Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

YTD Video Downloader virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 4th, 2015, 9:35 pm

Working on this now. Please don't close.
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm
Advertisement
Register to Remove

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 4th, 2015, 10:18 pm

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Curtis McClay (administrator) on HARVEYMCCLAY-HP on 04-03-2015 19:41:42
Running from C:\Users\Curtis McClay\Desktop
Loaded Profiles: Curtis McClay (Available profiles: Harvey McClay & Curtis McClay & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Webroot Software, Inc.) C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-28] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\...\MountPoints2: {0f90964a-64ce-11e1-bbcc-806e6f6e6963} - E:\dvd_rom.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.disabled
ShortcutTarget: Bluetooth.lnk.disabled -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk.disabled
ShortcutTarget: MozyHome Status.lnk.disabled -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Curtis McClay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Harvey McClay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-3340973777-658078649-2245101506-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3340973777-658078649-2245101506-1003] => http=127.0.0.1:49218;https=127.0.0.1:49218
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=937811&fr=spigot-yhp-ie
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {49938FB8-D1E9-488A-B3AB-0B8A484A496F} URL = https://search.yahoo.com/search?fr=chr- ... =937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {AC67A53E-767D-4303-93C1-938682F16EB3} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... html?_nkw={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Curtis McClay\AppData\Roaming\Mozilla\Firefox\Profiles\jm5yqixa.default-1422686632180
FF Homepage: www.ebay.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3340973777-658078649-2245101506-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\CURTIS~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo.com/?type=937811&fr=yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=937811&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> mysearchdial.com
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?outp ... n&command={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-17]
CHR Extension: (YouTube) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-18]
CHR Extension: (Google Search) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-18]
CHR Extension: (RealDownloader) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-05-15]
CHR Extension: (Google Wallet) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Gmail) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-18]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54672 2012-08-02] (Mozy, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 wwEngineSvc; C:\Program Files (x86)\Webroot\Washer\WasherSvc.exe [618896 2011-04-20] (Webroot Software, Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20150224.001\BHDrvx64.sys [1622744 2015-02-02] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-14] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20150303.001\IDSvia64.sys [669400 2015-01-30] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-04] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67368 2012-08-02] (Mozy, Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20150303.034\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20150303.034\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-03-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 446A1AAD34191665A8DF6092BD8EB5A8
C:\Windows\System32\DRIVERS\atikmpag.sys F8F8A908FDB005A65DDF7238C814EEA5
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\amd_sata.sys 2FBB00A7616106B95104574C6CD640C2
C:\Windows\System32\drivers\amd_xata.sys 87D0D7645CB0D53220649BD5FE15D93E
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys FDE8C8DC07E75347E4C6B455A0964217
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20150224.001\BHDrvx64.sys 99EE5EB9FCBAD85F1992C47C5BB68649
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btwampfl.sys A0DFB69ADE3444C78B17636FCF28E898
C:\Windows\System32\drivers\btwaudio.sys 7CF028CE78696882B327FF13D2DFA534
C:\Windows\System32\DRIVERS\btwavdt.sys 3DEF2370E414B4E299673558BA171A51
C:\Windows\System32\DRIVERS\btwl2cap.sys 346B4051B3D7FF70E8F027869B8ECA6E
C:\Windows\System32\DRIVERS\btwrchid.sys 9937E0E4DFC0030560A6DFE9D3A94B39
C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys A8AD33C9DD88C810CAC00ACC7F4329FB
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys E45CDE1C8340DFEDF1D6724263F39E5B
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 47A68B3DBBB34D4FE61DE221A8536627
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys B9773081AAF65E6D553496BA0CADCBB3
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20150303.001\IDSvia64.sys EB1118C371A096FFD4275EB85CB9EC2E
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 392D5C87F282E8E36DF5154418A7BB20
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys C60C6B9A2E50B0404F6789C62B428C03
C:\Windows\System32\Drivers\ksecpkg.sys 78D152A9FD5747FF6AA89C79F0346F62
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mozy.sys 537BBB5C90D1205C536D46ABBB2D5313
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20150303.034\ENG64.SYS 54F4B358F41C664CBDE4507D67EED1CD
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20150303.034\EX64.SYS A74D67EEEB3938FD2FA3B65B24C32C44
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS 1321A6C3C92BBD3F3BBE1292CFF8E91A
C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS BD129C22C3B8C2E584227269DFA77B09
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\NISx64\1301000.01C\SYMDS64.SYS 8B2430762099598DA40686F754632EFD
C:\Windows\System32\drivers\NISx64\1301000.01C\SYMEFA64.SYS FE29B18BF86FFCD55D8733C9B01E5042
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 36B77F5C9E21F88A8C8EC67AD5415819
C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS DD70DA422460FDED831D211DF151D560
C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS BCE4EB2EEF05E388959B46FD21388C2D
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\drivers\usbfilter.sys 573D192E268F0C5B486B7E96F661E538
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:41 - 2015-03-04 19:42 - 00043181 _____ () C:\Users\Curtis McClay\Desktop\FRST.txt
2015-03-04 19:41 - 2015-03-04 19:41 - 00000000 ____D () C:\FRST
2015-03-04 19:40 - 2015-03-04 19:40 - 02092544 _____ (Farbar) C:\Users\Curtis McClay\Desktop\FRST64.exe
2015-03-01 19:52 - 2015-03-01 19:52 - 00000000 ____D () C:\_OTL
2015-02-28 01:23 - 2015-02-28 01:23 - 00129792 _____ () C:\Users\Harvey McClay\Desktop\OTL.Txt
2015-02-28 01:23 - 2015-02-28 01:23 - 00075942 _____ () C:\Users\Harvey McClay\Desktop\Extras.Txt
2015-02-28 00:59 - 2015-02-28 00:59 - 00602112 _____ (OldTimer Tools) C:\Users\Harvey McClay\Desktop\OTL.exe
2015-02-27 23:57 - 2015-02-27 23:57 - 00021702 _____ () C:\Users\Harvey McClay\Desktop\JRT.txt
2015-02-27 23:46 - 2015-02-27 23:46 - 01388274 _____ (Thisisu) C:\Users\Harvey McClay\Desktop\JRT.exe
2015-02-27 23:43 - 2015-03-01 20:37 - 00003370 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1000
2015-02-27 23:43 - 2015-03-01 20:37 - 00003252 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3340973777-658078649-2245101506-1000
2015-02-27 23:43 - 2015-02-27 23:43 - 00012131 _____ () C:\Users\Harvey McClay\Desktop\AdwCleaner[S0].txt
2015-02-27 23:16 - 2015-02-27 23:39 - 00000000 ____D () C:\AdwCleaner
2015-02-27 23:14 - 2015-02-27 23:14 - 02126848 _____ () C:\Users\Harvey McClay\Desktop\adwcleaner_4.111.exe
2015-02-27 22:31 - 2012-07-05 21:06 - 00772544 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2015-02-27 22:31 - 2012-07-05 21:06 - 00687544 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2015-02-25 13:05 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 13:05 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 13:05 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 13:05 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-25 03:02 - 2015-01-08 17:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 03:02 - 2015-01-08 17:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 15:47 - 2015-02-24 15:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-18 19:13 - 2015-02-18 19:13 - 00001843 _____ () C:\Users\Curtis McClay\Documents\00 Norton blocked.txt
2015-02-11 10:31 - 2015-01-22 22:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-11 10:31 - 2015-01-22 22:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 10:31 - 2015-01-22 21:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 10:31 - 2015-01-22 21:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-10 18:27 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-10 18:27 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-10 18:27 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-10 18:27 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-10 18:27 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-10 18:27 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-10 18:27 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-10 18:27 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-10 18:27 - 2015-01-10 00:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 18:27 - 2015-01-10 00:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 18:27 - 2015-01-10 00:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 18:27 - 2015-01-10 00:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 18:27 - 2015-01-10 00:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 18:27 - 2015-01-10 00:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 18:27 - 2015-01-10 00:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 18:27 - 2015-01-10 00:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 18:27 - 2015-01-10 00:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 18:27 - 2015-01-10 00:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 18:27 - 2015-01-10 00:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 18:27 - 2015-01-10 00:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 18:27 - 2015-01-10 00:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 18:27 - 2015-01-10 00:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 18:26 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 18:26 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 18:26 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 18:26 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 18:26 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 18:26 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 18:26 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 18:26 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 18:26 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 18:26 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 18:26 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 18:26 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 18:26 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 18:26 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 18:26 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 18:26 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 18:26 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 18:26 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 18:26 - 2015-01-13 23:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 18:26 - 2015-01-13 23:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 18:26 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 18:26 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 18:26 - 2015-01-11 21:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 18:26 - 2015-01-11 21:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 18:26 - 2015-01-11 21:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 18:26 - 2015-01-11 20:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 18:26 - 2015-01-11 20:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 18:26 - 2015-01-11 20:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 18:26 - 2015-01-11 20:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 18:26 - 2015-01-11 20:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 18:26 - 2015-01-11 20:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 18:26 - 2015-01-11 20:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 18:26 - 2015-01-11 20:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 18:26 - 2015-01-11 20:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 18:26 - 2015-01-11 20:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 18:26 - 2015-01-11 20:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 18:26 - 2015-01-11 20:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 18:26 - 2015-01-11 20:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 18:26 - 2015-01-11 20:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 18:26 - 2015-01-11 20:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 18:26 - 2015-01-11 20:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 18:26 - 2015-01-11 20:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 18:26 - 2015-01-11 20:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 18:26 - 2015-01-11 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 18:26 - 2015-01-11 20:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 18:26 - 2015-01-11 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 18:26 - 2015-01-11 20:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 18:26 - 2015-01-11 20:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 18:26 - 2015-01-11 20:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 18:26 - 2015-01-11 19:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 18:26 - 2015-01-11 19:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 18:26 - 2015-01-11 19:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 18:26 - 2015-01-11 19:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 18:26 - 2015-01-11 19:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 18:26 - 2015-01-11 19:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 18:26 - 2015-01-11 19:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 18:26 - 2015-01-11 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 18:26 - 2015-01-11 19:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 18:26 - 2015-01-11 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 18:26 - 2015-01-11 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 18:26 - 2015-01-11 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 18:26 - 2015-01-11 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 18:26 - 2015-01-11 19:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 18:26 - 2015-01-11 19:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 18:26 - 2015-01-11 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 18:26 - 2015-01-11 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 18:26 - 2015-01-11 19:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 18:26 - 2015-01-11 19:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 18:26 - 2015-01-11 19:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 18:26 - 2015-01-11 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 18:26 - 2015-01-11 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 18:26 - 2015-01-11 18:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 18:26 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 18:26 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 18:26 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 18:26 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 18:26 - 2014-10-03 20:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-10 18:26 - 2014-10-03 19:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-10 18:26 - 2014-10-03 19:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-10 18:26 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 18:26 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 18:26 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 18:26 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 18:25 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 18:25 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 18:25 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 18:25 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 18:25 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 18:25 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 18:25 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 18:25 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 18:25 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 18:25 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-05 00:15 - 2015-02-05 00:15 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 16:43 - 2015-02-04 16:43 - 00000000 ____D () C:\Users\Curtis McClay\AppData\Roaming\WinRAR
2015-02-02 00:35 - 2015-01-31 01:07 - 00000249 _____ () C:\Users\Curtis McClay\Desktop\fixme - Cop.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 19:36 - 2013-07-18 14:03 - 00000000 ____D () C:\Users\Curtis McClay\Documents\Own Docs
2015-03-04 19:36 - 2012-04-20 20:20 - 00000000 ____D () C:\Users\Curtis McClay\AppData\Local\DVD Profiler
2015-03-04 19:34 - 2015-01-28 21:32 - 00000402 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Harvey McClay.job
2015-03-04 19:20 - 2012-04-09 20:53 - 01738596 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 19:15 - 2012-07-16 18:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 15:44 - 2014-02-18 15:44 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForCurtis McClay.job
2015-03-04 12:22 - 2012-06-07 18:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-03 21:35 - 2015-01-28 21:32 - 00000398 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Harvey McClay.job
2015-03-03 20:13 - 2012-04-12 16:34 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5300C6E4-452E-4549-AF8F-D48A69701C16}
2015-03-03 15:48 - 2012-04-10 16:41 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-03-03 15:41 - 2012-04-17 14:10 - 00002887 _____ () C:\Users\Curtis McClay\Documents\00000.txt
2015-03-03 15:14 - 2012-05-16 13:42 - 00000000 ____D () C:\Users\Curtis McClay\Documents\DVDs bought
2015-03-02 21:19 - 2012-03-02 17:42 - 00000000 ____D () C:\ProgramData\PDFC
2015-03-01 20:51 - 2015-01-28 21:32 - 00000408 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Harvey McClay.job
2015-03-01 20:26 - 2009-07-13 22:45 - 00024608 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 20:26 - 2009-07-13 22:45 - 00024608 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 20:19 - 2012-11-14 16:39 - 00011188 _____ () C:\Windows\setupact.log
2015-03-01 20:19 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 23:53 - 2012-04-09 19:01 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0691111D-6145-4D24-A49B-E59AD7553FBF}
2015-02-27 23:39 - 2012-04-12 16:33 - 00000000 ____D () C:\Users\Curtis McClay
2015-02-27 22:41 - 2009-07-13 23:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-27 22:36 - 2014-10-28 21:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-02-27 22:36 - 2012-11-14 16:39 - 00388276 _____ () C:\Windows\PFRO.log
2015-02-27 22:33 - 2013-07-14 18:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-27 22:32 - 2012-10-19 15:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-26 11:22 - 2013-06-26 20:25 - 00003392 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1003
2015-02-26 11:22 - 2013-06-26 20:25 - 00003274 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3340973777-658078649-2245101506-1003
2015-02-26 03:16 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2015-02-25 03:20 - 2012-04-24 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 15:44 - 2014-02-18 15:44 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCurtis McClay
2015-02-24 13:02 - 2012-03-02 17:46 - 00000000 ____D () C:\ProgramData\Norton
2015-02-24 01:01 - 2012-04-28 18:53 - 00000000 ____D () C:\Users\Curtis McClay\AppData\Local\CrashDumps
2015-02-22 14:33 - 2012-04-18 18:08 - 00006435 _____ () C:\Users\Curtis McClay\Documents\000.txt
2015-02-21 19:17 - 2015-02-01 18:41 - 00028497 _____ () C:\Users\Curtis McClay\Desktop\dds.txt
2015-02-21 19:17 - 2015-02-01 18:41 - 00006797 _____ () C:\Users\Curtis McClay\Desktop\attach.txt
2015-02-19 20:05 - 2012-06-07 18:50 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-18 11:38 - 2012-03-02 17:26 - 00000000 ____D () C:\ProgramData\Temp
2015-02-16 20:04 - 2012-04-13 14:51 - 00001231 _____ () C:\Users\Curtis McClay\Documents\CH Uids.txt
2015-02-16 17:15 - 2012-07-22 16:37 - 00000000 ____D () C:\Users\Curtis McClay\Documents\Frontlines
2015-02-14 17:57 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 03:38 - 2009-07-13 22:45 - 00295504 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 03:34 - 2014-12-11 03:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-11 03:34 - 2014-05-06 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-11 03:16 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 03:02 - 2012-05-15 17:19 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 15:13 - 2012-04-24 16:34 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-05 00:15 - 2012-07-16 18:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 00:15 - 2012-04-16 19:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 00:15 - 2012-03-02 17:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 23:51 - 2014-07-25 20:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-04 12:17 - 2012-06-07 18:50 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 12:17 - 2012-06-07 18:50 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 12:17 - 2012-06-07 18:50 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 01:10 - 2014-07-25 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-03 01:10 - 2014-07-25 20:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-03 01:10 - 2012-04-12 16:47 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

