10:10 - 00000000 ____D () C:\ProgramData\RogueKiller
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 16:01 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 16:01 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 15:59 - 2014-07-28 07:34 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynn
2015-04-20 15:59 - 2014-07-28 07:34 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForLynn.job
2015-04-20 15:59 - 2014-07-21 11:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 15:53 - 2014-04-13 14:56 - 01511545 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 15:50 - 2014-04-30 18:51 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003UA.job
2015-04-20 15:49 - 2014-01-19 18:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-20 15:42 - 2014-04-14 19:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 15:40 - 2009-07-14 00:13 - 00785942 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 15:38 - 2014-10-15 07:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-20 15:37 - 2014-09-06 19:16 - 00000396 __RSH () C:\ProgramData\ntuser.pol
2015-04-20 15:37 - 2014-04-14 19:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 15:34 - 2014-04-13 15:03 - 00000000 ____D () C:\Video
2015-04-20 15:34 - 2014-01-19 18:43 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-20 15:33 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.log
2015-04-20 15:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 17:28 - 2015-03-17 06:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 14:56 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
2015-04-19 14:44 - 2014-04-13 14:58 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B50B8001-A65A-4F52-AFD5-93C236C35A88}
2015-04-19 14:37 - 2014-04-19 16:50 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\.minecraft
2015-04-18 16:49 - 2014-04-30 18:51 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003Core.job
2015-04-17 18:43 - 2015-01-10 22:01 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 04:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 04:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 03:41 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
2015-04-15 03:38 - 2014-12-12 04:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:38 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:20 - 2014-05-17 09:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:19 - 2011-02-11 15:29 - 00778064 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:14 - 2014-05-08 07:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:06 - 2014-05-08 07:32 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:06 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2015-04-14 15:47 - 2014-01-19 18:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 15:47 - 2014-01-19 18:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 15:47 - 2014-01-19 18:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 08:08 - 2015-03-16 07:08 - 00003680 _____ () C:\Windows\System32\Tasks\boosterpop
2015-04-14 08:08 - 2015-03-16 07:08 - 00003678 _____ () C:\Windows\System32\Tasks\IEError
2015-04-14 08:08 - 2015-03-16 07:08 - 00003494 _____ () C:\Windows\System32\Tasks\AI_Updater
2015-04-10 20:07 - 2014-12-12 19:26 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-04-10 20:07 - 2014-11-02 17:46 - 00001169 _____ () C:\Users\Lynn\Desktop\ROBLOX Studio.lnk
2015-04-10 20:07 - 2014-06-25 22:10 - 00001350 _____ () C:\Users\Lynn\Desktop\ROBLOX Player.lnk
2015-04-10 12:09 - 2014-06-10 15:47 - 00000000 ____D () C:\Users\Lynn\Documents\Outlook Files
2015-04-10 11:08 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.003
2015-04-09 16:13 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.004
2015-04-08 17:17 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.005
2015-04-08 17:13 - 2014-01-19 18:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 17:08 - 2014-04-13 14:58 - 00000000 ____D () C:\Users\Lynn\AppData\Local\VirtualStore
2015-04-08 15:52 - 2014-04-13 16:07 - 00000000 ____D () C:\Users\Lynn\Documents\Retrieved Contents
2015-04-08 13:42 - 2014-04-30 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-04-03 12:32 - 2014-05-03 14:41 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-03-31 09:55 - 2014-10-15 07:31 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-31 09:55 - 2014-10-15 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-03-24 18:00 - 2014-04-14 16:43 - 00001176 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2015-03-24 18:00 - 2014-04-14 16:43 - 00001164 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2015-03-24 16:32 - 2014-06-19 08:56 - 00000000 ____D () C:\AdwCleaner
2015-03-24 15:51 - 2014-10-20 15:21 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\TeamViewer
2015-03-22 16:09 - 2015-03-16 19:37 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-21 09:33 - 2009-07-14 00:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 
==================== Files in the root of some directories =======
 
2014-10-14 19:37 - 2014-10-14 19:37 - 0002115 _____ () C:\ProgramData\1413333439.1576.bin
2014-10-14 19:37 - 2014-10-14 19:37 - 0041249 _____ () C:\ProgramData\1413333439.1716.bin
2014-10-14 19:37 - 2014-10-14 19:37 - 0000189 _____ () C:\ProgramData\1413333439.1920.bin
2014-04-19 14:18 - 2014-04-19 14:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-30 14:30 - 2014-11-30 14:36 - 0000817 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\Lynn\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Lynn\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynn\AppData\Local\Temp\sqlite3.dll
C:\Users\Lynn\AppData\Local\Temp\Uninstaller-6204.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 01:47
 
==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


m

#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 PM

Posted 25 April 2015 - 02:28 PM

Greetings Lynn and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run the below for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: G - G:\unlock.exe autoplay=true
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {413d2c01-8169-11e3-8092-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {f871d524-1dcc-11e4-ab14-f0921cdca03a} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {f871d55f-1dcc-11e4-ab14-f0921cdca03a} - G:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C ->  No File
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
2015-04-14 08:08 - 2015-04-19 21:03 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer
2015-04-14 08:08 - 2015-04-14 08:08 - 00001933 _____ () C:\Users\Public\Desktop\PCTuner.lnk
2015-04-14 08:08 - 2015-04-14 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuner
2014-10-14 19:37 - 2014-10-14 19:37 - 0002115 _____ () C:\ProgramData\1413333439.1576.bin
2014-10-14 19:37 - 2014-10-14 19:37 - 0041249 _____ () C:\ProgramData\1413333439.1716.bin
2014-10-14 19:37 - 2014-10-14 19:37 - 0000189 _____ () C:\ProgramData\1413333439.1920.bin
C:\Users\Lynn\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Lynn\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynn\AppData\Local\Temp\sqlite3.dll
C:\Users\Lynn\AppData\Local\Temp\Uninstaller-6204.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun FRST making sure there is a check mark in Addition.txt and post both logs
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FRST log
  • Addition.txt log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Lmhteach

Lmhteach
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 25 April 2015 - 07:04 PM

 
Hi Gary,
Thank you so much for agreeing to help me.  I hope I can keep up with you and understand what you need from me.  I hope I did what you asked here.  By running FRST after the "fix" step, I assumed you meant to run a "scan" again, which is what I did.  If I did something wrong, please let me know.
You asked for Fixlog, FRST log, Addition.txt log and System Summary Information.  I hope all was included.
Thanks!
 
Lynn  
 
 
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Lynn at 2015-04-25 18:36:26 Run:1
Running from C:\Users\Lynn\Desktop
Loaded Profiles: Lynn (Available profiles: Lynn)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: G - G:\unlock.exe autoplay=true
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {413d2c01-8169-11e3-8092-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {f871d524-1dcc-11e4-ab14-f0921cdca03a} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\MountPoints2: {f871d55f-1dcc-11e4-ab14-f0921cdca03a} - G:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: No Name -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C ->  No File
S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]
2015-04-14 08:08 - 2015-04-19 21:03 - 00000000 ____D () C:\Program Files (x86)\Tuneup computer
2015-04-14 08:08 - 2015-04-14 08:08 - 00001933 _____ () C:\Users\Public\Desktop\PCTuner.lnk
2015-04-14 08:08 - 2015-04-14 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuner
2014-10-14 19:37 - 2014-10-14 19:37 - 0002115 _____ () C:\ProgramData\1413333439.1576.bin
2014-10-14 19:37 - 2014-10-14 19:37 - 0041249 _____ () C:\ProgramData\1413333439.1716.bin
2014-10-14 19:37 - 2014-10-14 19:37 - 0000189 _____ () C:\ProgramData\1413333439.1920.bin
C:\Users\Lynn\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Lynn\AppData\Local\Temp\Quarantine.exe
C:\Users\Lynn\AppData\Local\Temp\sqlite3.dll
C:\Users\Lynn\AppData\Local\Temp\Uninstaller-6204.exe
*****************
 
"HKU\S-1-5-21-2042515690-782354764-4064259432-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => Key deleted successfully.
"HKU\S-1-5-21-2042515690-782354764-4064259432-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{413d2c01-8169-11e3-8092-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{413d2c01-8169-11e3-8092-806e6f6e6963} => Key not found. 
"HKU\S-1-5-21-2042515690-782354764-4064259432-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f871d524-1dcc-11e4-ab14-f0921cdca03a}" => Key deleted successfully.
HKCR\CLSID\{f871d524-1dcc-11e4-ab14-f0921cdca03a} => Key not found. 
"HKU\S-1-5-21-2042515690-782354764-4064259432-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f871d55f-1dcc-11e4-ab14-f0921cdca03a}" => Key deleted successfully.
HKCR\CLSID\{f871d55f-1dcc-11e4-ab14-f0921cdca03a} => Key not found. 
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}C" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C9C42510-9B41-42c1-9DCD-7282A2D07C61}C => Key not found. 
hitmanpro37duringboot => Service deleted successfully.
C:\Program Files (x86)\Tuneup computer => Moved successfully.
C:\Users\Public\Desktop\PCTuner.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuner => Moved successfully.
C:\ProgramData\1413333439.1576.bin => Moved successfully.
C:\ProgramData\1413333439.1716.bin => Moved successfully.
C:\ProgramData\1413333439.1920.bin => Moved successfully.
C:\Users\Lynn\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.
C:\Users\Lynn\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Lynn\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Lynn\AppData\Local\Temp\Uninstaller-6204.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 18:36:30 ====
 
 
 
FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by Lynn (administrator) on LYNN-HP on 25-04-2015 18:47:40
Running from C:\Users\Lynn\Desktop
Loaded Profiles: Lynn (Available profiles: Lynn)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\AdminService64.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\ConfigServer64.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\MainServer64.exe
(CryptoMill Technologies Ltd.) C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(eMPIA Technology, Inc.) C:\Windows\emMON.exe
(Google Inc.) C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Kworld Computer Co., Ltd.) C:\Program Files (x86)\Tevion Multimedia\External TV Tuner and Recorder Device Utilities\EMRCtl.exe
(Salient Systems Corporation) C:\Program Files\CompleteView\MainServerGui64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Salient Systems Corp.) C:\Program Files (x86)\CompleteView\CV SpotLight\CV SpotLight.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CORESHREDDER.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [CryptoMill Refresh] => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
HKLM\...\Run: [emMON] => C:\WINDOWS\emmon.exe [61440 2006-12-15] (eMPIA Technology, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111136 2012-11-21] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [493088 2012-11-21] (CyberLink Corp.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [HP File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe [2213592 2013-09-17] (Hewlett-Packard)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [Google Update] => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-30] (Google Inc.)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [Google+ Auto Backup] => C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3754312 2015-02-13] (Google Inc.)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Policies\Explorer: [HideSCAHealth] 1
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-11-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk [2015-04-08]
ShortcutTarget: Remote Control.lnk -> C:\Program Files (x86)\Tevion Multimedia\External TV Tuner and Recorder Device Utilities\EMRCtl.exe (Kworld Computer Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Server GUI.lnk [2014-04-13]
ShortcutTarget: Server GUI.lnk -> C:\Program Files\CompleteView\MainServerGui64.exe (Salient Systems Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2015-04-08]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CV SpotLight.lnk [2014-04-13]
ShortcutTarget: CV SpotLight.lnk -> C:\Program Files (x86)\CompleteView\CV SpotLight\CV SpotLight.exe (Salient Systems Corp.)
ShellIconOverlayIdentifiers: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
ShellIconOverlayIdentifiers-x32: [+1TBIcon] -> {B9C55E85-DED6-4911-82F3-83CF1CAB2898} => C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\tbicon.dll [2013-10-02] (CryptoMill Technologies Ltd.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: HP File Sanitizer -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2013-09-17] (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-13] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll [2012-02-13] (Microsoft Corporation.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E19E79EC-F62E-40A0-952D-E49AEC7BEC2F} http://192.168.1.10/control/nvA1Media.cab
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-07] (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> E:\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2013-10-03] (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @microsoft.com/Office on Demand;version=1 -> C:\Users\Lynn\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\npofficeondemand.dll [2012-11-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @nsroblox.roblox.com/launcher -> C:\Users\Lynn\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @nsroblox.roblox.com/launcher64 -> C:\Users\Lynn\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @tools.google.com/Google Update;version=3 -> C:\Users\Lynn\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @tools.google.com/Google Update;version=9 -> C:\Users\Lynn\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-2042515690-782354764-4064259432-1003: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Lynn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-11] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: HP Client Security Manager - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2014-01-19]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-04-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-30]
FF HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Google Wallet) - C:\Users\Lynn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [210432 2013-04-26] (Broadcom Corporation) [File not signed]
R2 CompleteView Administrative Service; C:\Program Files\CompleteView\AdminService64.exe [698368 2014-03-06] (Salient Systems Corporation) [File not signed]
R2 CompleteView Config Server; C:\Program Files\CompleteView\ConfigServer64.exe [2988544 2014-03-06] (Salient Systems Corporation) [File not signed]
R2 CompleteView Server; C:\Program Files\CompleteView\MainServer64.exe [20081152 2014-03-06] (Salient Systems Corporation) [File not signed]
R2 CreoService; C:\Program Files (x86)\Hewlett-Packard\HP Trust Circles\CreoSvc.exe [1390552 2013-10-02] (CryptoMill Technologies Ltd.)
R2 CtAgentService; C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe [7168 2013-08-14] () [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [500048 2013-10-03] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [558392 2013-08-23] (Hewlett-Packard Company)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [11776 2014-05-02] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-01-19] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-11-05] (AVG Technologies)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [65752 2013-06-13] (Hewlett-Packard Company)
R3 IceKore; C:\Windows\System32\DRIVERS\IceKore.sys [401368 2013-09-30] (CryptoMill Technologies Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-03-21] ()
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2014-01-19] (Microsoft Corporation) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 18:47 - 2015-04-25 18:49 - 00026257 _____ () C:\Users\Lynn\Desktop\FRST.txt
2015-04-25 18:27 - 2015-04-25 18:27 - 00001188 _____ () C:\Users\Public\Desktop\Install Microsoft Mouse and Keyboard Center.lnk
2015-04-24 17:13 - 2015-04-24 17:31 - 00000000 ____D () C:\Users\Lynn\Desktop\virus scanner results
2015-04-20 17:21 - 2015-04-20 17:21 - 00066066 _____ () C:\Users\Lynn\Documents\bleepingcomputer.txt
2015-04-20 16:02 - 2015-04-25 18:47 - 00000000 ____D () C:\FRST
2015-04-20 15:57 - 2015-04-20 15:56 - 02099712 _____ (Farbar) C:\Users\Lynn\Desktop\FRST64.exe
2015-04-19 15:33 - 2015-04-20 16:39 - 00009832 _____ () C:\Windows\PFRO.log
2015-04-14 13:56 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 13:56 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 13:56 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 13:56 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 13:56 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 13:56 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 13:56 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 13:56 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 13:56 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 13:56 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 13:56 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 13:56 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 13:56 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 13:56 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 13:56 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 13:56 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 13:56 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 13:56 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 13:56 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 13:56 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 13:56 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 13:56 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 13:56 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 13:56 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 13:56 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 13:56 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 13:56 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:56 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 13:56 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 13:56 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 13:56 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 13:56 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 13:56 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 13:56 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 13:56 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 13:56 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 13:56 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 13:56 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 13:56 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 13:56 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 13:56 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 13:56 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 13:56 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 13:56 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 13:56 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 13:56 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 13:56 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 13:56 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 13:56 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 13:56 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 13:56 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 13:56 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 13:56 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 13:56 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 13:56 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 13:56 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 13:56 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 13:56 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 13:56 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 13:56 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 13:56 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 13:56 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 13:56 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 13:56 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 13:56 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 13:56 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 13:56 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 13:56 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 13:56 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 13:56 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 13:56 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 13:56 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 13:56 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 13:56 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 13:56 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 13:56 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 13:56 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 13:56 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 13:56 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 13:56 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 13:56 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 13:56 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 13:56 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 13:56 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 13:56 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 13:56 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 13:56 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 13:56 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 13:56 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 13:56 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 13:56 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 13:56 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 13:56 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 13:56 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 13:56 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 13:56 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 13:56 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 13:56 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 13:56 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 13:56 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 13:56 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 13:56 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 13:55 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 13:55 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 13:55 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-08 17:12 - 2015-04-08 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tevion Multimedia
2015-04-08 17:12 - 2015-04-08 17:12 - 00002312 _____ () C:\Users\Public\Desktop\HyperMediaCenter.lnk
2015-04-08 17:12 - 2006-09-22 20:37 - 00327168 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-04-08 17:10 - 2015-04-08 17:13 - 00000000 ____D () C:\Program Files (x86)\Tevion Multimedia
2015-04-08 17:09 - 2007-06-29 05:23 - 00002465 _____ () C:\Windows\TVEpaDrv.ini
2015-04-08 17:09 - 2007-06-29 05:23 - 00001877 _____ () C:\Windows\English.lng
2015-04-08 17:09 - 2007-06-15 02:49 - 00356864 _____ (Kworld Computer Co., Ltd.) C:\Windows\emunist.exe
2015-04-08 17:08 - 2007-01-12 03:54 - 00461824 _____ (eMPIA Technology, Inc.) C:\Windows\system32\Drivers\emBDA64.sys
2015-04-08 17:08 - 2007-01-12 03:53 - 00123904 _____ (eMPIA Technology, Inc.) C:\Windows\system32\emPRP64.ax
2015-04-08 17:08 - 2007-01-12 03:53 - 00106496 _____ (eMPIA Technology, Inc.) C:\Windows\SysWOW64\emPRP.ax
2015-04-08 17:08 - 2006-12-15 02:54 - 00061440 _____ (eMPIA Technology, Inc.) C:\Windows\emMON.exe
2015-04-08 17:08 - 2006-11-08 23:50 - 00016382 _____ () C:\Windows\system32\Drivers\merlinC.rom
2015-04-08 15:41 - 2015-04-08 15:41 - 00000000 ____D () C:\Users\Lynn\AppData\Local\Western_Digital
2015-04-08 15:38 - 2015-04-08 15:38 - 00000000 ____D () C:\ProgramData\Western Digital
2015-04-08 15:37 - 2015-04-08 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
2015-04-08 15:37 - 2015-04-08 15:37 - 00000000 ____D () C:\Program Files\Western Digital
2015-04-08 15:37 - 2015-04-08 15:37 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-04-05 15:25 - 2015-04-05 15:25 - 00000156 _____ () C:\Users\Lynn\Desktop\Salient Server.acsf
2015-04-05 03:00 - 2015-04-05 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 18:49 - 2014-04-30 18:51 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003UA.job
2015-04-25 18:49 - 2014-04-13 14:56 - 01547563 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 18:48 - 2009-07-14 00:13 - 00785942 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 18:47 - 2014-01-19 18:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-25 18:45 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 18:45 - 2009-07-13 23:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 18:43 - 2014-09-06 19:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-04-25 18:43 - 2014-04-14 19:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-25 18:43 - 2014-01-19 18:43 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-25 18:42 - 2015-03-24 15:50 - 00002371 _____ () C:\Windows\setupact.log
2015-04-25 18:42 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.log
2015-04-25 18:42 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-25 18:36 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-25 18:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-04-25 18:31 - 2014-10-15 07:28 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-25 18:29 - 2014-04-13 14:58 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B50B8001-A65A-4F52-AFD5-93C236C35A88}
2015-04-25 18:27 - 2014-06-10 15:47 - 00000000 ____D () C:\Users\Lynn\Documents\Outlook Files
2015-04-25 18:26 - 2014-04-13 15:03 - 00000000 ____D () C:\Video
2015-04-25 18:25 - 2014-07-28 07:34 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForLynn.job
2015-04-25 18:25 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.001
2015-04-20 15:59 - 2014-07-28 07:34 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForLynn
2015-04-20 15:59 - 2014-07-21 11:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-20 15:42 - 2014-04-14 19:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 15:33 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.002
2015-04-19 17:28 - 2015-03-17 06:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-19 14:56 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.003
2015-04-19 14:37 - 2014-04-19 16:50 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\.minecraft
2015-04-18 16:49 - 2014-04-30 18:51 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003Core.job
2015-04-17 18:43 - 2015-01-10 22:01 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 04:39 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 04:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-15 03:41 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.004
2015-04-15 03:38 - 2014-12-12 04:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 03:38 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 03:20 - 2014-05-17 09:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 03:19 - 2011-02-11 15:29 - 00778064 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 03:14 - 2014-05-08 07:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 03:06 - 2014-05-08 07:32 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 03:06 - 2009-07-13 21:34 - 00000505 _____ () C:\Windows\win.ini
2015-04-14 15:47 - 2014-01-19 18:42 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 15:47 - 2014-01-19 18:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 15:47 - 2014-01-19 18:42 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 08:08 - 2015-03-16 07:08 - 00003680 _____ () C:\Windows\System32\Tasks\boosterpop
2015-04-14 08:08 - 2015-03-16 07:08 - 00003678 _____ () C:\Windows\System32\Tasks\IEError
2015-04-14 08:08 - 2015-03-16 07:08 - 00003494 _____ () C:\Windows\System32\Tasks\AI_Updater
2015-04-10 20:07 - 2014-12-12 19:26 - 00000000 ____D () C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-04-10 20:07 - 2014-11-02 17:46 - 00001169 _____ () C:\Users\Lynn\Desktop\ROBLOX Studio.lnk
2015-04-10 20:07 - 2014-06-25 22:10 - 00001350 _____ () C:\Users\Lynn\Desktop\ROBLOX Player.lnk
2015-04-10 11:08 - 2014-01-19 18:44 - 00000225 _____ () C:\Windows\CryptoMill_CreoService.005
2015-04-08 17:13 - 2014-01-19 18:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-08 17:08 - 2014-04-13 14:58 - 00000000 ____D () C:\Users\Lynn\AppData\Local\VirtualStore
2015-04-08 15:52 - 2014-04-13 16:07 - 00000000 ____D () C:\Users\Lynn\Documents\Retrieved Contents
2015-04-08 13:42 - 2014-04-30 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-04-03 12:32 - 2014-05-03 14:41 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-03-31 09:55 - 2014-10-15 07:31 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-31 09:55 - 2014-10-15 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
==================== Files in the root of some directories =======
 
2014-04-19 14:18 - 2014-04-19 14:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-30 14:30 - 2014-11-30 14:36 - 0000817 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 01:47
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by Lynn at 2015-04-25 18:50:31
Running from C:\Users\Lynn\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BA88C518-1C29-6931-1190-D9153F49461B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5863 - AVG Technologies)
AVG 2015 (Version: 15.0.4334 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5863 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.0.0.19 - AVG Technologies)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{916302F3-4586-40B0-BAE6-06C1347DBCB6}) (Version: 16.2.3.1 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CompleteView (HKLM\...\CompleteView) (Version: 4.3.0.88 - Salient Systems Corporation)
CV SpotLight 4.3.0.88 (HKLM-x32\...\CV SpotLight 4.3.0.88) (Version: 4.3.0.88 - Salient Systems Corporation)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2321 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
D2400 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
D2400_Help (x32 Version: 90.0.235.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
D-Fend Reloaded 1.3.6 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.6 - Alexander Herzog)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
dj_sf_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
dj_sf_software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
dj_sf_software_req (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
EaseUS Data Recovery Wizard 8.0 (HKLM-x32\...\EaseUS Data Recovery Wizard 8.0_is1) (Version:  - EaseUS)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.1.1714 - Hewlett-Packard Company)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet Printer Driver Software 13.0 Rel. 1 (HKLM\...\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}) (Version: 13.0 - HP)
HP Device Access Manager (HKLM\...\{AD7F97D3-AB72-4A10-B56A-95EC21F854DE}) (Version: 8.2.0.11 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{547607B0-3294-4ECA-8F5E-921404676CBB}) (Version: 8.4.13.1 - Hewlett-Packard Company)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Theft Recovery (HKLM-x32\...\InstallShield_{BAC712C6-4061-4C9F-AB58-A5C53E76704A}) (Version: 8.3.0.2 - Hewlett-Packard Company)
HP Trust Circles (HKLM-x32\...\HP Trust Circles) (Version: 8.3.6.16976 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
HyperMediaCenter (HKLM-x32\...\{6AE9A059-6372-435D-A5FE-0568A3B67F19}) (Version: 3.0 - )
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Learning Ally Link (HKLM-x32\...\{AC8776BB-DE40-4BEC-8042-07B25B739F72}) (Version: 2.0.0 - Learning Ally)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office on Demand Browser Add-ons (HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\Microsoft Office on Demand Browser Add-ons) (Version:  - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PCTuner (HKLM-x32\...\{D9153832-BD97-41FD-A4F3-A135E204B7A2}) (Version: 1.0.0.0 - Tuneup computer)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Lynn (HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio (HKLM-x32\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 27.2.81200 - Sonos, Inc.)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)
Tevion External TV Tuner and Recorder BDA Drivers (HKLM-x32\...\TVEpaDrv) (Version:  - )
Tevion External TV Tuner and Recorder Device Utilities (HKLM-x32\...\{55D8440D-6577-46DC-9571-8E5E3046AC11}) (Version: 3.0.0.0 - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2042515690-782354764-4064259432-1003\...\UnityWebPlayer) (Version: 4.6.0f2 - Unity Technologies ApS)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WeatherApp (HKLM-x32\...\{67E7E216-1173-4B30-BA9B-E737E032EFBB}) (Version: 1.0.0.0 - Portable WeatherApp)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2042515690-782354764-4064259432-1003_Classes\CLSID\{225F8CFE-1B76-48E6-8E75-62CC471AFA28}\InprocServer32 -> C:\Users\Lynn\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\Microsoft Office 15\RoamingOfficeActiveX.64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2042515690-782354764-4064259432-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lynn\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2042515690-782354764-4064259432-1003_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Lynn\AppData\Local\Roblox\Versions\version-d0c46c562fb34e08\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-2042515690-782354764-4064259432-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lynn\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
25-04-2015 18:30:41 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-09-09 18:13 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {02DBDA6D-8CB1-4DEB-83C0-4D9F81E42DB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {10A46812-8AFF-4197-B632-85739AC6BEC7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {156D5609-B00C-4695-87B7-36BC27770642} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {1F38C093-0709-4894-BFA3-293198E18D7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {249ADF0A-0E57-4F43-8F07-7D2F95D2EBE3} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {2CDA2A75-1D8B-491C-826F-4E4C5047B1A9} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe [2014-12-05] ()
Task: {3AF652F9-33A4-45B2-8162-D82177115B4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {443A6536-79B0-47EE-80FC-51491C45A2C8} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {5580A872-3055-4C4C-A185-1DFBEA6E0DAB} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {68BBD104-E0BE-4E1C-BC3E-90622CC6F3EA} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {78B4A674-B244-461F-9D76-70A3036AFA29} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003UA => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {794AF4B7-4CE5-4883-B089-5464E9AA44F8} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {7E6ED199-1682-470E-B5F5-806A433CD958} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-14] (Google Inc.)
Task: {8A837B3B-BA0A-4ED9-BF55-8BEC47211F67} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe
Task: {9A33BD87-5602-4DB2-9D69-3553620F21B0} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BDA1E985-BFA4-475A-8F9B-81C7FE4AAD07} - System32\Tasks\FellowSky\FellowSky => C:\ProgramData\FellowSky\FellowSky.exe
Task: {C042ABF2-8D7E-412B-B71D-8A99E019DC48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C91F01AC-4BB4-4710-BB64-CD0FD4828F71} - System32\Tasks\HPCeeScheduleForLynn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D37D0F76-9FD9-4006-8FD9-6C2B04635C12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D7A220C3-3432-4D22-AA43-918A9109D2C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DD7C217E-2C8F-4C6B-B9C5-065039CA2F77} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E8BDABEC-128F-47A5-9FEF-A48A613BECBE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003Core => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
Task: {F2955C41-80C3-494C-B2BA-70D4621E6CC1} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003Core.job => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2042515690-782354764-4064259432-1003UA.job => C:\Users\Lynn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLynn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-08-14 16:06 - 2013-08-14 16:06 - 00007168 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Theft Recovery\CtService.exe
2011-03-09 11:41 - 2011-03-09 11:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 11:41 - 2011-03-09 11:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-30 19:47 - 2013-08-30 19:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2014-05-02 17:58 - 2014-05-02 17:58 - 00011776 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-05 09:24 - 2010-03-05 09:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2015-02-13 06:15 - 2015-02-13 06:15 - 03219456 _____ () C:\Users\Lynn\AppData\Local\Programs\Google\Google+ Auto Backup\gpuploader_i18n.dll
2014-03-06 11:37 - 2014-03-06 11:25 - 00016384 _____ () C:\Program Files (x86)\CompleteView\CV SpotLight\AxInterop.CVClientControlLib.dll
2014-01-19 18:43 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-05 21:27 - 2014-11-05 21:27 - 01685528 _____ () C:\Program Files (x86)\AVG Web TuneUp\TBAPI.dll
2015-04-17 18:43 - 2015-04-13 16:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-17 18:43 - 2015-04-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
2014-05-02 17:55 - 2014-05-02 17:55 - 00071680 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Lynn\Documents\Highlander Plus Vehicle.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2042515690-782354764-4064259432-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Lynn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2042515690-782354764-4064259432-500 - Administrator - Disabled)
Guest (S-1-5-21-2042515690-782354764-4064259432-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2042515690-782354764-4064259432-1004 - Limited - Enabled)
Lynn (S-1-5-21-2042515690-782354764-4064259432-1003 - Administrator - Enabled) => C:\Users\Lynn
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/25/2015 06:41:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MainServer64.exe, version: 4.3.0.88, time stamp: 0x5318b226
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004ad94
Faulting process id: 0xa58
Faulting application start time: 0xMainServer64.exe0
Faulting application path: MainServer64.exe1
Faulting module path: MainServer64.exe2
Report Id: MainServer64.exe3
 