==================== Files in the root of some directories =======

2012-11-14 13:15 - 2012-11-14 13:15 - 0000022 ___SH () C:\Users\Curtis McClay\AppData\Roaming\Sys2662.Config.Repository.bin
2014-01-20 14:59 - 2014-01-29 00:01 - 0000092 _____ () C:\Users\Curtis McClay\AppData\Roaming\WB.CFG
2014-01-20 15:01 - 2014-01-29 00:01 - 0000005 _____ () C:\Users\Curtis McClay\AppData\Roaming\WBPU-TTL.DAT
2015-01-31 00:29 - 2015-01-31 00:29 - 0000088 _____ () C:\Users\Curtis McClay\AppData\Local\47dd4b85fab1b2cca14705ce406b689a
2013-05-19 10:21 - 2013-05-19 10:21 - 0926010 _____ () C:\Users\Curtis McClay\AppData\Local\a.zip
2013-05-19 10:21 - 2013-05-19 10:21 - 2162344 _____ (Catalina Marketing Corp) C:\Users\Curtis McClay\AppData\Local\BcsKtYcHW.dll
2012-09-23 14:28 - 2012-09-23 14:28 - 0003584 _____ () C:\Users\Curtis McClay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-14 18:28 - 2013-07-14 18:28 - 0000000 _____ () C:\ProgramData\202821222a2b342b2a3f35365f3138_c
2012-04-12 15:14 - 2012-12-15 16:01 - 0007611 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {current}
resumeobject {74c4be10-3600-11e0-8ff1-0018716eb820}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {64ee27d9-82b7-11e1-9cd3-9cb70d9bd21b}

Windows Boot Loader
-------------------
identifier {64ee27d9-82b7-11e1-9cd3-9cb70d9bd21b}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{64ee27da-82b7-11e1-9cd3-9cb70d9bd21b}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{64ee27da-82b7-11e1-9cd3-9cb70d9bd21b}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {64ee27d9-82b7-11e1-9cd3-9cb70d9bd21b}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {74c4be10-3600-11e0-8ff1-0018716eb820}
nx OptIn
bootlog No

Resume from Hibernate
---------------------
identifier {74c4be10-3600-11e0-8ff1-0018716eb820}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {64ee27da-82b7-11e1-9cd3-9cb70d9bd21b}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-02-23 00:36

==================== End Of Log ============================
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 4th, 2015, 10:20 pm