Error: (04/25/2015 06:40:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x52212ee7
Faulting module name: ntdll.dll, version: 6.1.7601.18798, time stamp: 0x5507b864
Exception code: 0xc0000005
Fault offset: 0x000000000004ad94
Faulting process id: 0x898
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3
 
Error: (04/24/2015 05:07:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
Error: (04/20/2015 05:20:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
Error: (04/20/2015 05:20:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Professional Plus 2010; Error = 0x8007043c).
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007043c).
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x8007043c.
 
Error: (04/20/2015 03:44:20 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).
 
 
System errors:
=============
Error: (04/24/2015 05:36:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WDDMService{D74D8804-93D2-4F6C-BDFC-260B98D188FF}
 
Error: (04/24/2015 05:32:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (04/24/2015 04:48:40 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084MSIServer{000C101C-0000-0000-C000-000000000046}
 
Error: (04/24/2015 04:38:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2015 04:38:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2015 04:38:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2015 04:38:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2015 04:38:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2015 04:38:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (04/24/2015 04:38:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (04/25/2015 06:41:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MainServer64.exe4.3.0.885318b226ntdll.dll6.1.7601.187985507b864c0000005000000000004ad94a5801d07faf265dde4bC:\Program Files\CompleteView\MainServer64.exeC:\Windows\SYSTEM32\ntdll.dll8759b33d-eba4-11e4-8828-f0921cdca03a
 
Error: (04/25/2015 06:40:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.052212ee7ntdll.dll6.1.7601.187985507b864c0000005000000000004ad9489801d07faf24be4f54C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\SYSTEM32\ntdll.dll74569603-eba4-11e4-8828-f0921cdca03a
 
Error: (04/24/2015 05:07:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
 
Error: (04/20/2015 05:20:16 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
 
Error: (04/20/2015 05:20:03 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Professional Plus 20100x8007043c
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 35) (User: )
Description: 0x8007043c
 
Error: (04/20/2015 05:19:31 PM) (Source: Outlook) (EventID: 34) (User: )
Description: 0x8007043c
 
Error: (04/20/2015 03:44:20 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5500B APU with Radeon™ HD Graphics 
Percentage of memory in use: 67%
Total physical RAM: 3278.23 MB
Available physical RAM: 1052.67 MB
Total Pagefile: 6554.65 MB
Available Pagefile: 3938.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:455.45 GB) (Free:164.92 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:10.11 GB) (Free:1.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:698.63 GB) (Free:628.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8FE5AF2C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 698.6 GB) (Disk ID: 8D858D85)
Partition 1: (Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 PM

Posted 25 April 2015 - 08:23 PM

Hi Lynn,

You did great, I think I am going to have to keep up with you. :)

Can you tell me if you installed Video Surveillance software on your computer?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
2015-04-14 08:08 - 2015-03-16 07:08 - 00003680 _____ () C:\Windows\System32\Tasks\boosterpop
2015-04-14 08:08 - 2015-03-16 07:08 - 00003678 _____ () C:\Windows\System32\Tasks\IEError
2015-04-14 08:08 - 2015-03-16 07:08 - 00003494 _____ () C:\Windows\System32\Tasks\AI_Updater
Task: {156D5609-B00C-4695-87B7-36BC27770642} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {68BBD104-E0BE-4E1C-BC3E-90622CC6F3EA} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {249ADF0A-0E57-4F43-8F07-7D2F95D2EBE3} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {2CDA2A75-1D8B-491C-826F-4E4C5047B1A9} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe [2014-12-05] ()
Task: {794AF4B7-4CE5-4883-B089-5464E9AA44F8} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {8A837B3B-BA0A-4ED9-BF55-8BEC47211F67} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe
Task: {BDA1E985-BFA4-475A-8F9B-81C7FE4AAD07} - System32\Tasks\FellowSky\FellowSky => C:\ProgramData\FellowSky\FellowSky.exe
C:\Program Files (x86)\Portable WeatherApp
C:\Windows\PCBHDNW
C:\Program Files (x86)\Tuneup computer
C:\ProgramData\FellowSky
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Video Surveillance?
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Lmhteach

Lmhteach
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 25 April 2015 - 10:08 PM

Hi Gary,

Yes I do have video surveillance software on my computer.  My brother-in-law and nephew work for video security and have a camera on my house along with the software on my computer, phone, and Ipad.

 

As for computer performance, I have not seen the Warning screen again this evening, so that's a good thing.  I know longer see PcTuner showing up in my program list either.  CCleaner has shown up twice telling me to clean something up but I ignored it.  I don't know if it's a good thing or not.  My grandson had installed DC universe online and said the Warning message came after both times that he opened that.  The shortcut is still on my computer although the icon is a blank page now rather that a picture of superheroes.  Same thing in the start menu.  the icon shows a blank page.  Should I try to uninstall it?

 

Thanks again.  Love your quote at your sign-off, by the way!  (Lord, to whom would we go? .....      :)

 

 

contents of fixlog: 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by Lynn at 2015-04-25 21:44:51 Run:2
Running from C:\Users\Lynn\Desktop
Loaded Profiles: Lynn (Available profiles: Lynn)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
2015-04-14 08:08 - 2015-03-16 07:08 - 00003680 _____ () C:\Windows\System32\Tasks\boosterpop
2015-04-14 08:08 - 2015-03-16 07:08 - 00003678 _____ () C:\Windows\System32\Tasks\IEError
2015-04-14 08:08 - 2015-03-16 07:08 - 00003494 _____ () C:\Windows\System32\Tasks\AI_Updater
Task: {156D5609-B00C-4695-87B7-36BC27770642} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {68BBD104-E0BE-4E1C-BC3E-90622CC6F3EA} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {249ADF0A-0E57-4F43-8F07-7D2F95D2EBE3} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {2CDA2A75-1D8B-491C-826F-4E4C5047B1A9} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe [2014-12-05] ()
Task: {794AF4B7-4CE5-4883-B089-5464E9AA44F8} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {8A837B3B-BA0A-4ED9-BF55-8BEC47211F67} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe
Task: {BDA1E985-BFA4-475A-8F9B-81C7FE4AAD07} - System32\Tasks\FellowSky\FellowSky => C:\ProgramData\FellowSky\FellowSky.exe
C:\Program Files (x86)\Portable WeatherApp
C:\Windows\PCBHDNW
C:\Program Files (x86)\Tuneup computer
C:\ProgramData\FellowSky
emptytemp:
*****************
 
C:\Windows\System32\Tasks\boosterpop => Moved successfully.
C:\Windows\System32\Tasks\IEError => Moved successfully.
C:\Windows\System32\Tasks\AI_Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{156D5609-B00C-4695-87B7-36BC27770642}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{156D5609-B00C-4695-87B7-36BC27770642}" => Key deleted successfully.
C:\Windows\System32\Tasks\IE_ERR4WDR => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68BBD104-E0BE-4E1C-BC3E-90622CC6F3EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68BBD104-E0BE-4E1C-BC3E-90622CC6F3EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\AI_Updater not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AI_Updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{249ADF0A-0E57-4F43-8F07-7D2F95D2EBE3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{249ADF0A-0E57-4F43-8F07-7D2F95D2EBE3}" => Key deleted successfully.
C:\Windows\System32\Tasks\IEError not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IEError" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CDA2A75-1D8B-491C-826F-4E4C5047B1A9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CDA2A75-1D8B-491C-826F-4E4C5047B1A9}" => Key deleted successfully.
C:\Windows\System32\Tasks\HDNINSTSCHD => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{794AF4B7-4CE5-4883-B089-5464E9AA44F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{794AF4B7-4CE5-4883-B089-5464E9AA44F8}" => Key deleted successfully.
C:\Windows\System32\Tasks\UPDTEXE4_WDR => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A837B3B-BA0A-4ED9-BF55-8BEC47211F67}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A837B3B-BA0A-4ED9-BF55-8BEC47211F67}" => Key deleted successfully.
C:\Windows\System32\Tasks\boosterpop not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\boosterpop" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDA1E985-BFA4-475A-8F9B-81C7FE4AAD07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDA1E985-BFA4-475A-8F9B-81C7FE4AAD07}" => Key deleted successfully.
C:\Windows\System32\Tasks\FellowSky\FellowSky => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FellowSky\FellowSky" => Key deleted successfully.
"C:\Program Files (x86)\Portable WeatherApp" => File/Directory not found.
C:\Windows\PCBHDNW => Moved successfully.
"C:\Program Files (x86)\Tuneup computer" => File/Directory not found.
"C:\ProgramData\FellowSky" => File/Directory not found.
EmptyTemp: => Removed 1.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:45:10 ====


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 PM

Posted 25 April 2015 - 10:15 PM

Thank you for your encouragement Lynn.

Did the warning come up after we ran everything? Yes, you can remove those items.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Lmhteach

Lmhteach
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 25 April 2015 - 10:30 PM

I have been on the computer purposely waiting for it to come back, and it hasn't.  I deleted DC Universe from the desktop and start menu without a problem.  I went to Control Panel and Programs to uninstall it that way, but it was no longer in that list.  However, Pctuner and WeatherApp are still there (I don't know if WeatherApp is bad or not....Pctuner seemed bad from when I had tried to uninstall before and it wouldn't let me).  I did not

touch it now.   Didn't know if I should?

 

Could this possibly be cleared up this easily?  (Well, easily for me....I have no idea what you are doing on you end)!

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 PM

Posted 25 April 2015 - 10:45 PM

We still have a bit to do but we have made some good progress. Some of the things we have removed are marginal programs and not malware, per se.

This will be my last post for this evening.

Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

  • Check the Export keys radio button
  • Press the Go button and attach the report to your reply
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste the contents of the report in your reply
  • Note: If you receive an error report saying there are too many emoticons simply attach the file instead
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached MiniRegTool report
  • Emsisoft report (if applicable)
  • Security Check log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Lmhteach

Lmhteach
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 26 April 2015 - 10:09 AM

Hi Gary,

I had something happen this time during the Emisoft Emergency Kit scan.  Twice AVG  stopped two threats....the first one was malsign.generic.EC7 found in system volume information and the second one was Adwaregeneric, also found in system information.  I had to hit remove all in order for the AVG screen to exit.  I took a picture of both results with my phone, but I can't get it to my email for some reason.

 

One question for you:  when you have me download something to my desktop, I click on it, and it downloads it to a download file.   Is that okay, or should I be doing something different besides clicking on the link?