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2015 01
Ran by Curtis McClay at 2015-03-04 19:42:37
Running from C:\Users\Curtis McClay\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}) (Version: 3.0.842.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CSV Export 2.1 (HKLM-x32\...\CSVExport_is1) (Version: - Mark Harrison)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Profiler Version 3.8.2 (HKLM-x32\...\InvelosDVDProfiler_is1) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FastStone Image Viewer 5.1 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.1 - FastStone Soft)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Flixster (HKU\S-1-5-21-3340973777-658078649-2245101506-1003\...\404b9336c7552828) (Version: 1.9.0.205 - Flixster)
GeniusBox 2.0 (HKLM-x32\...\GeniusBox) (Version: 2.0 - GeniusBox 2.0)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-3340973777-658078649-2245101506-1003\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Scanjet 4800 series 9.0 (HKLM\...\{A5A8D74C-61B6-46ce-B6E7-527BDD687787}) (Version: 9.0 - HP)
HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
hpg4050 (x32 Version: 140.000.000.000 - Hewlett-Packard) Hidden
hpg4850 (x32 Version: 8.0.0.0 - Hewlett-Packard) Hidden
hpg4850QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 2.0.3 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MozyHome (HKLM\...\{42DC1D4E-4357-3EC0-C850-74DC3068950F}) (Version: 2.14.2.199 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.1.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6387 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
The Weather Channel Desktop 6 (HKLM-x32\...\The Weather Channel Desktop 6) (Version: - )
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Window Washer (HKLM-x32\...\Window Washer) (Version: - Webroot Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
YTD Toolbar v7.3 (HKLM-x32\...\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3340973777-658078649-2245101506-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2012-11-14 13:47 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {008D4D87-983F-4AC9-BE71-86829EE3F7A6} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {0582B435-E39E-4395-9FFB-5D10F20675A7} - System32\Tasks\RNUpgradeHelperResumePrompt_Harvey McClay => C:\Users\Harvey McClay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe [2015-01-28] (RealNetworks, Inc.)
Task: {0A4119B7-D3D1-4C75-919E-B27F44CE004A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {0E00B5BA-2ECC-4DA2-9A8C-547E65216A35} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {1CF77983-8EB2-47B8-A3BF-1921822E413E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {21486AD8-79EB-439E-897D-CE0ED4F934CC} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3340973777-658078649-2245101506-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {340FA583-711F-4E63-8C8B-6AF2AC49DDD6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3B9D610C-B4D3-48A7-8871-54FB2C604C75} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {3C3E4B2B-6406-43C6-A8EF-3BB2367CE496} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {3DAC0A29-C7AC-48FA-AB40-77E287EFEB9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3F2E0367-B883-4E04-813E-38B7443372DD} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {47ADB560-86BB-4A7F-8202-150E4C1A97CC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {509603F6-6EA3-4B3C-834A-2E605FB6BB23} - System32\Tasks\ReclaimerUpdateXML_Harvey McClay => C:\Users\Harvey McClay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe [2015-01-28] (RealNetworks, Inc.)
Task: {5E7D56E1-D363-44A1-AAA5-17B5D9B0EA4A} - System32\Tasks\Test TimeTrigger => C:\Users\HARVEY~1\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {5F45D450-B713-4C19-90D4-7708773F27DF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6FB26EBD-FA14-4FB8-8A6C-2A4152541871} - System32\Tasks\Check Updates => C:\Users\Curtis McClay\AppData\Local\browser extensions\updater.exe
Task: {76B75404-E2EB-4BCA-A1BC-DC5E93F2A017} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3340973777-658078649-2245101506-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {77F537AE-058E-4355-8A1D-33DA301B2B74} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3340973777-658078649-2245101506-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {78667249-8B72-4260-BCDA-E12F211A1F01} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {7A3FB56E-6937-4E9F-972D-EE17509CD863} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {7E369946-B149-44B1-81DD-DDDF24347442} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {8A44CAF4-C730-422C-99B2-49ECF7855FBB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard)
Task: {8F32A00D-7E11-49F6-A4FA-55579288928E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3340973777-658078649-2245101506-1003 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {90FFF52D-BA94-4603-8B18-097737788336} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {91D8EA52-4951-4D2C-AF9D-A1B8F4FB843C} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\Curtis McClay\AppData\Local\browser extensions\client.exe"
Task: {99F96397-CA08-45C2-8362-E4085F63650F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3340973777-658078649-2245101506-1003 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {9D2FFA94-FB50-4347-A2C6-2CCED19F892B} - System32\Tasks\RNUpgradeHelperLogonPrompt_Harvey McClay => C:\Users\Harvey McClay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe [2015-01-28] (RealNetworks, Inc.)
Task: {9ED2DBC1-E7F0-4ABB-8352-5D41E4E722A4} - System32\Tasks\Validate Installation => C:\Users\Curtis McClay\AppData\Local\browser extensions\updater.exe
Task: {A143F2C3-8C7C-4DA0-BD5E-8C4C121B971F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {A4A473D5-B352-4836-A76F-D183ADBC9CCE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {C2E8CEBD-D5B6-42E5-96B1-0CCA6F9B9414} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {C2F68E85-B5DF-42E3-96AE-7D5CD42AB5BC} - System32\Tasks\HPCeeScheduleForCurtis McClay => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {CC899924-D4F7-45C5-AE3F-C18E4A354E9E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3340973777-658078649-2245101506-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CCDCC7B2-80BD-4214-8FB4-6E9957DE082B} - System32\Tasks\{8A3A16EB-D5A5-4C26-98EA-75D6058C6C65} => pcalua.exe -a E:\IsInstallPending.exe -d E:\
Task: {E1AF1AF8-DD6D-4BCB-ACEB-987AEFC7328C} - System32\Tasks\ReclaimerUpdateFiles_Harvey McClay => C:\Users\Harvey McClay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe [2015-01-28] (RealNetworks, Inc.)
Task: {FF011D26-1122-4BC1-A143-531788590606} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCurtis McClay.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Harvey McClay.job => C:\Users\Harvey McClay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Harvey McClay.job => C:\Users\Harvey McClay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Harvey McClay.job => C:\Users\Harvey McClay\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\12.01\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) ==============

2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-09-08 15:53 - 2011-09-08 15:53 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-08-02 14:41 - 2011-08-02 14:41 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-04-12 16:53 - 2011-04-20 11:11 - 00559244 _____ () C:\Program Files (x86)\Webroot\Washer\sqlite3.dll
2012-03-02 17:38 - 2010-06-02 13:41 - 02202624 _____ () C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\QtCore4.dll
2012-03-02 17:38 - 2010-06-02 13:42 - 07999488 _____ () C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\QtGui4.dll
2012-03-02 17:38 - 2010-06-02 13:35 - 00054448 _____ () C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\bzip2.dll
2012-03-02 17:38 - 2010-06-02 13:36 - 00023552 _____ () C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\plugins\imageformats\qgif4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\78096473.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\78096473.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Curtis McClay\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.76.76 - 75.75.75.75

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

==================== Accounts: =============================

Administrator (S-1-5-21-3340973777-658078649-2245101506-500 - Administrator - Disabled)
Curtis McClay (S-1-5-21-3340973777-658078649-2245101506-1003 - Administrator - Enabled) => C:\Users\Curtis McClay
Guest (S-1-5-21-3340973777-658078649-2245101506-501 - Limited - Enabled) => C:\Users\Guest
Harvey McClay (S-1-5-21-3340973777-658078649-2245101506-1000 - Administrator - Enabled) => C:\Users\Harvey McClay

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2015 00:30:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/04/2015 00:30:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/03/2015 00:37:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/03/2015 00:36:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/02/2015 01:32:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 36.0.0.5531 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 34c

Start Time: 01d054b9e2e84eb7

Termination Time: 62

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 4e3e66c9-c0ae-11e4-8573-9cb70d9bd21b

Error: (03/01/2015 11:43:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/01/2015 11:42:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (03/01/2015 02:32:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/01/2015 02:31:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/28/2015 00:46:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (03/04/2015 03:56:05 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/01/2015 07:52:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (03/04/2015 00:30:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/04/2015 00:30:13 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/03/2015 00:37:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/03/2015 00:36:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/02/2015 01:32:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe36.0.0.553134c01d054b9e2e84eb762C:\Program Files (x86)\Mozilla Firefox\firefox.exe4e3e66c9-c0ae-11e4-8573-9cb70d9bd21b

Error: (03/01/2015 11:43:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/01/2015 11:42:30 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (03/01/2015 02:32:03 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (03/01/2015 02:31:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (02/28/2015 00:46:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe


==================== Memory info ===========================

Processor: AMD A6-3620 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 30%
Total physical RAM: 7666.85 MB
Available physical RAM: 5307.7 MB
Total Pagefile: 15331.88 MB
Available Pagefile: 12909.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.58 GB) (Free:579.45 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:16.83 GB) (Free:2.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (30 Days Of Nights) (CDROM) (Total:7.48 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0D86579F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=914.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 4th, 2015, 10:27 pm

No real problems running the 2 programs. Computer does seem to be running a bit faster, but had already been running a bit faster from the 1st set of procedures.

Is there anything else I need to do to prevent this in the future? I know the basics, but I was trying to d/l an update to YTD Downloader from a link in the program and thought that was safe.. Was surprised to find the malware in what I thought was a legitimate program and link.

I know this is time consuming and I thank you for taking the time to help me.
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby pgmigg » March 5th, 2015, 2:21 pm

Hello jimmywong123,

Is there anything else I need to do to prevent this in the future? I know the basics, but I was trying to d/l an update to YTD Downloader from a link in the program and thought that was safe.. Was surprised to find the malware in what I thought was a legitimate program and link.
We will discuss this issue later, when I will note you that your computer is clean completely...
Meanwhile let continue our treatment... :D

Step 1.
  1. Click Start
  2. Type notepad.exe in the search programs and files box and click Enter.
  3. A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    ProxyEnable: [S-1-5-21-3340973777-658078649-2245101506-1003] => Internet Explorer proxy is enabled.
    ProxyServer: [S-1-5-21-3340973777-658078649-2245101506-1003] => http=127.0.0.1:49218;https=127.0.0.1:49218
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
    HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
    HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=937811&a ... got-yhp-ie 
    SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {49938FB8-D1E9-488A-B3AB-0B8A484A496F} URL = https://search.yahoo.com/search?fr=chr- ... =937811&p= {searchTerms}
    SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {AC67A53E-767D-4303-93C1-938682F16EB3} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords= {searchTerms}
    SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... html?_nkw= {searchTerms}
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin HKU\S-1-5-21-3340973777-658078649-2245101506-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\CURTIS~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    CHR HomePage: Default -> https://search.yahoo.com/?type=937811&a ... =yo-yhp-ch
    CHR StartupUrls: Default -> "https://search.yahoo.com/?type=937811&fr=yo-yhp-ch"
    CHR DefaultSearchKeyword: Default -> mysearchdial.com
    CHR DefaultSearchKeyword: Default -> yahoo.com search
    CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?outp ... n&command= {searchTerms}
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
    CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
    CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    CHR Extension: (Gmail) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-18]
    YTD Toolbar v7.3 (HKLM-x32\...\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  4. Save it next to FRST64.exe on your Desktop as filename fixlist.txt

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system!

  5. NOTE: It's important that both files, FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  6. Right-click FRST64.exe and select "Run as administrator..." to run it.
  7. Press the Fix button just once. Then wait.
  8. When finished, it will create a Fixlog.txt log on your Desktop.
  9. Please post the content of the Fixlog.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the Fixlog.txt file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 8th, 2015, 7:24 pm

still active. Sorry for the delay.
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 8th, 2015, 7:35 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 03
Ran by Harvey McClay at 2015-03-08 18:30:12 Run:1
Running from C:\Users\Harvey McClay\Desktop
Loaded Profiles: Harvey McClay & Curtis McClay (Available profiles: Harvey McClay & Curtis McClay & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [S-1-5-21-3340973777-658078649-2245101506-1003] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-3340973777-658078649-2245101506-1003] => http=127.0.0.1:49218;https=127.0.0.1:49218
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=937811&a ... got-yhp-ie
SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {49938FB8-D1E9-488A-B3AB-0B8A484A496F} URL = https://search.yahoo.com/search?fr=chr- ... =937811&p= {searchTerms}
SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {AC67A53E-767D-4303-93C1-938682F16EB3} URL = http://www.amazon.com/s/ref=azs_osd_iea ... -keywords= {searchTerms}
SearchScopes: HKU\S-1-5-21-3340973777-658078649-2245101506-1003 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572 ... html?_nkw= {searchTerms}
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-3340973777-658078649-2245101506-1003: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\CURTIS~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HomePage: Default -> https://search.yahoo.com/?type=937811&a ... =yo-yhp-ch
CHR StartupUrls: Default -> "https://search.yahoo.com/?type=937811&fr=yo-yhp-ch"
CHR DefaultSearchKeyword: Default -> mysearchdial.com
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?outp ... n&command= {searchTerms}
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
CHR Extension: (Gmail) - C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-18]
YTD Toolbar v7.3 (HKLM-x32\...\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

*****************

HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKU\S-1-5-21-3340973777-658078649-2245101506-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49938FB8-D1E9-488A-B3AB-0B8A484A496F}" => Key deleted successfully.
HKCR\CLSID\{49938FB8-D1E9-488A-B3AB-0B8A484A496F} => Key not found.
"HKU\S-1-5-21-3340973777-658078649-2245101506-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AC67A53E-767D-4303-93C1-938682F16EB3}" => Key deleted successfully.
HKCR\CLSID\{AC67A53E-767D-4303-93C1-938682F16EB3} => Key not found.
"HKU\S-1-5-21-3340973777-658078649-2245101506-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0" => Key deleted successfully.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll => Moved successfully.
"HKU\S-1-5-21-3340973777-658078649-2245101506-1003\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\CURTIS~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL not found.
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSuggestURL deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll not found.
C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll not found.
C:\Users\Curtis McClay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => Moved successfully.
YTD Toolbar v7.3 (HKLM-x32\...\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}) (Version: 7.3 - Spigot, Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 108.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:30:25 ====
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby pgmigg » March 8th, 2015, 8:38 pm

Hello jimmywong123,

Good job! :D Let continue a little bit more...

Step 1.
SystemLook
Please download SystemLook_x64.exe by jpshortstuff and save it to your Desktop.
  1. Right click on SystemLook_x64.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :filefind
    *MsiExec*
    *WidgiHelper*
    *ytd*
    
    :folderfind
    *YTD*
    
    :Regfind
    MsiExec
    WidgiHelper
    ytd
    63978e510510e3598b0dfa8e6d0469cb
    Spigot
    
  3. Press the Look button to start the scan. Please be patient - it may take a while...
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the SystemLook.txt log file
  3. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 8th, 2015, 11:56 pm

No problems running it. Haven't noticed the computer any faster, but it definitely is not slow.

SystemLook 30.07.11 by jpshortstuff
Log created at 22:46 on 08/03/2015 by Harvey McClay
Administrator - Elevation successful

========== filefind ==========

Searching for "*MsiExec*"
C:\Windows\System32\msiexec.exe --a---- 128000 bytes [03:24 21/11/2010] [03:24 21/11/2010] A190DA6546501CB4146BBCC0B6A3F48B
C:\Windows\System32\en-US\msiexec.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] 0B0549AF6371A0CC9D7B65AEC779B912
C:\Windows\SysWOW64\msiexec.exe --a---- 73216 bytes [03:24 21/11/2010] [03:24 21/11/2010] EEE470F2A771FC0B543BDEEF74FCECA0
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\msiexec.exe.7672.dmp --a---- 582567 bytes [17:55 17/05/2012] [17:55 17/05/2012] 4E1CC99E61E81FB202B9CB2462FF2F79
C:\Windows\SysWOW64\en-US\msiexec.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] BDECC7CD820515393867BDA5AEEB77E0
C:\Windows\winsxs\amd64_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5495d2d619acea9d\msiexec.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] 0B0549AF6371A0CC9D7B65AEC779B912
C:\Windows\winsxs\amd64_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_a7a77a3b9cb96ce6\msiexec.exe --a---- 128000 bytes [03:24 21/11/2010] [03:24 21/11/2010] A190DA6546501CB4146BBCC0B6A3F48B
C:\Windows\winsxs\x86_microsoft-windows-i..xecutable.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f8773752614f7967\msiexec.exe.mui --a---- 2048 bytes [07:06 21/11/2010] [07:06 21/11/2010] BDECC7CD820515393867BDA5AEEB77E0
C:\Windows\winsxs\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.1.7601.17514_none_4b88deb7e45bfbb0\msiexec.exe --a---- 73216 bytes [03:24 21/11/2010] [03:24 21/11/2010] EEE470F2A771FC0B543BDEEF74FCECA0

Searching for "*WidgiHelper*"
No files found.

Searching for "*ytd*"
C:\Users\Curtis McClay\Desktop\Old Firefox Data\rwt8s0xt.default-1364529067499\extensions\ytd@mybrowserbar.com --a---- 38 bytes [06:43 31/01/2015] [05:10 22/07/2013] 4E37DC9C175217C80F1C3D78881E93F6

========== folderfind ==========

Searching for "*YTD*"
C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ytd.exe_c1b7b25f49a58aa9e9b4a7c67345fd24b395461_2682f459 d----c- [04:46 29/03/2013]
C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ytd.exe_c1b7b25f49a58aa9e9b4a7c67345fd24b395461_2682f459 d----c- [04:46 29/03/2013]
C:\Users\Curtis McClay\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ytd.exe_72e6b146771b4bd4a5b9e5545841d631392e349_0ce0b0e7 d----c- [20:28 11/08/2013]
C:\Users\Guest\AppData\LocalLow\YTD d------ [02:19 18/07/2013]