 

Thanks! Lynn

 

 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
"DisplayIcon"="\"C:\\Program Files (x86)\\AVG\\AVG2015\\avgmfapx.exe\""
"DisplayName"="AVG 2015"
"DisplayVersion"="2015.0.5863"
"Publisher"="AVG Technologies"
"ModifyPath"="\"C:\\Program Files (x86)\\AVG\\AVG2015\\avgmfapx.exe\" /AppMode=DOWNLOADMANAGER /UDS=1"
"UninstallString"="\"C:\\Program Files (x86)\\AVG\\AVG2015\\avgmfapx.exe\" /AppMode=SETUP /Uninstall /UDS=1"
"EstimatedSize"=dword:00000000
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
"DisplayName"="CCleaner"
"UninstallString"="\"C:\\Program Files\\CCleaner\\uninst.exe\""
"Publisher"="Piriform"
"InstallLocation"="C:\\Program Files\\CCleaner"
"VersionMajor"=dword:00000005
"VersionMinor"=dword:00000003
"DisplayVersion"="5.03"
"DisplayIcon"="C:\\Program Files\\CCleaner\\CCleaner64.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CompleteView]
"DisplayName"="CompleteView"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"UninstallString"="\"C:\\Windows\\CompleteView\\uninstall.exe\" \"/U:C:\\Program Files\\CompleteView\\Uninstall\\uninstall.xml\""
"Publisher"="Salient Systems Corporation"
"Contact"="Salient Systems Corporation Support Department"
"DisplayVersion"="4.3.0.88"
"RegOwner"="Lynn"
"RegCompany"="Hewlett-Packard Company"
"Comments"="Digital Video Management System"
"InstallLocation"="C:\\Program Files\\CompleteView"
"DisplayIcon"="C:\\Program Files\\CompleteView\\App.ico"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]
"SystemComponent"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Imaging Device Functions]
"UninstallString"="C:\\Program Files (x86)\\HP\\Digital Imaging\\DeviceManagement\\hpzscr01.exe -datfile hpqbud01.dat"
"DisplayName"="HP Imaging Device Functions 13.0"
"DisplayIcon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\DeviceManagement\\hpzscr01.exe,0"
"DisplayVersion"="13.0"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"Description"="The basic software that makes your product work and helps you in maintaining it."
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Photosmart Essential]
"UninstallString"="C:\\Program Files (x86)\\HP\\Digital Imaging\\PhotosmartEssential\\hpzscr01.exe -datfile hpqbud13.dat -forcereboot"
"DisplayName"="HP Photosmart Essential 3.5"
"DisplayIcon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\PhotosmartEssential\\hpzscr01.exe,0"
"DisplayVersion"="3.5"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"Description"="Photo software that simplifies how you view, organize, edit, print, share and tell stories with your photos. Important!  Without this software, some of the buttons on your device may not be fully functional."
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Smart Web Printing]
"UninstallString"="C:\\Program Files (x86)\\HP\\Digital Imaging\\Smart Web Printing\\hpzscr01.exe -datfile hpqbud15.dat"
"DisplayName"="HP Smart Web Printing 4.51"
"DisplayIcon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\Smart Web Printing\\hpzscr01.exe,0"
"DisplayVersion"="4.51"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"Description"="Automatically adjusts web pages to fit your printed page.  No more missing content or wasted pages."
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HP Solution Center & Imaging Support Tools]
"UninstallString"="C:\\Program Files (x86)\\HP\\Digital Imaging\\eSupport\\hpzscr01.exe -datfile hpqbud05.dat -forcereboot"
"DisplayName"="HP Solution Center 13.0"
"DisplayIcon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\eSupport\\hpzscr01.exe,0"
"DisplayVersion"="13.0"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"Description"="Your one-stop for accessing key product features, documentation, troubleshooting, and online shopping."
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPExtendedCapabilities]
"UninstallString"="C:\\Program Files (x86)\\HP\\Digital Imaging\\ExtCapUninstall\\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot"
"DisplayName"="HP Customer Participation Program 13.0"
"DisplayIcon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\ExtCapUninstall\\hpzscr01.exe,0"
"DisplayVersion"="13.0"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"Description"="This software can help you receive additional benefits only available to HP printing customers.  Once this software is installed, you will have an opportunity to participate in market research designed to improve HP products and experiences.  An invitation will appear on your screen in a few weeks and you can choose whether or not to participate at that time.  Customers who do a lot of printing may also receive an invitation to participate in programs with benefits such as special offers, awards and enhanced  technical support."
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HPProtectTools]
"DisplayName"="HP Client Security Manager"
"DisplayVersion"="8.3.1.1714"
"InstallLocation"="c:\\Program Files\\Hewlett-Packard\\HP ProtectTools Security Manager\\"
"UninstallString"="c:\\Program Files\\Hewlett-Packard\\HP ProtectTools Security Manager\\Bin\\setup.exe"
"Publisher"="Hewlett-Packard Company"
"DisplayIcon"="c:\\Program Files\\Hewlett-Packard\\HP ProtectTools Security Manager\\Bin\\dpsmver.dll,0"
"EstimatedSize"=dword:0001628b
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)]
"DisplayIcon"="msiexec.exe"
"DisplayName"="Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"
"DisplayVersion"="10.0.50903"
"InstallLocation"="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\"
"ModifyPath"="MsiExec.exe /I {9495AEB4-AB97-39DE-8C42-806EEF75ECA7}"
"NoModify"=dword:00000000
"Publisher"="Microsoft Corporation"
"UninstallPath"="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\\install.exe"
"UninstallString"="C:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\10.0\\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)\\install.exe"
"VersionMajor"="4"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shop for HP Supplies]
"UninstallString"="C:\\Program Files (x86)\\HP\\Digital Imaging\\HPSSupply\\hpzscr01.exe -datfile hpqbud16.dat"
"DisplayName"="Shop for HP Supplies"
"DisplayIcon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\HPSSupply\\hpzscr01.exe,0"
"DisplayVersion"="13.0"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"Description"="Provides direct, online access to purchase HP supplies."
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC]
"NoRemove"=dword:00000001
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
"DisplayName"="WinRAR 5.10 (64-bit)"
"DisplayVersion"="5.10.0"
"VersionMajor"=dword:00000005
"VersionMinor"=dword:0000000a
"UninstallString"="C:\\Program Files\\WinRAR\\uninstall.exe"
"DisplayIcon"="C:\\Program Files\\WinRAR\\WinRAR.exe"
"InstallLocation"="C:\\Program Files\\WinRAR\\"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Language"=dword:00000000
"Publisher"="win.rar GmbH"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07179D37-D5FE-4373-90D9-A25B992EFB3E}]
"AuthorizedCDFPrefix"=""
"Comments"="This installer database contains the logic and data required to install WD SmartWare."
"Contact"=""
"DisplayVersion"="1.4.5.5"
"HelpLink"=hex(2):77,00,77,00,77,00,2e,00,73,00,75,00,70,00,70,00,6f,00,72,00,\
  74,00,2e,00,77,00,64,00,63,00,2e,00,63,00,6f,00,6d,00,00,00
"HelpTelephone"=""
"InstallDate"="20150408"
"InstallLocation"="C:\\Program Files\\Western Digital\\WD SmartWare\\"
"InstallSource"="H:\\WD SmartWare\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,30,00,37,00,31,00,37,00,39,00,44,00,33,00,\
  37,00,2d,00,44,00,35,00,46,00,45,00,2d,00,34,00,33,00,37,00,33,00,2d,00,39,\
  00,30,00,44,00,39,00,2d,00,41,00,32,00,35,00,42,00,39,00,39,00,32,00,45,00,\
  46,00,42,00,33,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Western Digital"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00009106
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,30,00,37,00,31,00,37,00,39,00,44,00,33,\
  00,37,00,2d,00,44,00,35,00,46,00,45,00,2d,00,34,00,33,00,37,00,33,00,2d,00,\
  39,00,30,00,44,00,39,00,2d,00,41,00,32,00,35,00,42,00,39,00,39,00,32,00,45,\
  00,46,00,42,00,33,00,45,00,7d,00,00,00
"URLInfoAbout"="www.wdc.com"
"URLUpdateInfo"="www.wdc.com"
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000004
"WindowsInstaller"=dword:00000001
"Version"=dword:01040005
"Language"=dword:00000409
"DisplayName"="WD SmartWare"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="8.0.56336"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20110211"
"InstallLocation"=""
"InstallSource"="C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\IXP001.TMP\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,30,00,37,00,31,00,63,00,39,00,62,00,34,00,\
  38,00,2d,00,37,00,63,00,33,00,32,00,2d,00,34,00,36,00,32,00,31,00,2d,00,61,\
  00,30,00,61,00,63,00,2d,00,33,00,66,00,38,00,30,00,39,00,35,00,32,00,33,00,\
  32,00,38,00,38,00,66,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000002c4
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,30,00,37,00,31,00,63,00,39,00,62,00,34,\
  00,38,00,2d,00,37,00,63,00,33,00,32,00,2d,00,34,00,36,00,32,00,31,00,2d,00,\
  61,00,30,00,61,00,63,00,2d,00,33,00,66,00,38,00,30,00,39,00,35,00,32,00,33,\
  00,32,00,38,00,38,00,66,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0800dc10
"Language"=dword:00000000
"DisplayName"="Microsoft Visual C++ 2005 Redistributable (x64)"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{082DF8AC-592D-4EEC-99B8-29D5B72F557B}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="8.3.1.1714"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"="c:\\Program Files\\Hewlett-Packard\\HP ProtectTools Security Manager\\"
"InstallSource"="c:\\SWSETUP\\APP\\Prereq1\\DigitalPersona\\2013Buck_D4LB2M\\8.3.1.1714\\src\\x64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,30,00,38,00,32,00,44,00,46,00,38,00,41,00,\
  43,00,2d,00,35,00,39,00,32,00,44,00,2d,00,34,00,45,00,45,00,43,00,2d,00,39,\
  00,39,00,42,00,38,00,2d,00,32,00,39,00,44,00,35,00,42,00,37,00,32,00,46,00,\
  35,00,35,00,37,00,42,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Hewlett-Packard Company"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0002d8b2
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,30,00,38,00,32,00,44,00,46,00,38,00,41,\
  00,43,00,2d,00,35,00,39,00,32,00,44,00,2d,00,34,00,45,00,45,00,43,00,2d,00,\
  39,00,39,00,42,00,38,00,2d,00,32,00,39,00,44,00,35,00,42,00,37,00,32,00,46,\
  00,35,00,35,00,37,00,42,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000003
"WindowsInstaller"=dword:00000001
"Version"=dword:08030001
"Language"=dword:00000000
"DisplayName"="HP Client Security Manager"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{117BBDE7-472E-4DCD-BAAE-410A0794A335}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="support@cryptomill.com"
"DisplayVersion"="8.3.6.16976"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"="C:\\Program Files\\Hewlett-Packard\\"
"InstallSource"="C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\{9540D39F-1416-477E-B1A4-71BB39D4C9E6}\\"
"NoRemove"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="CryptoMill Technologies Ltd."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0000e7cc
"SystemComponent"=dword:00000001
"URLUpdateInfo"=""
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000003
"WindowsInstaller"=dword:00000001
"Version"=dword:08030006
"Language"=dword:00000000
"DisplayName"="HP Trust Circles"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
"AuthorizedCDFPrefix"=""
"Comments"="Caution. Removing this product might prevent some applications from running."
"Contact"=""
"DisplayVersion"="10.0.40219"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,67,00,6f,00,2e,00,\
  6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,\
  00,2f,00,66,00,77,00,6c,00,69,00,6e,00,6b,00,2f,00,3f,00,4c,00,69,00,6e,00,\
  6b,00,49,00,64,00,3d,00,31,00,34,00,36,00,30,00,30,00,38,00,00,00
"HelpTelephone"=""
"InstallDate"="20141016"
"InstallLocation"=""
"InstallSource"="c:\\1408ac8b99d1a21ff92858331e\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,31,00,44,00,38,00,45,00,36,00,32,00,39,00,\
  31,00,2d,00,42,00,30,00,44,00,35,00,2d,00,33,00,35,00,45,00,43,00,2d,00,38,\
  00,34,00,34,00,31,00,2d,00,36,00,36,00,31,00,36,00,46,00,35,00,36,00,37,00,\
  41,00,30,00,46,00,37,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00003cd9
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,31,00,44,00,38,00,45,00,36,00,32,00,39,\
  00,31,00,2d,00,42,00,30,00,44,00,35,00,2d,00,33,00,35,00,45,00,43,00,2d,00,\
  38,00,34,00,34,00,31,00,2d,00,36,00,36,00,31,00,36,00,46,00,35,00,36,00,37,\
  00,41,00,30,00,46,00,37,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000a
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0a009d1b
"Language"=dword:00000000
"DisplayName"="Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{248D7B47-FF1F-D92C-47F6-0EB6369146DD}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AMD Customer Support"
"DisplayVersion"="2.00.0000"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
  70,00,6f,00,72,00,74,00,2e,00,61,00,6d,00,64,00,2e,00,63,00,6f,00,6d,00,00,\
  00
"HelpTelephone"="905-882-2600"
"InstallDate"="20140119"
"InstallLocation"="c:\\Program Files\\Common Files\\ATI Technologies\\Multimedia\\"
"InstallSource"="c:\\SWSETUP\\DRV\\Graphics\\AMD\\Graphic\\multi\\src\\A\\Packages\\Apps\\DnDTranscoding64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,32,00,34,00,38,00,44,00,37,00,42,00,34,00,\
  37,00,2d,00,46,00,46,00,31,00,46,00,2d,00,44,00,39,00,32,00,43,00,2d,00,34,\
  00,37,00,46,00,36,00,2d,00,30,00,45,00,42,00,36,00,33,00,36,00,39,00,31,00,\
  34,00,36,00,44,00,44,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Advanced Micro Devices, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000000cb
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,32,00,34,00,38,00,44,00,37,00,42,00,34,\
  00,37,00,2d,00,46,00,46,00,31,00,46,00,2d,00,44,00,39,00,32,00,43,00,2d,00,\
  34,00,37,00,46,00,36,00,2d,00,30,00,45,00,42,00,36,00,33,00,36,00,39,00,31,\
  00,34,00,36,00,44,00,44,00,7d,00,00,00
"URLInfoAbout"="http://www.amd.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000002
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:02000000
"Language"=dword:00000409
"DisplayName"="AMD Drag and Drop Transcoding"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="4.5.51209"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20150415"
"InstallLocation"=""
"InstallSource"="E:\\c22a94ce6cc11ae4fb7118\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,32,00,36,00,37,00,38,00,34,00,31,00,34,00,\
  36,00,2d,00,36,00,45,00,30,00,35,00,2d,00,33,00,46,00,46,00,39,00,2d,00,39,\
  00,33,00,33,00,35,00,2d,00,37,00,38,00,36,00,43,00,37,00,43,00,30,00,46,00,\
  42,00,35,00,42,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,67,00,6f,00,2e,00,6d,\