========== Regfind ==========

Searching for "MsiExec"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\ATI Catalyst Install Manager]
"RepairString"="msiexec /fams {601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\ATI Catalyst Install Manager]
"UninstallString"="msiexec /q/x{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\ccc-60-utility64]
"RepairString"="msiexec /fams {05443FF3-D54B-2240-7546-73D96B7A63AE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\ccc-60-utility64]
"UninstallString"="msiexec /q/x{05443FF3-D54B-2240-7546-73D96B7A63AE} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\SteadyVideo64]
"RepairString"="msiexec /fams {6ECDAC2F-12C1-E49B-448E-6002368967E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\ATI Technologies\Install\SteadyVideo64]
"UninstallString"="msiexec /q/x{6ECDAC2F-12C1-E49B-448E-6002368967E0} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\msiexec.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\DefaultIcon]
@="C:\Windows\system32\msiexec.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Open\command]
@=""%SystemRoot%\System32\msiexec.exe" /i "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Repair\command]
@=""%SystemRoot%\System32\msiexec.exe" /f "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Uninstall\command]
@=""%SystemRoot%\System32\msiexec.exe" /x "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Patch\DefaultIcon]
@="C:\Windows\system32\msiexec.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Patch\shell\Open\command]
@=""%SystemRoot%\System32\msiexec.exe" /p "%1" %*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\CRTDIST:16.0\RunOnUninst0]
@=""msiexec" "/x{AAECF7BA-E83B-4A10-87EA-DE0B333F8734} /qn" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SOFTWARE\RealNetworks\Update\6.0\Preferences\Components\CRTDIST_VC9:16.0\RunOnUninst0]
@=""msiexec" "/x{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} /qn" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Live Mail\InstallInfo]
"ReinstallCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible MAILDEFAULT=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Live Mail\InstallInfo]
"HideIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailVisible ADDLOCAL=WinMailInvisible"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Live Mail\InstallInfo]
"ShowIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Windows Live Mail\InstallInfo]
"ReinstallCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible MAILDEFAULT=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Windows Live Mail\InstallInfo]
"HideIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailVisible ADDLOCAL=WinMailInvisible"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\News\Windows Live Mail\InstallInfo]
"ShowIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B34A07DD-C6F7-414A-AE63-01019482EAF0}]
"StubPath"="msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileAssociation]
"AddRemoveApps"="SETUP.EXE;INSTALL.EXE;ISUNINST.EXE;UNWISE.EXE;UNWISE32.EXE;ST5UNST.EXE;MSOOBE.EXE;LNKSTUB.EXE;CONTROL.EXE;WERFAULT.EXE;WLRMDR.EXE;GUESTMODEMSG.EXE;MSIEXEC.EXE;DFSVC.EXE;WUAPP.EXE;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer]
"MsiExecCA32"="C:\Windows\syswow64\msiexec.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer]
"MsiExecCA64"="C:\Windows\system32\msiexec.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D60090400100000000F01FEC\InstallProperties]
"ModifyPath"="MsiExec.exe /I{90140000-006D-0409-1000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109D60090400100000000F01FEC\InstallProperties]
"UninstallString"="MsiExec.exe /I{90140000-006D-0409-1000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159070000000000000000F01FEC\InstallProperties]
"ModifyPath"="MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004159070000000000000000F01FEC\InstallProperties]
"UninstallString"="MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\032440EF5AC97F34B985A55C2AA8F133\InstallProperties]
"ModifyPath"="MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\032440EF5AC97F34B985A55C2AA8F133\InstallProperties]
"UninstallString"="MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0694AF70830BBE9498B1F95939A05A44\InstallProperties]
"ModifyPath"="MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0694AF70830BBE9498B1F95939A05A44\InstallProperties]
"UninstallString"="MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\076CFAAAB965F2A4284B2449E5D03EFE\InstallProperties]
"ModifyPath"="MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\076CFAAAB965F2A4284B2449E5D03EFE\InstallProperties]
"UninstallString"="MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F090D480F606B439751AFD4D54F890\InstallProperties]
"ModifyPath"="MsiExec.exe /X{4D090F70-6F08-4B60-9357-A1DFD4458F09}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\07F090D480F606B439751AFD4D54F890\InstallProperties]
"UninstallString"="MsiExec.exe /X{4D090F70-6F08-4B60-9357-A1DFD4458F09}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09699DDB14539164D9A2C3DD3B1EF5E9\InstallProperties]
"ModifyPath"="MsiExec.exe /I{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\09699DDB14539164D9A2C3DD3B1EF5E9\InstallProperties]
"UninstallString"="MsiExec.exe /I{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDAB98F913DE074084244E33E3A04B2\InstallProperties]
"ModifyPath"="MsiExec.exe /I{F89BADB0-D319-470E-8024-443EE3A3402B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0BDAB98F913DE074084244E33E3A04B2\InstallProperties]
"UninstallString"="MsiExec.exe /I{F89BADB0-D319-470E-8024-443EE3A3402B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1007C6B46D7C017319E3B52CF3EC196E\InstallProperties]
"ModifyPath"="MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1007C6B46D7C017319E3B52CF3EC196E\InstallProperties]
"UninstallString"="MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\11F12B5E3396B0E42AC597363E0CD711\InstallProperties]
"ModifyPath"="MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\11F12B5E3396B0E42AC597363E0CD711\InstallProperties]
"UninstallString"="MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\135E4638B39450B40814905DEC839B57\InstallProperties]
"ModifyPath"="MsiExec.exe /X{8364E531-493B-4B05-8041-09D5CE38B975}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\135E4638B39450B40814905DEC839B57\InstallProperties]
"UninstallString"="MsiExec.exe /X{8364E531-493B-4B05-8041-09D5CE38B975}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\19DBBBA25E197DA429A9EF511DCD5067\InstallProperties]
"ModifyPath"="MsiExec.exe /I{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\19DBBBA25E197DA429A9EF511DCD5067\InstallProperties]
"UninstallString"="MsiExec.exe /I{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1af2a8da7e60d0b429d7e6453b3d0182\InstallProperties]
"ModifyPath"="MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1af2a8da7e60d0b429d7e6453b3d0182\InstallProperties]
"UninstallString"="MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B\InstallProperties]
"ModifyPath"="MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D034B0FAA6BD374B960AAD30DF10D8B\InstallProperties]
"UninstallString"="MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D600147B2B733E42B0B38F182E2FE46\InstallProperties]
"ModifyPath"="MsiExec.exe /X{741006D1-7B2B-4E33-B2B0-831F282EEF64}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D600147B2B733E42B0B38F182E2FE46\InstallProperties]
"UninstallString"="MsiExec.exe /X{741006D1-7B2B-4E33-B2B0-831F282EEF64}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2350B7483E55FAA4D8B73E1A7ADC715E\InstallProperties]
"ModifyPath"="MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2350B7483E55FAA4D8B73E1A7ADC715E\InstallProperties]
"UninstallString"="MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\245057E7CB550034B8B7CAA267F24B53\InstallProperties]
"ModifyPath"="MsiExec.exe /X{7E750542-55BC-4300-8B7B-AC2A762FB435}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\245057E7CB550034B8B7CAA267F24B53\InstallProperties]
"UninstallString"="MsiExec.exe /X{7E750542-55BC-4300-8B7B-AC2A762FB435}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26CEF00243C306D4C98ECE73E2100CF8\InstallProperties]
"ModifyPath"="MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\26CEF00243C306D4C98ECE73E2100CF8\InstallProperties]
"UninstallString"="MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B0163E6D0340BE4183EB2758E9BEDD8\InstallProperties]
"ModifyPath"="MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B0163E6D0340BE4183EB2758E9BEDD8\InstallProperties]
"UninstallString"="MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C1A65825C073CE4FA7F5E5BE155032A\InstallProperties]
"ModifyPath"="MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C1A65825C073CE4FA7F5E5BE155032A\InstallProperties]
"UninstallString"="MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2D93B5A06DE79774CB9C733F1831D93B\InstallProperties]
"ModifyPath"="MsiExec.exe /I{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2D93B5A06DE79774CB9C733F1831D93B\InstallProperties]
"UninstallString"="MsiExec.exe /I{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31B3A53EDC877694A88CAAF9AD96E3ED\InstallProperties]
"ModifyPath"="MsiExec.exe /X{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\31B3A53EDC877694A88CAAF9AD96E3ED\InstallProperties]
"UninstallString"="MsiExec.exe /X{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\35B4170237CFC9F4697894BE32D7F67D\InstallProperties]
"ModifyPath"="MsiExec.exe /X{20714B53-FC73-4F9C-9687-49EB237D6FD7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\35B4170237CFC9F4697894BE32D7F67D\InstallProperties]
"UninstallString"="MsiExec.exe /X{20714B53-FC73-4F9C-9687-49EB237D6FD7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\389F20921C4BAB448BD5C5D6252E4C14\InstallProperties]
"ModifyPath"="MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\389F20921C4BAB448BD5C5D6252E4C14\InstallProperties]
"UninstallString"="MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\39805EA878A39344A97549E24DF31798\InstallProperties]
"ModifyPath"="MsiExec.exe /X{8AE50893-3A87-4439-9A57-942ED43F7189}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\39805EA878A39344A97549E24DF31798\InstallProperties]
"UninstallString"="MsiExec.exe /X{8AE50893-3A87-4439-9A57-942ED43F7189}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3D04254D3B6B9FF42B3445CE3E1E0066\InstallProperties]
"ModifyPath"="MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3D04254D3B6B9FF42B3445CE3E1E0066\InstallProperties]
"UninstallString"="MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3E2D8E8CA6FED1B40AE9B772BE2E3FEC\InstallProperties]
"ModifyPath"="MsiExec.exe /X{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3E2D8E8CA6FED1B40AE9B772BE2E3FEC\InstallProperties]
"UninstallString"="MsiExec.exe /X{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4314AE291D01A814191EA5403531A183\InstallProperties]
"ModifyPath"="MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4314AE291D01A814191EA5403531A183\InstallProperties]
"UninstallString"="MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\46B5A9879DD95AB419A50FCFA0B1B7EF\InstallProperties]
"ModifyPath"="MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\46B5A9879DD95AB419A50FCFA0B1B7EF\InstallProperties]
"UninstallString"="MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47DEC2193D88B5C4CA0B313281467956\InstallProperties]
"ModifyPath"="MsiExec.exe /I{912CED74-88D3-4C5B-ACB0-132318649765}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\47DEC2193D88B5C4CA0B313281467956\InstallProperties]
"UninstallString"="MsiExec.exe /I{912CED74-88D3-4C5B-ACB0-132318649765}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A4869755DDD3AC4E98AB77E9D95D34B\InstallProperties]
"ModifyPath"="MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A4869755DDD3AC4E98AB77E9D95D34B\InstallProperties]
"UninstallString"="MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A9D4F432C248434EB4F5E358C54947E\InstallProperties]
"ModifyPath"="MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4A9D4F432C248434EB4F5E358C54947E\InstallProperties]
"UninstallString"="MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E42866C3BBC1584BBF38EFC6D539032\InstallProperties]
"ModifyPath"="MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E42866C3BBC1584BBF38EFC6D539032\InstallProperties]
"UninstallString"="MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52744B0D6663D294EB6F85A741DBB99D\InstallProperties]
"ModifyPath"="MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\52744B0D6663D294EB6F85A741DBB99D\InstallProperties]
"UninstallString"="MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60EA627A3AAA1D34783E075F0113F440\InstallProperties]
"ModifyPath"="MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60EA627A3AAA1D34783E075F0113F440\InstallProperties]
"UninstallString"="MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6116D6C8427B0184F8D20D746E7B6DE8\InstallProperties]
"ModifyPath"="MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6116D6C8427B0184F8D20D746E7B6DE8\InstallProperties]
"UninstallString"="MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\InstallProperties]
"ModifyPath"="MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\67D6ECF5CD5FBA732B8B22BAC8DE1B4D\InstallProperties]
"UninstallString"="MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008120111403\InstallProperties]
"ModifyPath"="MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA408033019195008120111403\InstallProperties]
"UninstallString"="MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010\InstallProperties]
"ModifyPath"="MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010\InstallProperties]
"UninstallString"="MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6A262021B4A79884EA585F5E86D86338\InstallProperties]
"ModifyPath"="MsiExec.exe /I{120262A6-7A4B-4889-AE85-F5E5688D3683}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6A262021B4A79884EA585F5E86D86338\InstallProperties]
"UninstallString"="MsiExec.exe /I{120262A6-7A4B-4889-AE85-F5E5688D3683}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D85E53AF0A2150489B39743021833E8\InstallProperties]
"ModifyPath"="MsiExec.exe /X{A35E58D6-2A0F-4051-983B-79342081338E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D85E53AF0A2150489B39743021833E8\InstallProperties]
"UninstallString"="MsiExec.exe /X{A35E58D6-2A0F-4051-983B-79342081338E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D9CDFDD02248F14FBA9E857214CFE25\InstallProperties]
"ModifyPath"="MsiExec.exe /X{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D9CDFDD02248F14FBA9E857214CFE25\InstallProperties]
"UninstallString"="MsiExec.exe /X{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0\InstallProperties]
"ModifyPath"="MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0\InstallProperties]
"UninstallString"="MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\InstallProperties]
"ModifyPath"="MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8A266FCD4F2A1409E1C8110F44DBCE\InstallProperties]
"UninstallString"="MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6FD66A043D225B447A3D381B812A0CCD\InstallProperties]
"ModifyPath"="MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6FD66A043D225B447A3D381B812A0CCD\InstallProperties]
"UninstallString"="MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\701043F6AA9F6C745BC43C1AF91155F3\InstallProperties]
"ModifyPath"="MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\701043F6AA9F6C745BC43C1AF91155F3\InstallProperties]
"UninstallString"="MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\766F6333940964D4896BC447E3BE5C1B\InstallProperties]
"ModifyPath"="MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\766F6333940964D4896BC447E3BE5C1B\InstallProperties]
"UninstallString"="MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\775F634D5961F2D4B844CA679CE90020\InstallProperties]
"ModifyPath"="MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\775F634D5961F2D4B844CA679CE90020\InstallProperties]
"UninstallString"="MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B292C385A83B0447A137070E0186AF4\InstallProperties]
"ModifyPath"="MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B292C385A83B0447A137070E0186AF4\InstallProperties]
"UninstallString"="MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B65D4CC81F6B0747843BADC57CB4F1F\InstallProperties]
"ModifyPath"="MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7B65D4CC81F6B0747843BADC57CB4F1F\InstallProperties]
"UninstallString"="MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA\InstallProperties]
"ModifyPath"="MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7BD4C90EC03660F46A13E87A329932FA\InstallProperties]
"UninstallString"="MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E\InstallProperties]
"ModifyPath"="MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E0BA6F1DDC839B4A832AAE92BEFCF4E\InstallProperties]
"UninstallString"="MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7F80AB91827CC964A853FBDB6333EB80\InstallProperties]
"ModifyPath"="MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7F80AB91827CC964A853FBDB6333EB80\InstallProperties]
"UninstallString"="MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8456A20EEDF62E04E89D11D9D7E746F1\InstallProperties]
"ModifyPath"="MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8456A20EEDF62E04E89D11D9D7E746F1\InstallProperties]
"UninstallString"="MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\84b9c17023c712640acaf308593282f8\InstallProperties]
"ModifyPath"="MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\84b9c17023c712640acaf308593282f8\InstallProperties]
"UninstallString"="MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\88119C0AF88C68E4396EDCC7A9626694\InstallProperties]
"ModifyPath"="MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\88119C0AF88C68E4396EDCC7A9626694\InstallProperties]
"UninstallString"="MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883658EADAFA357418FD9DB6910D1AC7\InstallProperties]
"ModifyPath"="MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\883658EADAFA357418FD9DB6910D1AC7\InstallProperties]
"UninstallString"="MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8D4D77630E5ECF948BE66045C10FB0EB\InstallProperties]
"ModifyPath"="MsiExec.exe /I{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8D4D77630E5ECF948BE66045C10FB0EB\InstallProperties]
"UninstallString"="MsiExec.exe /I{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"ModifyPath"="MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E\InstallProperties]
"UninstallString"="MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E4CEE02C4D32E4782F5B46F1A1904E\InstallProperties]
"ModifyPath"="MsiExec.exe /X{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E4CEE02C4D32E4782F5B46F1A1904E\InstallProperties]
"UninstallString"="MsiExec.exe /X{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9578273A3D15389E9D1B5126F9CB1B43\InstallProperties]
"ModifyPath"="MsiExec.exe /X{A3728759-51D3-E983-D9B1-15629FBCB134}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9578273A3D15389E9D1B5126F9CB1B43\InstallProperties]
"UninstallString"="MsiExec.exe /X{A3728759-51D3-E983-D9B1-15629FBCB134}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\97B0E634BFC2F5E439081EC7B1520D5C\InstallProperties]
"ModifyPath"="MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\97B0E634BFC2F5E439081EC7B1520D5C\InstallProperties]
"UninstallString"="MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\998171E35710CC74484C65A2DC4D0C12\InstallProperties]
"ModifyPath"="MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\998171E35710CC74484C65A2DC4D0C12\InstallProperties]
"UninstallString"="MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9E20A97D317653346986AA7C74C4C0E0\InstallProperties]
"ModifyPath"="MsiExec.exe /X{D79A02E9-6713-4335-9668-AAC7474C0C0E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9E20A97D317653346986AA7C74C4C0E0\InstallProperties]
"UninstallString"="MsiExec.exe /X{D79A02E9-6713-4335-9668-AAC7474C0C0E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC\InstallProperties]
"ModifyPath"="MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC\InstallProperties]
"UninstallString"="MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A57765D93F393A44082948E08362ED03\InstallProperties]
"ModifyPath"="MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A57765D93F393A44082948E08362ED03\InstallProperties]
"UninstallString"="MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1\InstallProperties]
"ModifyPath"="MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A6C64DD86500CEF47BA082BB611A1FF1\InstallProperties]
"UninstallString"="MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A80BAB6866E535C4283E1C9E61377CAC\InstallProperties]
"ModifyPath"="MsiExec.exe /X{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A80BAB6866E535C4283E1C9E61377CAC\InstallProperties]
"UninstallString"="MsiExec.exe /X{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A889D6FD0AEE7724AA8B51E880E634B9\InstallProperties]
"ModifyPath"="MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A889D6FD0AEE7724AA8B51E880E634B9\InstallProperties]
"UninstallString"="MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB7FCEAAB38E01A478AEEDB033F37843\InstallProperties]
"ModifyPath"="MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB7FCEAAB38E01A478AEEDB033F37843\InstallProperties]
"UninstallString"="MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AF0E83B25A8DFBE40A813E1C8C7E2A2E\InstallProperties]
"ModifyPath"="MsiExec.exe /X{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AF0E83B25A8DFBE40A813E1C8C7E2A2E\InstallProperties]
"UninstallString"="MsiExec.exe /X{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B17E077734D20084C93BB5C6AABEBEAE\InstallProperties]
"ModifyPath"="MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B17E077734D20084C93BB5C6AABEBEAE\InstallProperties]
"UninstallString"="MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6ACDB9A3563B764CA384963D73AFB3E\InstallProperties]
"ModifyPath"="MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6ACDB9A3563B764CA384963D73AFB3E\InstallProperties]
"UninstallString"="MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6B00BF73486CE79EE6D87DBD65373A0\InstallProperties]
"ModifyPath"="MsiExec.exe /I{7FB00B6B-6843-97EC-EED6-78BD6D35370A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6B00BF73486CE79EE6D87DBD65373A0\InstallProperties]
"UninstallString"="MsiExec.exe /I{7FB00B6B-6843-97EC-EED6-78BD6D35370A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B846977CE014ABB47BB58551CBFE7ED1\InstallProperties]
"ModifyPath"="MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B846977CE014ABB47BB58551CBFE7ED1\InstallProperties]
"UninstallString"="MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAF5E720674195C4AA4B23FE82253099\InstallProperties]
"ModifyPath"="MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BAF5E720674195C4AA4B23FE82253099\InstallProperties]
"UninstallString"="MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73\InstallProperties]
"ModifyPath"="MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE4EBED704B66673BB53C5BB3C58AD73\InstallProperties]
"UninstallString"="MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BFF8CCA148D950C44AED2DA8B99C6189\InstallProperties]
"ModifyPath"="MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BFF8CCA148D950C44AED2DA8B99C6189\InstallProperties]
"UninstallString"="MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C173E5AD3336A8D3394AF65D2BB0CCE6\InstallProperties]
"ModifyPath"="MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C173E5AD3336A8D3394AF65D2BB0CCE6\InstallProperties]
"UninstallString"="MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a\InstallProperties]
"ModifyPath"="MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a\InstallProperties]
"UninstallString"="MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C2CBC2D34D56364478BABBC258C9F1E3\InstallProperties]
"ModifyPath"="MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C2CBC2D34D56364478BABBC258C9F1E3\InstallProperties]
"UninstallString"="MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C42CF3A20CE691545AB2DF4AAEB9D242\InstallProperties]
"ModifyPath"="MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C42CF3A20CE691545AB2DF4AAEB9D242\InstallProperties]
"UninstallString"="MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C48640079BD794D4C8EF7BB800C635CF\InstallProperties]
"ModifyPath"="MsiExec.exe /I{7004684C-7DB9-4D49-8CFE-B78B006C53FC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C48640079BD794D4C8EF7BB800C635CF\InstallProperties]