  00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,00,\
  2f,00,66,00,77,00,6c,00,69,00,6e,00,6b,00,2f,00,3f,00,4c,00,69,00,6e,00,6b,\
  00,49,00,64,00,3d,00,33,00,32,00,38,00,38,00,35,00,30,00,00,00
"Size"=dword:00009b34
"EstimatedSize"=dword:0017b6a5
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,32,00,36,00,37,00,38,00,34,00,31,00,34,\
  00,36,00,2d,00,36,00,45,00,30,00,35,00,2d,00,33,00,46,00,46,00,39,00,2d,00,\
  39,00,33,00,33,00,35,00,2d,00,37,00,38,00,36,00,43,00,37,00,43,00,30,00,46,\
  00,42,00,35,00,42,00,45,00,7d,00,00,00
"VersionMajor"=dword:00000004
"VersionMinor"=dword:00000005
"WindowsInstaller"=dword:00000001
"Version"=dword:0405c809
"Language"=dword:00000000
"DisplayName"="Microsoft .NET Framework 4.5.2"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418025F0}]
"DisplayIcon"="C:\\Program Files\\Java\\jre1.8.0_25\\\\bin\\javaws.exe"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="http://java.com"
"DisplayVersion"="8.0.250"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,6a,00,61,00,76,00,\
  61,00,2e,00,63,00,6f,00,6d,00,00,00
"HelpTelephone"=""
"InstallDate"="20141018"
"InstallLocation"=""
"InstallSource"="C:\\Users\\Lynn\\AppData\\LocalLow\\Sun\\Java\\jre1.8.0_25\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,32,00,36,00,41,00,32,00,34,00,41,00,45,00,\
  34,00,2d,00,30,00,33,00,39,00,44,00,2d,00,34,00,43,00,41,00,34,00,2d,00,38,\
  00,37,00,42,00,34,00,2d,00,32,00,46,00,38,00,36,00,34,00,31,00,38,00,30,00,\
  32,00,35,00,46,00,30,00,7d,00,00,00
"NoRepair"=dword:00000001
"Publisher"="Oracle Corporation"
"Readme"=hex(2):5b,00,49,00,4e,00,53,00,54,00,41,00,4c,00,4c,00,44,00,49,00,52,\
  00,5d,00,52,00,45,00,41,00,44,00,4d,00,45,00,2e,00,74,00,78,00,74,00,00,00
"Size"=""
"EstimatedSize"=dword:00015562
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,32,00,36,00,41,00,32,00,34,00,41,00,45,\
  00,34,00,2d,00,30,00,33,00,39,00,44,00,2d,00,34,00,43,00,41,00,34,00,2d,00,\
  38,00,37,00,42,00,34,00,2d,00,32,00,46,00,38,00,36,00,34,00,31,00,38,00,30,\
  00,32,00,35,00,46,00,30,00,7d,00,00,00
"URLInfoAbout"="http://java.com"
"URLUpdateInfo"="http://java.sun.com"
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:080000fa
"Language"=dword:00000409
"DisplayName"="Java 8 Update 25 (64-bit)"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AppleCare Support"
"DisplayVersion"="12.0.1.26"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,61,00,70,00,70,00,6c,00,65,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,\
  00,70,00,70,00,6f,00,72,00,74,00,2f,00,00,00
"HelpTelephone"="1-800-275-2273"
"InstallDate"="20141129"
"InstallLocation"="C:\\Program Files (x86)\\iTunes\\"
"InstallSource"="C:\\Users\\Lynn\\AppData\\Local\\Apple\\Apple Software Update\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,32,00,41,00,42,00,42,00,42,00,44,00,39,00,\
  31,00,2d,00,39,00,31,00,45,00,35,00,2d,00,34,00,41,00,44,00,37,00,2d,00,39,\
  00,32,00,39,00,41,00,2d,00,46,00,45,00,31,00,35,00,44,00,31,00,44,00,43,00,\
  30,00,35,00,37,00,36,00,7d,00,00,00
"Publisher"="Apple Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0003d49d
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,32,00,41,00,42,00,42,00,42,00,44,00,39,\
  00,31,00,2d,00,39,00,31,00,45,00,35,00,2d,00,34,00,41,00,44,00,37,00,2d,00,\
  39,00,32,00,39,00,41,00,2d,00,46,00,45,00,31,00,35,00,44,00,31,00,44,00,43,\
  00,30,00,35,00,37,00,36,00,7d,00,00,00
"URLInfoAbout"="http://www.apple.com/"
"VersionMajor"=dword:0000000c
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0c000001
"Language"=dword:00000409
"DisplayName"="iTunes"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{302A38BE-07B1-F6F1-8AB5-4A1B39B4C4BF}]
"AuthorizedCDFPrefix"=""
"Comments"="AMD offers a wide variety of product support including driver downloads, technical and warranty information."
"Contact"="AMD Customer Support"
"DisplayVersion"="8.0.915.0"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
  70,00,6f,00,72,00,74,00,2e,00,61,00,6d,00,64,00,2e,00,63,00,6f,00,6d,00,00,\
  00
"HelpTelephone"="1-905-882-2600"
"InstallDate"="20141001"
"InstallLocation"="C:\\Program Files (x86)\\ATI Technologies\\PRW\\"
"InstallSource"="C:\\swsetup\\sp63823\\Packages\\Apps\\PRW64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,33,00,30,00,32,00,41,00,33,00,38,00,42,00,\
  45,00,2d,00,30,00,37,00,42,00,31,00,2d,00,46,00,36,00,46,00,31,00,2d,00,38,\
  00,41,00,42,00,35,00,2d,00,34,00,41,00,31,00,42,00,33,00,39,00,42,00,34,00,\
  43,00,34,00,42,00,46,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Advanced Micro Devices, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00005528
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,33,00,30,00,32,00,41,00,33,00,38,00,42,\
  00,45,00,2d,00,30,00,37,00,42,00,31,00,2d,00,46,00,36,00,46,00,31,00,2d,00,\
  38,00,41,00,42,00,35,00,2d,00,34,00,41,00,31,00,42,00,33,00,39,00,42,00,34,\
  00,43,00,34,00,42,00,46,00,7d,00,00,00
"URLInfoAbout"="http://www.amd.com"
"URLUpdateInfo"="http://support.amd.com"
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:08000393
"Language"=dword:00000000
"DisplayName"="AMD Problem Report Wizard"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="2.06.0000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"="c:\\Program Files\\AMD\\SteadyVideo\\"
"InstallSource"="c:\\SWSETUP\\DRV\\Graphics\\AMD\\Graphic\\multi\\src\\A\\Packages\\Apps\\SteadyVideo\\WinW764a\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,33,00,33,00,38,00,43,00,45,00,32,00,41,00,\
  31,00,2d,00,37,00,42,00,44,00,36,00,2d,00,41,00,43,00,31,00,38,00,2d,00,30,\
  00,30,00,36,00,39,00,2d,00,34,00,41,00,39,00,30,00,46,00,37,00,43,00,33,00,\
  44,00,38,00,33,00,36,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="AMD"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000001dd
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,33,00,33,00,38,00,43,00,45,00,32,00,41,\
  00,31,00,2d,00,37,00,42,00,44,00,36,00,2d,00,41,00,43,00,31,00,38,00,2d,00,\
  30,00,30,00,36,00,39,00,2d,00,34,00,41,00,39,00,30,00,46,00,37,00,43,00,33,\
  00,44,00,38,00,33,00,36,00,7d,00,00,00
"URLInfoAbout"="http://www.AMD.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000002
"VersionMinor"=dword:00000006
"WindowsInstaller"=dword:00000001
"Version"=dword:02060000
"Language"=dword:00000409
"DisplayName"="AMD Steady Video Plug-In "
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34D9B82A-CC19-BA62-B40C-6A0F96441B54}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="13.15.100.30830"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20141001"
"InstallLocation"="C:\\Program Files\\Common Files\\ATI Technologies\\Multimedia\\"
"InstallSource"="C:\\swsetup\\sp63823\\Packages\\Apps\\AVT64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,33,00,34,00,44,00,39,00,42,00,38,00,32,00,\
  41,00,2d,00,43,00,43,00,31,00,39,00,2d,00,42,00,41,00,36,00,32,00,2d,00,42,\
  00,34,00,30,00,43,00,2d,00,36,00,41,00,30,00,46,00,39,00,36,00,34,00,34,00,\
  31,00,42,00,35,00,34,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Advanced Micro Devices, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00001977
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,33,00,34,00,44,00,39,00,42,00,38,00,32,\
  00,41,00,2d,00,43,00,43,00,31,00,39,00,2d,00,42,00,41,00,36,00,32,00,2d,00,\
  42,00,34,00,30,00,43,00,2d,00,36,00,41,00,30,00,46,00,39,00,36,00,34,00,34,\
  00,31,00,42,00,35,00,34,00,7d,00,00,00
"URLInfoAbout"="http://www.AMD.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000d
"VersionMinor"=dword:0000000f
"WindowsInstaller"=dword:00000001
"Version"=dword:0d0f0064
"Language"=dword:00000409
"DisplayName"="AMD Accelerated Video Transcoding"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}]
"AuthorizedCDFPrefix"=""
"Comments"="Caution. Removing this product might prevent some applications from running."
"Contact"=""
"DisplayVersion"="11.0.61030"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,67,00,6f,00,2e,00,\
  6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,\
  00,2f,00,66,00,77,00,6c,00,69,00,6e,00,6b,00,2f,00,3f,00,4c,00,69,00,6e,00,\
  6b,00,49,00,64,00,3d,00,31,00,33,00,33,00,34,00,30,00,35,00,00,00
"HelpTelephone"=""
"InstallDate"="20150211"
"InstallLocation"=""
"InstallSource"="C:\\ProgramData\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\packages\\vcRuntimeAdditional_amd64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,33,00,37,00,42,00,38,00,46,00,39,00,43,00,\
  37,00,2d,00,30,00,33,00,46,00,42,00,2d,00,33,00,32,00,35,00,33,00,2d,00,38,\
  00,37,00,38,00,31,00,2d,00,32,00,35,00,31,00,37,00,43,00,39,00,39,00,44,00,\
  37,00,43,00,30,00,30,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00002ff0
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,33,00,37,00,42,00,38,00,46,00,39,00,43,\
  00,37,00,2d,00,30,00,33,00,46,00,42,00,2d,00,33,00,32,00,35,00,33,00,2d,00,\
  38,00,37,00,38,00,31,00,2d,00,32,00,35,00,31,00,37,00,43,00,39,00,39,00,44,\
  00,37,00,43,00,30,00,30,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000b
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0b00ee66
"Language"=dword:00000409
"DisplayName"="Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3BDE3AFF-77FE-2CCD-A8BA-BA975F83DE4F}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AMD Customer Support"
"DisplayVersion"="2013.0830.1944.33589"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
  70,00,6f,00,72,00,74,00,2e,00,61,00,6d,00,64,00,2e,00,63,00,6f,00,6d,00,00,\
  00
"HelpTelephone"="905-882-2600"
"InstallDate"="20141001"
"InstallLocation"="C:\\Program Files (x86)\\ATI Technologies\\"
"InstallSource"="C:\\swsetup\\sp63823\\Packages\\Apps\\CCC2\\Utility64-Net4\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Advanced Micro Devices, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000191
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.amd.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:000007dd
"VersionMinor"=dword:0000033e
"WindowsInstaller"=dword:00000001
"Version"=dword:df3e0798
"Language"=dword:00000409
"DisplayName"="ccc-utility64"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}]
"UninstallString"="C:\\Program Files (x86)\\HP\\Digital Imaging\\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}\\setup\\hpzscr40.exe -datfile hphscr15.dat -onestop -forcereboot"
"DisplayName"="HP Deskjet Printer Driver Software 13.0 Rel. 1"
"DisplayIcon"="C:\\Program Files (x86)\\HP\\Digital Imaging\\{3CDDD063-7FC2-43A7-9EC0-B3F1E38C7649}\\setup\\hpzscr40.exe,0"
"DisplayVersion"="13.0"
"Publisher"="HP"
"URLUpdateInfo"="http://www.hp.com"
"Description"="Installs components for printing (This is a required selection and cannot be deselected)"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{408DD513-C71C-EF6C-1456-247DD8403E18}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="2.06.0000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20141001"
"InstallLocation"="C:\\Program Files\\AMD\\SteadyVideo\\"
"InstallSource"="C:\\swsetup\\sp63823\\Packages\\Apps\\SteadyVideo\\WinW764a\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,34,00,30,00,38,00,44,00,44,00,35,00,31,00,\
  33,00,2d,00,43,00,37,00,31,00,43,00,2d,00,45,00,46,00,36,00,43,00,2d,00,31,\
  00,34,00,35,00,36,00,2d,00,32,00,34,00,37,00,44,00,44,00,38,00,34,00,30,00,\
  33,00,45,00,31,00,38,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="AMD"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000001dd
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,34,00,30,00,38,00,44,00,44,00,35,00,31,\
  00,33,00,2d,00,43,00,37,00,31,00,43,00,2d,00,45,00,46,00,36,00,43,00,2d,00,\
  31,00,34,00,35,00,36,00,2d,00,32,00,34,00,37,00,44,00,44,00,38,00,34,00,30,\
  00,33,00,45,00,31,00,38,00,7d,00,00,00
"URLInfoAbout"="http://www.AMD.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000002
"VersionMinor"=dword:00000006
"WindowsInstaller"=dword:00000001
"Version"=dword:02060000
"Language"=dword:00000409
"DisplayName"="AMD Steady Video Plug-In "
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4DD09931-ACDD-4087-9EF7-E1E2FCFA694D}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"DisplayVersion"="15.0.4334"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,61,00,76,00,67,00,2e,00,63,00,6f,00,6d,00,00,00
"HelpTelephone"=""
"InstallDate"="20150420"
"InstallLocation"=""
"InstallSource"="C:\\ProgramData\\AVG2015\\SetupBackup\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,34,00,44,00,44,00,30,00,39,00,39,00,33,00,\
  31,00,2d,00,41,00,43,00,44,00,44,00,2d,00,34,00,30,00,38,00,37,00,2d,00,39,\
  00,45,00,46,00,37,00,2d,00,45,00,31,00,45,00,32,00,46,00,43,00,46,00,41,00,\
  36,00,39,00,34,00,44,00,7d,00,00,00
"Publisher"="AVG Technologies"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000057a2
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,34,00,44,00,44,00,30,00,39,00,39,00,33,\
  00,31,00,2d,00,41,00,43,00,44,00,44,00,2d,00,34,00,30,00,38,00,37,00,2d,00,\
  39,00,45,00,46,00,37,00,2d,00,45,00,31,00,45,00,32,00,46,00,43,00,46,00,41,\
  00,36,00,39,00,34,00,44,00,7d,00,00,00
"URLInfoAbout"="http://www.avg.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000f
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0f0010ee
"Language"=dword:00000409
"DisplayName"="AVG 2015"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FA46463-669C-4DDB-B444-DCB99C0E4CFA}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"DisplayVersion"="15.0.5863"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,61,00,76,00,67,00,2e,00,63,00,6f,00,6d,00,00,00
"HelpTelephone"=""
"InstallDate"="20150331"
"InstallLocation"=""
"InstallSource"="C:\\ProgramData\\AVG2015\\SetupBackup\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,34,00,46,00,41,00,34,00,36,00,34,00,36,00,\
  33,00,2d,00,36,00,36,00,39,00,43,00,2d,00,34,00,44,00,44,00,42,00,2d,00,42,\
  00,34,00,34,00,34,00,2d,00,44,00,43,00,42,00,39,00,39,00,43,00,30,00,45,00,\
  34,00,43,00,46,00,41,00,7d,00,00,00
"Publisher"="AVG Technologies"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00016d94
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,34,00,46,00,41,00,34,00,36,00,34,00,36,\
  00,33,00,2d,00,36,00,36,00,39,00,43,00,2d,00,34,00,44,00,44,00,42,00,2d,00,\
  42,00,34,00,34,00,34,00,2d,00,44,00,43,00,42,00,39,00,39,00,43,00,30,00,45,\
  00,34,00,43,00,46,00,41,00,7d,00,00,00
"URLInfoAbout"="http://www.avg.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000f
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0f0016e7
"Language"=dword:00000409
"DisplayName"="AVG 2015"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="From online registration through personal assistance, ATI Customer Care is focused on delivering accurate, up-to-date product support for optimum usability and performance."