"UninstallString"="MsiExec.exe /I{7004684C-7DB9-4D49-8CFE-B78B006C53FC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C4E4AFE2F5B77F841A0CA18A287B9A3C\InstallProperties]
"ModifyPath"="MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C4E4AFE2F5B77F841A0CA18A287B9A3C\InstallProperties]
"UninstallString"="MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7BCDCEDCC85568419FA26F77989EF84\InstallProperties]
"ModifyPath"="MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7BCDCEDCC85568419FA26F77989EF84\InstallProperties]
"UninstallString"="MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CF454FAAAC2892F4BA13A60149587EE6\InstallProperties]
"ModifyPath"="MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CF454FAAAC2892F4BA13A60149587EE6\InstallProperties]
"UninstallString"="MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98\InstallProperties]
"ModifyPath"="MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CFD2C1F142D260E3CB8B271543DA9F98\InstallProperties]
"UninstallString"="MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D04BB691875110D32B98EBCF771AA1E1\InstallProperties]
"ModifyPath"="MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D04BB691875110D32B98EBCF771AA1E1\InstallProperties]
"UninstallString"="MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057\InstallProperties]
"ModifyPath"="MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057\InstallProperties]
"UninstallString"="MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D276F30548C6A844F8F8B43CA58C4314\InstallProperties]
"ModifyPath"="MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D276F30548C6A844F8F8B43CA58C4314\InstallProperties]
"UninstallString"="MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\InstallProperties]
"ModifyPath"="MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100\InstallProperties]
"UninstallString"="MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DAAE5ACC4F29A7B45BEE4192C466BA16\InstallProperties]
"ModifyPath"="MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DAAE5ACC4F29A7B45BEE4192C466BA16\InstallProperties]
"UninstallString"="MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DD70A43B7F6CA414EA3610104928AE0F\InstallProperties]
"ModifyPath"="MsiExec.exe /X{B34A07DD-C6F7-414A-AE63-01019482EAF0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DD70A43B7F6CA414EA3610104928AE0F\InstallProperties]
"UninstallString"="MsiExec.exe /X{B34A07DD-C6F7-414A-AE63-01019482EAF0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217\InstallProperties]
"ModifyPath"="MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DDA39468D428E8B4DB27C8D5DC5CA217\InstallProperties]
"UninstallString"="MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E08F45ADC1622A148A5545A941F4F295\InstallProperties]
"ModifyPath"="MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E08F45ADC1622A148A5545A941F4F295\InstallProperties]
"UninstallString"="MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4D1CD2475340CE38C0547CD038659F0\InstallProperties]
"ModifyPath"="MsiExec.exe /X{42DC1D4E-4357-3EC0-C850-74DC3068950F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4D1CD2475340CE38C0547CD038659F0\InstallProperties]
"UninstallString"="MsiExec.exe /X{42DC1D4E-4357-3EC0-C850-74DC3068950F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E7FF67E4ABEA78C47B88DC745E24B5D9\InstallProperties]
"ModifyPath"="MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E7FF67E4ABEA78C47B88DC745E24B5D9\InstallProperties]
"UninstallString"="MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E97A59ECCF4EFFF4A857920FB449F22F\InstallProperties]
"ModifyPath"="MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E97A59ECCF4EFFF4A857920FB449F22F\InstallProperties]
"UninstallString"="MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED0FAC38B3D873C46A13B2F861CE0313\InstallProperties]
"ModifyPath"="MsiExec.exe /I{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\ED0FAC38B3D873C46A13B2F861CE0313\InstallProperties]
"UninstallString"="MsiExec.exe /I{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EDEED656CA6FAC745A861A4B3EB47506\InstallProperties]
"ModifyPath"="MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EDEED656CA6FAC745A861A4B3EB47506\InstallProperties]
"UninstallString"="MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EEDB8CDDCACDD4042875E3D8B4874276\InstallProperties]
"ModifyPath"="MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EEDB8CDDCACDD4042875E3D8B4874276\InstallProperties]
"UninstallString"="MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC\InstallProperties]
"ModifyPath"="MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC\InstallProperties]
"UninstallString"="MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F132F0B0A6ECD384AA32773B467F9571\InstallProperties]
"ModifyPath"="MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F132F0B0A6ECD384AA32773B467F9571\InstallProperties]
"UninstallString"="MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4339ACB9C6B56F4A937CAA523A9D440\InstallProperties]
"ModifyPath"="MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4339ACB9C6B56F4A937CAA523A9D440\InstallProperties]
"UninstallString"="MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4E3B286A696ED244AC1C470AE61874B\InstallProperties]
"ModifyPath"="MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4E3B286A696ED244AC1C470AE61874B\InstallProperties]
"UninstallString"="MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties]
"ModifyPath"="MsiExec.exe /X{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties]
"UninstallString"="MsiExec.exe /X{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA9D7E5F6F0603A4783EE49AD423C21E\InstallProperties]
"ModifyPath"="MsiExec.exe /I{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FA9D7E5F6F0603A4783EE49AD423C21E\InstallProperties]
"UninstallString"="MsiExec.exe /I{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3340973777-658078649-2245101506-1000\Products\6DED2C82B5237CC489A371778C7FBFBA\InstallProperties]
"ModifyPath"="MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3340973777-658078649-2245101506-1000\Products\6DED2C82B5237CC489A371778C7FBFBA\InstallProperties]
"UninstallString"="MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3340973777-658078649-2245101506-1003\Products\61C1337379E302A4088DFB4BA30B2EBF\InstallProperties]
"ModifyPath"="MsiExec.exe /X{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3340973777-658078649-2245101506-1003\Products\61C1337379E302A4088DFB4BA30B2EBF\InstallProperties]
"UninstallString"="MsiExec.exe /X{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3340973777-658078649-2245101506-1003\Products\6DED2C82B5237CC489A371778C7FBFBA\InstallProperties]
"ModifyPath"="MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-3340973777-658078649-2245101506-1003\Products\6DED2C82B5237CC489A371778C7FBFBA\InstallProperties]
"UninstallString"="MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}]
"ModifyPath"="MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}]
"UninstallString"="MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}]
"ModifyPath"="MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{071c9b48-7c32-4621-a0ac-3f809523288f}]
"UninstallString"="MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}]
"ModifyPath"="MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}]
"UninstallString"="MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}]
"ModifyPath"="MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}]
"UninstallString"="MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}]
"ModifyPath"="MsiExec.exe /I{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}]
"UninstallString"="MsiExec.exe /I{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{42DC1D4E-4357-3EC0-C850-74DC3068950F}]
"ModifyPath"="MsiExec.exe /X{42DC1D4E-4357-3EC0-C850-74DC3068950F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{42DC1D4E-4357-3EC0-C850-74DC3068950F}]
"UninstallString"="MsiExec.exe /X{42DC1D4E-4357-3EC0-C850-74DC3068950F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}]
"ModifyPath"="MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}]
"UninstallString"="MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}]
"ModifyPath"="MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}]
"UninstallString"="MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
"ModifyPath"="MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
"UninstallString"="MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
"ModifyPath"="MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
"UninstallString"="MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}]
"UninstallString"="msiexec /q/x{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}]
"ModifyPath"="MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}]
"UninstallString"="MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
"ModifyPath"="MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
"UninstallString"="MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6ECDAC2F-12C1-E49B-448E-6002368967E0}]
"ModifyPath"="MsiExec.exe /X{6ECDAC2F-12C1-E49B-448E-6002368967E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6ECDAC2F-12C1-E49B-448E-6002368967E0}]
"UninstallString"="MsiExec.exe /X{6ECDAC2F-12C1-E49B-448E-6002368967E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}]
"ModifyPath"="MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}]
"UninstallString"="MsiExec.exe /X{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
"ModifyPath"="MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
"UninstallString"="MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}]
"ModifyPath"="MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}]
"UninstallString"="MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
"ModifyPath"="MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
"UninstallString"="MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006D-0409-1000-0000000FF1CE}]
"ModifyPath"="MsiExec.exe /I{90140000-006D-0409-1000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006D-0409-1000-0000000FF1CE}]
"UninstallString"="MsiExec.exe /I{90140000-006D-0409-1000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3728759-51D3-E983-D9B1-15629FBCB134}]
"ModifyPath"="MsiExec.exe /X{A3728759-51D3-E983-D9B1-15629FBCB134}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A3728759-51D3-E983-D9B1-15629FBCB134}]
"UninstallString"="MsiExec.exe /X{A3728759-51D3-E983-D9B1-15629FBCB134}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
"ModifyPath"="MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}]
"UninstallString"="MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B34A07DD-C6F7-414A-AE63-01019482EAF0}]
"ModifyPath"="MsiExec.exe /X{B34A07DD-C6F7-414A-AE63-01019482EAF0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B34A07DD-C6F7-414A-AE63-01019482EAF0}]
"UninstallString"="MsiExec.exe /X{B34A07DD-C6F7-414A-AE63-01019482EAF0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}]
"ModifyPath"="MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}]
"UninstallString"="MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}]
"ModifyPath"="MsiExec.exe /I{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}]
"UninstallString"="MsiExec.exe /I{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}]
"ModifyPath"="MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}]
"UninstallString"="MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D79A02E9-6713-4335-9668-AAC7474C0C0E}]
"ModifyPath"="MsiExec.exe /X{D79A02E9-6713-4335-9668-AAC7474C0C0E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D79A02E9-6713-4335-9668-AAC7474C0C0E}]
"UninstallString"="MsiExec.exe /X{D79A02E9-6713-4335-9668-AAC7474C0C0E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}]
"ModifyPath"="MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}]
"UninstallString"="MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}]
"ModifyPath"="MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}]
"UninstallString"="MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}]
"ModifyPath"="MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}]
"UninstallString"="MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}]
"ModifyPath"="MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}]
"UninstallString"="MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}"
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 8th, 2015, 11:57 pm