"DisplayVersion"="10.0.938.2"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,61,00,74,00,69,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,00,70,00,70,\
  00,6f,00,72,00,74,00,00,00
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"="c:\\Program Files (x86)\\AMD APP\\"
"InstallSource"="c:\\SWSETUP\\DRV\\Graphics\\AMD\\Graphic\\multi\\src\\A\\Packages\\Apps\\OpenCL64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,35,00,30,00,33,00,46,00,36,00,37,00,32,00,\
  44,00,2d,00,36,00,43,00,38,00,34,00,2d,00,34,00,34,00,38,00,41,00,2d,00,38,\
  00,46,00,38,00,46,00,2d,00,34,00,42,00,43,00,33,00,35,00,41,00,43,00,38,00,\
  33,00,34,00,34,00,31,00,7d,00,00,00
"Publisher"="Advanced Micro Devices Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00008f00
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,35,00,30,00,33,00,46,00,36,00,37,00,32,\
  00,44,00,2d,00,36,00,43,00,38,00,34,00,2d,00,34,00,34,00,38,00,41,00,2d,00,\
  38,00,46,00,38,00,46,00,2d,00,34,00,42,00,43,00,33,00,35,00,41,00,43,00,38,\
  00,33,00,34,00,34,00,31,00,7d,00,00,00
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000a
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0a0003aa
"Language"=dword:00000409
"DisplayName"="AMD APP SDK Runtime"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="9.0.30729.6161"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140416"
"InstallLocation"=""
"InstallSource"="e:\\4bb48aa6697d22a20950c8a4\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,35,00,46,00,43,00,45,00,36,00,44,00,37,00,\
  36,00,2d,00,46,00,35,00,44,00,43,00,2d,00,33,00,37,00,41,00,42,00,2d,00,42,\
  00,32,00,42,00,38,00,2d,00,32,00,32,00,41,00,42,00,38,00,43,00,45,00,44,00,\
  42,00,31,00,44,00,34,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000314
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,35,00,46,00,43,00,45,00,36,00,44,00,37,\
  00,36,00,2d,00,46,00,35,00,44,00,43,00,2d,00,33,00,37,00,41,00,42,00,2d,00,\
  42,00,32,00,42,00,38,00,2d,00,32,00,32,00,41,00,42,00,38,00,43,00,45,00,44,\
  00,42,00,31,00,44,00,34,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000009
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:09007809
"Language"=dword:00000409
"DisplayName"="Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180200}]
"DisplayIcon"="C:\\Program Files\\Java\\jdk1.8.0_20\\\\jre\\bin\\javaws.exe"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="http://java.com"
"DisplayVersion"="8.0.200.26"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,6a,00,61,00,76,00,\
  61,00,2e,00,63,00,6f,00,6d,00,2f,00,68,00,65,00,6c,00,70,00,00,00
"HelpTelephone"=""
"InstallDate"="20140831"
"InstallLocation"="C:\\Program Files\\Java\\jdk1.8.0_20\\"
"InstallSource"="C:\\Users\\Lynn\\AppData\\LocalLow\\Sun\\Java\\jdk1.8.0_20_x64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,36,00,34,00,41,00,33,00,41,00,34,00,46,00,\
  34,00,2d,00,42,00,37,00,39,00,32,00,2d,00,31,00,31,00,44,00,36,00,2d,00,41,\
  00,37,00,38,00,41,00,2d,00,30,00,30,00,42,00,30,00,44,00,30,00,31,00,38,00,\
  30,00,32,00,30,00,30,00,7d,00,00,00
"NoRepair"=dword:00000001
"Publisher"="Oracle Corporation"
"Readme"=hex(2):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,\
  00,46,00,69,00,6c,00,65,00,73,00,5c,00,4a,00,61,00,76,00,61,00,5c,00,6a,00,\
  64,00,6b,00,31,00,2e,00,38,00,2e,00,30,00,5f,00,32,00,30,00,5c,00,52,00,45,\
  00,41,00,44,00,4d,00,45,00,2e,00,68,00,74,00,6d,00,6c,00,00,00
"Size"=""
"EstimatedSize"=dword:0004ea1d
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,36,00,34,00,41,00,33,00,41,00,34,00,46,\
  00,34,00,2d,00,42,00,37,00,39,00,32,00,2d,00,31,00,31,00,44,00,36,00,2d,00,\
  41,00,37,00,38,00,41,00,2d,00,30,00,30,00,42,00,30,00,44,00,30,00,31,00,38,\
  00,30,00,32,00,30,00,30,00,7d,00,00,00
"URLInfoAbout"="http://java.com"
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:080000c8
"Language"=dword:00000409
"DisplayName"="Java SE Development Kit 8 Update 20 (64-bit)"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="4.5.12202"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"=""
"InstallSource"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,36,00,45,00,31,00,34,00,45,00,36,00,44,00,\
  36,00,2d,00,33,00,31,00,37,00,35,00,2d,00,34,00,45,00,31,00,41,00,2d,00,42,\
  00,39,00,33,00,34,00,2d,00,43,00,41,00,42,00,35,00,41,00,38,00,36,00,33,00,\
  36,00,37,00,43,00,44,00,7d,00,00,00
"Publisher"="Hewlett-Packard"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0000582d
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,36,00,45,00,31,00,34,00,45,00,36,00,44,\
  00,36,00,2d,00,33,00,31,00,37,00,35,00,2d,00,34,00,45,00,31,00,41,00,2d,00,\
  42,00,39,00,33,00,34,00,2d,00,43,00,41,00,42,00,35,00,41,00,38,00,36,00,33,\
  00,36,00,37,00,43,00,44,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000004
"VersionMinor"=dword:00000005
"WindowsInstaller"=dword:00000001
"Version"=dword:04052faa
"Language"=dword:00000409
"DisplayName"="HP Postscript Converter"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AppleCare Support"
"DisplayVersion"="3.0.0.10"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,61,00,70,00,70,00,6c,00,65,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,\
  00,70,00,70,00,6f,00,72,00,74,00,2f,00,00,00
"HelpTelephone"="1-800-275-2273"
"InstallDate"="20140119"
"InstallLocation"="C:\\Program Files (x86)\\Bonjour\\"
"InstallSource"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,36,00,45,00,33,00,36,00,31,00,30,00,42,00,\
  32,00,2d,00,34,00,33,00,30,00,44,00,2d,00,34,00,45,00,42,00,30,00,2d,00,38,\
  00,31,00,45,00,33,00,2d,00,32,00,42,00,35,00,37,00,45,00,38,00,42,00,39,00,\
  44,00,45,00,38,00,44,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Apple Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000804
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,36,00,45,00,33,00,36,00,31,00,30,00,42,\
  00,32,00,2d,00,34,00,33,00,30,00,44,00,2d,00,34,00,45,00,42,00,30,00,2d,00,\
  38,00,31,00,45,00,33,00,2d,00,32,00,42,00,35,00,37,00,45,00,38,00,42,00,39,\
  00,44,00,45,00,38,00,44,00,7d,00,00,00
"URLInfoAbout"="http://www.apple.com"
"URLUpdateInfo"="http://www.apple.com/"
"VersionMajor"=dword:00000003
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:03000000
"Language"=dword:00000409
"DisplayName"="Bonjour"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="9.0.30729"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20110211"
"InstallLocation"=""
"InstallSource"="d:\\e24b443ecedd050cccd530\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,38,00,32,00,32,00,30,00,45,00,45,00,46,00,\
  45,00,2d,00,33,00,38,00,43,00,44,00,2d,00,33,00,37,00,37,00,45,00,2d,00,38,\
  00,35,00,39,00,35,00,2d,00,31,00,33,00,33,00,39,00,38,00,44,00,37,00,34,00,\
  30,00,41,00,43,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000314
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,38,00,32,00,32,00,30,00,45,00,45,00,46,\
  00,45,00,2d,00,33,00,38,00,43,00,44,00,2d,00,33,00,37,00,37,00,45,00,2d,00,\
  38,00,35,00,39,00,35,00,2d,00,31,00,33,00,33,00,39,00,38,00,44,00,37,00,34,\
  00,30,00,41,00,43,00,45,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000009
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:09007809
"Language"=dword:00000409
"DisplayName"="Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82FEC88D-78DA-67B2-43E5-A847359D9543}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AMD Customer Support"
"DisplayVersion"="2013.0830.1944.33589"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
  70,00,6f,00,72,00,74,00,2e,00,61,00,6d,00,64,00,2e,00,63,00,6f,00,6d,00,00,\
  00
"HelpTelephone"="905-882-2600"
"InstallDate"="20141001"
"InstallLocation"="C:\\Program Files\\ATI Technologies\\"
"InstallSource"="C:\\swsetup\\sp63823\\Packages\\Apps\\CCC2\\Fuel64\\"
"NoModify"=dword:00000001
"NoRemove"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Advanced Micro Devices, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00001518
"SystemComponent"=dword:00000001
"URLInfoAbout"="http://www.amd.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:000007dd
"VersionMinor"=dword:0000033e
"WindowsInstaller"=dword:00000001
"Version"=dword:df3e0798
"Language"=dword:00000000
"DisplayName"="AMD Fuel"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="14.0.0.1"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20141015"
"InstallLocation"=""
"InstallSource"="C:\\ProgramData\\MFAData\\pack\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,38,00,43,00,37,00,37,00,35,00,45,00,37,00,\
  30,00,2d,00,41,00,37,00,39,00,31,00,2d,00,34,00,44,00,41,00,38,00,2d,00,42,\
  00,43,00,43,00,33,00,2d,00,36,00,41,00,42,00,37,00,31,00,33,00,36,00,46,00,\
  34,00,34,00,38,00,34,00,7d,00,00,00
"Publisher"="AVG Technologies"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000033f8
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,38,00,43,00,37,00,37,00,35,00,45,00,37,\
  00,30,00,2d,00,41,00,37,00,39,00,31,00,2d,00,34,00,44,00,41,00,38,00,2d,00,\
  42,00,43,00,43,00,33,00,2d,00,36,00,41,00,42,00,37,00,31,00,33,00,36,00,46,\
  00,34,00,34,00,38,00,34,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000e
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0e000000
"Language"=dword:00000409
"DisplayName"="Visual Studio 2012 x64 Redistributables"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0000-1000-0000000FF1CE}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="14.0.7015.1000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20150415"
"InstallLocation"="C:\\Program Files (x86)\\Microsoft Office\\"
"InstallSource"="C:\\MSOCache\\All Users\\{91140000-0011-0000-0000-0000000FF1CE}-C\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,39,00,30,00,31,00,34,00,30,00,30,00,30,00,\
  30,00,2d,00,30,00,30,00,32,00,41,00,2d,00,30,00,30,00,30,00,30,00,2d,00,31,\
  00,30,00,30,00,30,00,2d,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,46,00,\
  46,00,31,00,43,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0000e1d1
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,39,00,30,00,31,00,34,00,30,00,30,00,30,\
  00,30,00,2d,00,30,00,30,00,32,00,41,00,2d,00,30,00,30,00,30,00,30,00,2d,00,\
  31,00,30,00,30,00,30,00,2d,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,46,\
  00,46,00,31,00,43,00,45,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000e
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0e001b67
"Language"=dword:00000000
"DisplayName"="Microsoft Office Office 64-bit Components 2010"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002A-0409-1000-0000000FF1CE}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="14.0.7015.1000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140518"
"InstallLocation"="C:\\Program Files (x86)\\Microsoft Office\\"
"InstallSource"="C:\\MSOCache\\All Users\\{90140000-0116-0409-1000-0000000FF1CE}-C\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,39,00,30,00,31,00,34,00,30,00,30,00,30,00,\
  30,00,2d,00,30,00,30,00,32,00,41,00,2d,00,30,00,34,00,30,00,39,00,2d,00,31,\
  00,30,00,30,00,30,00,2d,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,46,00,\
  46,00,31,00,43,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0000456e
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,39,00,30,00,31,00,34,00,30,00,30,00,30,\
  00,30,00,2d,00,30,00,30,00,32,00,41,00,2d,00,30,00,34,00,30,00,39,00,2d,00,\
  31,00,30,00,30,00,30,00,2d,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,46,\
  00,46,00,31,00,43,00,45,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000e
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0e001b67
"Language"=dword:00000409
"DisplayName"="Microsoft Office Shared 64-bit MUI (English) 2010"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0116-0409-1000-0000000FF1CE}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="14.0.7015.1000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140518"
"InstallLocation"="C:\\Program Files (x86)\\Microsoft Office\\"
"InstallSource"="C:\\MSOCache\\All Users\\{90140000-0116-0409-1000-0000000FF1CE}-C\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,39,00,30,00,31,00,34,00,30,00,30,00,30,00,\
  30,00,2d,00,30,00,31,00,31,00,36,00,2d,00,30,00,34,00,30,00,39,00,2d,00,31,\
  00,30,00,30,00,30,00,2d,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,46,00,\
  46,00,31,00,43,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00000286
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,39,00,30,00,31,00,34,00,30,00,30,00,30,\
  00,30,00,2d,00,30,00,31,00,31,00,36,00,2d,00,30,00,34,00,30,00,39,00,2d,00,\
  31,00,30,00,30,00,30,00,2d,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,46,\
  00,46,00,31,00,43,00,45,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000e
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0e001b67
"Language"=dword:00000409
"DisplayName"="Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{916302F3-4586-40B0-BAE6-06C1347DBCB6}]
"AuthorizedCDFPrefix"=""
"Comments"="This will install Broadcom NetXtreme Drivers and Management Application"
"Contact"="HP Customer Support"
"DisplayVersion"="16.2.3.1"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,68,00,70,00,2e,00,63,00,6f,00,6d,00,00,00
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"="C:\\Program Files\\Broadcom\\"
"InstallSource"="C:\\Users\\Administrator\\AppData\\Local\\Downloaded Installations\\{A315FE74-AF6C-4EA3-ACF7-5F7E0E9ABDF6}\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,39,00,31,00,36,00,33,00,30,00,32,00,46,00,\
  33,00,2d,00,34,00,35,00,38,00,36,00,2d,00,34,00,30,00,42,00,30,00,2d,00,42,\
  00,41,00,45,00,36,00,2d,00,30,00,36,00,43,00,31,00,33,00,34,00,37,00,44,00,\
  42,00,43,00,42,00,36,00,7d,00,00,00
"Publisher"="Broadcom Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00012e80
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,39,00,31,00,36,00,33,00,30,00,32,00,46,\
  00,33,00,2d,00,34,00,35,00,38,00,36,00,2d,00,34,00,30,00,42,00,30,00,2d,00,\
  42,00,41,00,45,00,36,00,2d,00,30,00,36,00,43,00,31,00,33,00,34,00,37,00,44,\
  00,42,00,43,00,42,00,36,00,7d,00,00,00
"URLInfoAbout"="http://www.broadcom.com"
"URLUpdateInfo"="http://www.hp.com"
"VersionMajor"=dword:00000010
"VersionMinor"=dword:00000002
"WindowsInstaller"=dword:00000001
"Version"=dword:10020003
"Language"=dword:00000000
"DisplayName"="Broadcom NetXtreme-I Netlink Driver and Management Installer"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033]
"DisplayIcon"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\\\DisplayIcon.ico"
"DisplayName"="Microsoft .NET Framework 4.5.2"
"DisplayVersion"="4.5.51209"
"EstimatedSize"=dword:00009b34
"UninstallString"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\\\Setup.exe /repair /x86 /x64"
"VersionMajor"="4"
"VersionMinor"="5"
"Publisher"="Microsoft Corporation"
"InstallLocation"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\"
"UninstallPath"="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\SetupCache\\v4.5.51209\\"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="10.0.50908"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,67,00,6f,00,2e,00,\
  6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,\
  00,2f,00,66,00,77,00,6c,00,69,00,6e,00,6b,00,2f,00,3f,00,4c,00,69,00,6e,00,\
  6b,00,49,00,64,00,3d,00,31,00,33,00,33,00,34,00,30,00,35,00,00,00
"HelpTelephone"=""
"InstallDate"="20141016"
"InstallLocation"=""
"InstallSource"="e:\\8b5fa871f9f420a2ffa52e1a\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,39,00,34,00,39,00,35,00,41,00,45,00,42,00,\
  34,00,2d,00,41,00,42,00,39,00,37,00,2d,00,33,00,39,00,44,00,45,00,2d,00,38,\
  00,43,00,34,00,32,00,2d,00,38,00,30,00,36,00,45,00,45,00,46,00,37,00,35,00,\
  45,00,43,00,41,00,37,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000010e6
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,39,00,34,00,39,00,35,00,41,00,45,00,42,\
  00,34,00,2d,00,41,00,42,00,39,00,37,00,2d,00,33,00,39,00,44,00,45,00,2d,00,\
  38,00,43,00,34,00,32,00,2d,00,38,00,30,00,36,00,45,00,45,00,46,00,37,00,35,\
  00,45,00,43,00,41,00,37,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000a
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0a00c6dc
"Language"=dword:00000000
"DisplayName"="Microsoft Visual Studio 2010 Tools for Office Runtime (x64)"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0A03B53-927D-4454-A456-CB0A72A4912F}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="28.0.1315.0"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140616"
"InstallLocation"=""
"InstallSource"="C:\\Users\\Lynn\\AppData\\Local\\Temp\\7zS54A2\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,41,00,30,00,41,00,30,00,33,00,42,00,35,00,\
  33,00,2d,00,39,00,32,00,37,00,44,00,2d,00,34,00,34,00,35,00,34,00,2d,00,41,\
  00,34,00,35,00,36,00,2d,00,43,00,42,00,30,00,41,00,37,00,32,00,41,00,34,00,\
  39,00,31,00,32,00,46,00,7d,00,00,00
"Publisher"="Hewlett-Packard Co."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0001f6e2
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,41,00,30,00,41,00,30,00,33,00,42,00,35,\
  00,33,00,2d,00,39,00,32,00,37,00,44,00,2d,00,34,00,34,00,35,00,34,00,2d,00,\
  41,00,34,00,35,00,36,00,2d,00,43,00,42,00,30,00,41,00,37,00,32,00,41,00,34,\
  00,39,00,31,00,32,00,46,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000001c
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:1c000523
"Language"=dword:00000409
"DisplayName"="HP Deskjet 3520 series Basic Device Software"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD7F97D3-AB72-4A10-B56A-95EC21F854DE}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="8.2.0.11"
"HelpLink"=hex(2):77,00,77,00,77,00,2e,00,68,00,70,00,2e,00,63,00,6f,00,6d,00,\
  2f,00,73,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,2f,00,70,00,72,00,6f,\
  00,74,00,65,00,63,00,74,00,74,00,6f,00,6f,00,6c,00,73,00,00,00
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"="c:\\Program Files (x86)\\Hewlett-Packard\\HP Device Access Manager\\"
"InstallSource"="c:\\SWSETUP\\APP\\Applications\\HP\\2013Buck_D58B2E\\8.2.0.11\\src\\64bit\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,41,00,44,00,37,00,46,00,39,00,37,00,44,00,\
  33,00,2d,00,41,00,42,00,37,00,32,00,2d,00,34,00,41,00,31,00,30,00,2d,00,42,\
  00,35,00,36,00,41,00,2d,00,39,00,35,00,45,00,43,00,32,00,31,00,46,00,38,00,\
  35,00,34,00,44,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Hewlett-Packard Company"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00008822
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,41,00,44,00,37,00,46,00,39,00,37,00,44,\
  00,33,00,2d,00,41,00,42,00,37,00,32,00,2d,00,34,00,41,00,31,00,30,00,2d,00,\
  42,00,35,00,36,00,41,00,2d,00,39,00,35,00,45,00,43,00,32,00,31,00,46,00,38,\
  00,35,00,34,00,44,00,45,00,7d,00,00,00
"URLInfoAbout"="www.hp.com/services/protecttools"
"URLUpdateInfo"="www.hp.com/services/protecttools"
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000002
"WindowsInstaller"=dword:00000001
"Version"=dword:08020000
"Language"=dword:00000000
"DisplayName"="HP Device Access Manager"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="8.0.61000"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140415"
"InstallLocation"=""
"InstallSource"="C:\\Windows\\TEMP\\IXP000.TMP\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,61,00,64,00,38,00,61,00,32,00,66,00,61,00,\
  31,00,2d,00,30,00,36,00,65,00,37,00,2d,00,34,00,62,00,30,00,64,00,2d,00,39,\
  00,32,00,37,00,64,00,2d,00,36,00,65,00,35,00,34,00,62,00,33,00,64,00,33,00,\
  31,00,30,00,32,00,38,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0000023c
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,61,00,64,00,38,00,61,00,32,00,66,00,61,\
  00,31,00,2d,00,30,00,36,00,65,00,37,00,2d,00,34,00,62,00,30,00,64,00,2d,00,\
  39,00,32,00,37,00,64,00,2d,00,36,00,65,00,35,00,34,00,62,00,33,00,64,00,33,\
  00,31,00,30,00,32,00,38,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0800ee48
"Language"=dword:00000000
"DisplayName"="Microsoft Visual C++ 2005 Redistributable (x64)"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BA88C518-1C29-6931-1190-D9153F49461B}]
"UninstallString"="msiexec /q/x{BA88C518-1C29-6931-1190-D9153F49461B} REBOOT=ReallySuppress"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AMD Customer Support"
"DisplayVersion"="8.0.915.0"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
  70,00,6f,00,72,00,74,00,2e,00,61,00,6d,00,64,00,2e,00,63,00,6f,00,6d,00,00,\
  00
"HelpTelephone"="905-882-2600"
"InstallDate"="20141001"
"InstallLocation"="C:\\Program Files\\ATI\\CIM\\"
"InstallSource"="C:\\swsetup\\sp63823\\Packages\\Apps\\CIM\\Win64\\"
"NoRemove"=dword:00000001
"Publisher"="Advanced Micro Devices, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:00006860
"URLInfoAbout"="http://www.amd.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:08000393
"Language"=dword:00000000
"DisplayName"="AMD Catalyst Install Manager"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AppleCare Support"
"DisplayVersion"="8.0.5.6"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,61,00,70,00,70,00,6c,00,65,00,2e,00,63,00,6f,00,6d,00,2f,00,73,00,75,\
  00,70,00,70,00,6f,00,72,00,74,00,2f,00,00,00
"HelpTelephone"="1-800-275-2273"
"InstallDate"="20141129"
"InstallLocation"="C:\\Program Files (x86)\\Common Files\\Apple\\Mobile Device Support\\"
"InstallSource"="C:\\Users\\Lynn\\AppData\\Local\\Apple\\Apple Software Update\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,42,00,44,00,44,00,39,00,39,00,36,00,39,00,\
  30,00,2d,00,33,00,35,00,34,00,31,00,2d,00,34,00,36,00,31,00,39,00,2d,00,39,\
  00,44,00,32,00,41,00,2d,00,33,00,43,00,44,00,44,00,42,00,33,00,45,00,31,00,\
  35,00,46,00,39,00,45,00,7d,00,00,00
"Publisher"="Apple Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000058ea
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,42,00,44,00,44,00,39,00,39,00,36,00,39,\
  00,30,00,2d,00,33,00,35,00,34,00,31,00,2d,00,34,00,36,00,31,00,39,00,2d,00,\
  39,00,44,00,32,00,41,00,2d,00,33,00,43,00,44,00,44,00,42,00,33,00,45,00,31,\
  00,35,00,46,00,39,00,45,00,7d,00,00,00
"URLInfoAbout"="http://www.apple.com"
"URLUpdateInfo"="http://www.apple.com/"
"VersionMajor"=dword:00000008
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:08000005
"Language"=dword:00000409
"DisplayName"="Apple Mobile Device Support"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}]
"InstallLocation"="C:\\Program Files\\Hewlett-Packard\\HP Auto\\"
"SystemComponent"=dword:00000001
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="1.0.12935.3667"
"HelpLink"=""
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallSource"="C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\{104A10E2-7CE8-4CB8-AE69-247903A145ED}\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,49,00,7b,00,43,00,43,00,34,00,44,00,35,00,36,00,42,00,\
  37,00,2d,00,36,00,46,00,31,00,38,00,2d,00,34,00,37,00,30,00,42,00,2d,00,38,\
  00,37,00,33,00,34,00,2d,00,41,00,42,00,43,00,44,00,37,00,35,00,42,00,43,00,\
  46,00,34,00,46,00,31,00,7d,00,00,00
"Publisher"="Hewlett-Packard Company"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000002ba
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,49,00,7b,00,43,00,43,00,34,00,44,00,35,00,36,00,42,\
  00,37,00,2d,00,36,00,46,00,31,00,38,00,2d,00,34,00,37,00,30,00,42,00,2d,00,\
  38,00,37,00,33,00,34,00,2d,00,41,00,42,00,43,00,44,00,37,00,35,00,42,00,43,\
  00,46,00,34,00,46,00,31,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01003287
"Language"=dword:00000409
"DisplayName"="HP Auto"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}]
"DisplayIcon"="C:\\Program Files\\WinZip\\WINZIP64.EXE,0"
"UninstallLocation"="C:\\Program Files\\WinZip\\"
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"=""
"DisplayVersion"="15.0.10039"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,77,00,77,00,77,00,\
  2e,00,77,00,69,00,6e,00,7a,00,69,00,70,00,2e,00,63,00,6f,00,6d,00,2f,00,77,\
  00,7a,00,67,00,61,00,74,00,65,00,2e,00,63,00,67,00,69,00,3f,00,6c,00,61,00,\
  6e,00,67,00,3d,00,45,00,4e,00,26,00,75,00,72,00,6c,00,3d,00,77,00,77,00,77,\
  00,2e,00,77,00,69,00,6e,00,7a,00,69,00,70,00,2e,00,63,00,6f,00,6d,00,2f,00,\
  63,00,6f,00,6e,00,74,00,61,00,63,00,74,00,2e,00,68,00,74,00,6d,00,00,00
"HelpTelephone"=""
"InstallDate"="20140119"
"InstallLocation"="C:\\Program Files\\WinZip\\"
"InstallSource"="C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\WZSE0.TMP\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,43,00,44,00,39,00,35,00,46,00,36,00,36,00,\
  31,00,2d,00,41,00,35,00,43,00,34,00,2d,00,34,00,34,00,46,00,35,00,2d,00,41,\
  00,36,00,41,00,41,00,2d,00,45,00,43,00,44,00,44,00,39,00,31,00,43,00,32,00,\
  34,00,30,00,43,00,46,00,7d,00,00,00
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"Publisher"="WinZip Computing, S.L. "
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0000e0fd
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,43,00,44,00,39,00,35,00,46,00,36,00,36,\
  00,31,00,2d,00,41,00,35,00,43,00,34,00,2d,00,34,00,34,00,46,00,35,00,2d,00,\
  41,00,36,00,41,00,41,00,2d,00,45,00,43,00,44,00,44,00,39,00,31,00,43,00,32,\
  00,34,00,30,00,43,00,46,00,7d,00,00,00
"VersionMajor"=dword:0000000f
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0f002737
"Language"=dword:00000409
"DisplayName"="WinZip 15.0"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}]
"AuthorizedCDFPrefix"=""
"Comments"="Caution. Removing this product might prevent some applications from running."
"Contact"=""
"DisplayVersion"="11.0.61030"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,67,00,6f,00,2e,00,\
  6d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,\
  00,2f,00,66,00,77,00,6c,00,69,00,6e,00,6b,00,2f,00,3f,00,4c,00,69,00,6e,00,\
  6b,00,49,00,64,00,3d,00,31,00,33,00,33,00,34,00,30,00,35,00,00,00
"HelpTelephone"=""
"InstallDate"="20150211"
"InstallLocation"=""
"InstallSource"="C:\\ProgramData\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\packages\\vcRuntimeMinimum_amd64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,43,00,46,00,32,00,42,00,45,00,41,00,33,00,\
  43,00,2d,00,32,00,36,00,45,00,41,00,2d,00,33,00,32,00,46,00,38,00,2d,00,41,\
  00,41,00,39,00,42,00,2d,00,33,00,33,00,31,00,46,00,37,00,45,00,33,00,34,00,\
  42,00,41,00,39,00,37,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Microsoft Corporation"
"Readme"=""
"Size"=""
"EstimatedSize"=dword:000007d0
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,43,00,46,00,32,00,42,00,45,00,41,00,33,\
  00,43,00,2d,00,32,00,36,00,45,00,41,00,2d,00,33,00,32,00,46,00,38,00,2d,00,\
  41,00,41,00,39,00,42,00,2d,00,33,00,33,00,31,00,46,00,37,00,45,00,33,00,34,\
  00,42,00,41,00,39,00,37,00,7d,00,00,00
"URLInfoAbout"=""
"URLUpdateInfo"=""
"VersionMajor"=dword:0000000b
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:0b00ee66
"Language"=dword:00000409
"DisplayName"="Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D329ECB4-677F-3402-8466-D77FE6FC804E}]
"AuthorizedCDFPrefix"=""
"Comments"=""
"Contact"="AMD Customer Support"
"DisplayVersion"="1.0.80830.1925"
"HelpLink"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,73,00,75,00,70,00,\
  70,00,6f,00,72,00,74,00,2e,00,61,00,6d,00,64,00,2e,00,63,00,6f,00,6d,00,00,\
  00
"HelpTelephone"="905-882-2600"
"InstallDate"="20141001"
"InstallLocation"="C:\\Program Files\\Common Files\\ATI Technologies\\Multimedia\\"
"InstallSource"="C:\\swsetup\\sp63823\\Packages\\Apps\\WMVDecoder64\\"
"ModifyPath"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,78,\
  00,65,00,20,00,2f,00,58,00,7b,00,44,00,33,00,32,00,39,00,45,00,43,00,42,00,\
  34,00,2d,00,36,00,37,00,37,00,46,00,2d,00,33,00,34,00,30,00,32,00,2d,00,38,\
  00,34,00,36,00,36,00,2d,00,44,00,37,00,37,00,46,00,45,00,36,00,46,00,43,00,\
  38,00,30,00,34,00,45,00,7d,00,00,00
"NoModify"=dword:00000001
"Publisher"="Advanced Micro Devices, Inc."
"Readme"=""
"Size"=""
"EstimatedSize"=dword:0000048b
"SystemComponent"=dword:00000001
"UninstallString"=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
  78,00,65,00,20,00,2f,00,58,00,7b,00,44,00,33,00,32,00,39,00,45,00,43,00,42,\
  00,34,00,2d,00,36,00,37,00,37,00,46,00,2d,00,33,00,34,00,30,00,32,00,2d,00,\
  38,00,34,00,36,00,36,00,2d,00,44,00,37,00,37,00,46,00,45,00,36,00,46,00,43,\
  00,38,00,30,00,34,00,45,00,7d,00,00,00
"URLInfoAbout"="http://www.amd.com"
"URLUpdateInfo"=""
"VersionMajor"=dword:00000001
"VersionMinor"=dword:00000000
"WindowsInstaller"=dword:00000001
"Version"=dword:01013bbe
"Language"=dword:00000409
"DisplayName"="AMD Media Foundation Decoders"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DE8D2600-2739-44AA-AED7-CBD50E6C6B70}]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DE8D2600-2739-44AA-AED7-CBD50E6C6B70}\000]
"Value1"=hex(B):c0,e3,12,63,3c,14,d0,01
"Value2"=hex(B):c0,63,40,4c,f5,5a,d0,01
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DE8D2600-2739-44AA-AED7-CBD50E6C6B70}\430]
"Value1"=hex(B):f0,d3,d3,39,2a,14,d0,01
"Value2"=hex(B):50,0a,41,ca,0c,9e,cf,01
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9EED4AE-682B-4501-9574-D09A21717599}_is1]
"Inno Setup: Setup Version"="5.4.2 (a)"
"Inno Setup: App Path"="C:\\Program Files\\AMD Quick Stream"
"InstallLocation"="C:\\Program Files\\AMD Quick Stream\\"
"Inno Setup: Icon Group"="AMD Quick Stream"
"Inno Setup: User"="Administrator"
"Inno Setup: Language"="English"
"DisplayName"="AMD Quick Stream"
"DisplayIcon"="C:\\Program Files\\AMD Quick Stream\\ApxAccelerator.exe"
"UninstallString"="\"C:\\Program Files\\AMD Quick Stream\\unins000.exe\""
"QuietUninstallString"="\"C:\\Program Files\\AMD Quick Stream\\unins000.exe\" /SILENT"
"DisplayVersion"="3.3.26.0"
"Publisher"="AppEx Networks"
"NoModify"=dword:00000001
"NoRepair"=dword:00000001
"InstallDate"="20140119"
"MajorVersion"=dword:00000003
"MinorVersion"=dword:00000003
"EstimatedSize"=dword:00000b34
 
 
Emisoft result:
 

Emsisoft Emergency Kit - Version 9.0
Last update: 4/25/2015 11:01:37 PM
User account: Lynn-HP\Lynn
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 4/25/2015 11:02:35 PM
 
Scanned 357547
Found 0
 
Scan end: 4/26/2015 1:15:09 AM
Scan time: 2:12:34
 
 
SCREEN317's security check:
 

 Results of screen317's Security Check version 1.00  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpyHunter 4    
 AVG Web TuneUp   
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Reader XI  
 Google Chrome (41.0.2272.118) 
 Google Chrome (42.0.2311.90) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 PM

Posted 26 April 2015 - 02:09 PM

Hi Lynn,

Good work with AVG. It found 2 items in your backup copy of files.

Generally it will work if the file is downloaded into the Downloads folder rather than the Desktop. So far things are great so continue on as you have been doing.

Please attempt this.

===================================================

Program Install and Uninstall Troubleshooter

--------------------
  • Download Windows Installer CleanUp Utility Installer and save it to your desktop
  • Double click the icon (Windows 7 and Vista right click and select Run as Administrator) to install the program
  • Click Start, All Programs, then Windows Install Clean Up
  • In the list of programs that will appear
  • Highlight the following entry(s) and select Remove

PCTuner
WeatherApp

  • Once completed exit out of Windows Installer Clean Up, reboot your computer and check for the entry(s) in Programs and Feature or Add/Remover Programs
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were the 2 programs removed?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Lmhteach

Lmhteach
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 26 April 2015 - 06:48 PM

Okay.....sorry about that....I had a communion party here, so I couldn't get to this until now.  I installed windows installer cleanup and I no longer see signs of Pctuner, but I do see WeatherApp in the start menu.  I do not see it in Programs and features.

 

 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 PM

Posted 26 April 2015 - 07:10 PM

No problem Lynn and congratulations on the Communion. :)

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*WeatherApp*
:folderfind
*WeatherApp*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Lmhteach

Lmhteach
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 26 April 2015 - 07:44 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 19:21 on 26/04/2015 by Lynn
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "*WeatherApp*"
No files found.
 
========== folderfind ==========
 
Searching for "*WeatherApp*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp d------ [22:35 19/12/2014]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WeatherApp d------ [22:35 19/12/2014]
 
-= EOF =-


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:33 PM

Posted 26 April 2015 - 07:59 PM

Excellent, now this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WeatherApp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your Start Menu for WeatherApp
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log
  • Is WeatherApp now gone?
  • Are there any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Lmhteach

Lmhteach
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 26 April 2015 - 08:11 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2015
Ran by Lynn at 2015-04-26 20:06:35 Run:3
Running from C:\Users\Lynn\Desktop
Loaded Profiles: Lynn (Available profiles: Lynn)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WeatherApp
*****************
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherApp => Moved successfully.
"C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\WeatherApp" => File/Directory not found.
 
==== End of Fixlog 20:06:35 ====
 
 
oooooohhhhhh......you are really good!!  No, WeatherApp is gone from the start menu.  I do not see any other problems at this time.
 
Do you think it's all clear now?
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users