SYSTEMLOOK was too large for 1 post, so I split it.



[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\AMD APP SDK Runtime]
"RepairString"="msiexec /fams {503F672D-6C84-448A-8F8F-4BC35AC83441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\AMD APP SDK Runtime]
"UninstallString"="msiexec /q/x{503F672D-6C84-448A-8F8F-4BC35AC83441} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\AMD Media Foundation Decoders]
"UninstallString"="msiexec /q/x{A3728759-51D3-E983-D9B1-15629FBCB134} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\AMD Media Foundation Decoders]
"RepairString"="msiexec /fams {A3728759-51D3-E983-D9B1-15629FBCB134}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ATI Catalyst Install Manager]
"RepairString"="msiexec /fams {601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ATI Catalyst Install Manager]
"UninstallString"="msiexec /q/x{601B10F8-06B0-2EB1-CCAD-C3F7D7E32FD1} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-05-core-static]
"RepairString"="msiexec /fams {A1BEDE0F-F0BC-D1AB-FDEF-534C3C330484}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-05-core-static]
"UninstallString"="msiexec /q/x{A1BEDE0F-F0BC-D1AB-FDEF-534C3C330484} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-30-graphics-previews-common]
"RepairString"="msiexec /fams {1502F427-F988-C5A0-DC84-BB03C560F72A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-30-graphics-previews-common]
"UninstallString"="msiexec /q/x{1502F427-F988-C5A0-DC84-BB03C560F72A} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-cs]
"RepairString"="msiexec /fams {5A71D24C-F270-DBD7-8A16-3724A0D6C578}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-cs]
"UninstallString"="msiexec /q/x{5A71D24C-F270-DBD7-8A16-3724A0D6C578} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-da]
"RepairString"="msiexec /fams {31268F66-FCBD-D7DE-C4E1-9212DAAB0902}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-da]
"UninstallString"="msiexec /q/x{31268F66-FCBD-D7DE-C4E1-9212DAAB0902} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-de]
"RepairString"="msiexec /fams {AD3106C0-2A5D-347F-8BD5-B8A0F8AF3D9F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-de]
"UninstallString"="msiexec /q/x{AD3106C0-2A5D-347F-8BD5-B8A0F8AF3D9F} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-el]
"RepairString"="msiexec /fams {FC49484F-0FCB-F096-28B6-E2EDDB05582C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-el]
"UninstallString"="msiexec /q/x{FC49484F-0FCB-F096-28B6-E2EDDB05582C} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-en-US]
"RepairString"="msiexec /fams {10275199-ED06-3ACA-2500-800238E02713}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-en-US]
"UninstallString"="msiexec /q/x{10275199-ED06-3ACA-2500-800238E02713} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-es]
"RepairString"="msiexec /fams {E66FD60C-5873-1904-4A00-726D8EAA0A19}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-es]
"UninstallString"="msiexec /q/x{E66FD60C-5873-1904-4A00-726D8EAA0A19} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-fi]
"RepairString"="msiexec /fams {09E09088-C027-8C6D-24D6-E864B7EFD0C7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-fi]
"UninstallString"="msiexec /q/x{09E09088-C027-8C6D-24D6-E864B7EFD0C7} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-fr]
"RepairString"="msiexec /fams {23A6EFAC-F45F-76B3-0A7E-A2725502EF5C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-fr]
"UninstallString"="msiexec /q/x{23A6EFAC-F45F-76B3-0A7E-A2725502EF5C} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-hu]
"RepairString"="msiexec /fams {E7190BDA-4614-0373-C5EF-CDF08705A48C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-hu]
"UninstallString"="msiexec /q/x{E7190BDA-4614-0373-C5EF-CDF08705A48C} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-it]
"RepairString"="msiexec /fams {490F177A-CBFB-CDD8-6999-B2FBB43DB65F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-it]
"UninstallString"="msiexec /q/x{490F177A-CBFB-CDD8-6999-B2FBB43DB65F} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-ja]
"RepairString"="msiexec /fams {DBA2460A-94C2-A5BF-335E-F10597F316E9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-ja]
"UninstallString"="msiexec /q/x{DBA2460A-94C2-A5BF-335E-F10597F316E9} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-ko]
"RepairString"="msiexec /fams {64F49FEA-46A4-E0EA-36E0-E7792DB29302}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-ko]
"UninstallString"="msiexec /q/x{64F49FEA-46A4-E0EA-36E0-E7792DB29302} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-nl]
"RepairString"="msiexec /fams {61994F21-7B1A-C59D-AE19-C65B3B28372F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-nl]
"UninstallString"="msiexec /q/x{61994F21-7B1A-C59D-AE19-C65B3B28372F} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-no]
"RepairString"="msiexec /fams {13BBAD29-D5CC-3FB1-4D32-42CD55835BA8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-no]
"UninstallString"="msiexec /q/x{13BBAD29-D5CC-3FB1-4D32-42CD55835BA8} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-pl]
"RepairString"="msiexec /fams {132C4D55-82C9-AC7E-6A11-42E6C54DC882}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-pl]
"UninstallString"="msiexec /q/x{132C4D55-82C9-AC7E-6A11-42E6C54DC882} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-pt-BR]
"RepairString"="msiexec /fams {8B6AFB6D-0D8D-C49F-F103-60AB9DB81447}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-pt-BR]
"UninstallString"="msiexec /q/x{8B6AFB6D-0D8D-C49F-F103-60AB9DB81447} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-ru]
"RepairString"="msiexec /fams {135F7D3A-C932-7BC2-F658-E5988517257B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-ru]
"UninstallString"="msiexec /q/x{135F7D3A-C932-7BC2-F658-E5988517257B} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-sv]
"RepairString"="msiexec /fams {50D91C29-5AB6-3DCD-8338-C9A7ABF44B33}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-sv]
"UninstallString"="msiexec /q/x{50D91C29-5AB6-3DCD-8338-C9A7ABF44B33} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-th]
"RepairString"="msiexec /fams {0FB54E7B-E864-F741-A13A-7E682891B31C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-th]
"UninstallString"="msiexec /q/x{0FB54E7B-E864-F741-A13A-7E682891B31C} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-tr]
"RepairString"="msiexec /fams {0AA432F3-7761-8DEA-CCE4-0BA1D1D89910}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-tr]
"UninstallString"="msiexec /q/x{0AA432F3-7761-8DEA-CCE4-0BA1D1D89910} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-zh-CHS]
"RepairString"="msiexec /fams {9A296A4E-7899-5943-DFE6-7BD10DBEFC6F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-zh-CHS]
"UninstallString"="msiexec /q/x{9A296A4E-7899-5943-DFE6-7BD10DBEFC6F} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-zh-CHT]
"RepairString"="msiexec /fams {0A8DB8CA-F3B3-E5D1-F3FD-2FF28C7853F7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-45-help-zh-CHT]
"UninstallString"="msiexec /q/x{0A8DB8CA-F3B3-E5D1-F3FD-2FF28C7853F7} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-60-utility64]
"RepairString"="msiexec /fams {05443FF3-D54B-2240-7546-73D96B7A63AE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-60-utility64]
"UninstallString"="msiexec /q/x{05443FF3-D54B-2240-7546-73D96B7A63AE} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-All]
"RepairString"="msiexec /fams {1B10CC52-40C5-3B2F-FB65-7AF2437695EF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-All]
"UninstallString"="msiexec /q/x{1B10CC52-40C5-3B2F-FB65-7AF2437695EF} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-branding]
"RepairString"="msiexec /fams {7004684C-7DB9-4D49-8CFE-B78B006C53FC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ccc-branding]
"UninstallString"="msiexec /q/x{7004684C-7DB9-4D49-8CFE-B78B006C53FC} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\SteadyVideo64]
"RepairString"="msiexec /fams {6ECDAC2F-12C1-E49B-448E-6002368967E0}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\SteadyVideo64]
"UninstallString"="msiexec /q/x{6ECDAC2F-12C1-E49B-448E-6002368967E0} REBOOT=ReallySuppress"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\CPC\SmartCenter]
"BackupUninstallString2"="MsiExec.exe /X{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
"StubPath"="msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FileAssociation]
"AddRemoveApps"="SETUP.EXE;INSTALL.EXE;ISUNINST.EXE;UNWISE.EXE;UNWISE32.EXE;ST5UNST.EXE;MSOOBE.EXE;LNKSTUB.EXE;CONTROL.EXE;WERFAULT.EXE;WLRMDR.EXE;GUESTMODEMSG.EXE;MSIEXEC.EXE;DFSVC.EXE;WUAPP.EXE;"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ZinioReader4]
"UninstallString"="msiexec /qb /x {7FB00B6B-6843-97EC-EED6-78BD6D35370A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}]
"ModifyPath"="MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}]
"UninstallString"="MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}]
"ModifyPath"="MsiExec.exe /I{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}]
"UninstallString"="MsiExec.exe /I{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
"ModifyPath"="MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
"UninstallString"="MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}]
"ModifyPath"="MsiExec.exe /X{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}]
"UninstallString"="MsiExec.exe /X{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{120262A6-7A4B-4889-AE85-F5E5688D3683}]
"ModifyPath"="MsiExec.exe /I{120262A6-7A4B-4889-AE85-F5E5688D3683}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{120262A6-7A4B-4889-AE85-F5E5688D3683}]
"UninstallString"="MsiExec.exe /I{120262A6-7A4B-4889-AE85-F5E5688D3683}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}]
"ModifyPath"="MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}]
"UninstallString"="MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}]
"ModifyPath"="MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{19BA08F7-C728-469C-8A35-BFBD3633BE08}]
"UninstallString"="MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
"ModifyPath"="MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
"UninstallString"="MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}]
"ModifyPath"="MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}]
"UninstallString"="MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
"ModifyPath"="MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
"UninstallString"="MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20714B53-FC73-4F9C-9687-49EB237D6FD7}]
"ModifyPath"="MsiExec.exe /X{20714B53-FC73-4F9C-9687-49EB237D6FD7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20714B53-FC73-4F9C-9687-49EB237D6FD7}]
"UninstallCMD"="MsiExec.exe /X{20714B53-FC73-4F9C-9687-49EB237D6FD7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]
"ModifyPath"="MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}]
"UninstallString"="MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}]
"ModifyPath"="MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}]
"UninstallString"="MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}]
"ModifyPath"="MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}]
"UninstallString"="MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}]
"ModifyPath"="MsiExec.exe /X{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}]
"UninstallString"="MsiExec.exe /X{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}]
"ModifyPath"="MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}]
"UninstallString"="MsiExec.exe /X{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
"ModifyPath"="MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
"UninstallString"="MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}]
"ModifyPath"="MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{34F4D9A4-42C2-4348-BEF4-E553C84549E7}]
"UninstallString"="MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}]
"ModifyPath"="MsiExec.exe /I{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}]
"UninstallString"="MsiExec.exe /I{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}]
"ModifyPath"="MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}]
"UninstallString"="MsiExec.exe /I{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E171899-0175-47CC-84C4-562ACDD4C021}]
"ModifyPath"="MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E171899-0175-47CC-84C4-562ACDD4C021}]
"UninstallString"="MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}]
"ModifyPath"="MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}]
"UninstallString"="MsiExec.exe /X{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D090F70-6F08-4B60-9357-A1DFD4458F09}]
"ModifyPath"="MsiExec.exe /X{4D090F70-6F08-4B60-9357-A1DFD4458F09}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4D090F70-6F08-4B60-9357-A1DFD4458F09}]
"UninstallString"="MsiExec.exe /X{4D090F70-6F08-4B60-9357-A1DFD4458F09}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}]
"ModifyPath"="MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}]
"UninstallString"="MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}]
"ModifyPath"="MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}]
"UninstallString"="MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
"ModifyPath"="MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}]
"UninstallString"="MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
"ModifyPath"="MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
"UninstallString"="MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}]
"ModifyPath"="MsiExec.exe /X{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}]
"UninstallString"="MsiExec.exe /X{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}]
"ModifyPath"="MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6F340107-F9AA-47C6-B54C-C3A19F11553F}]
"UninstallString"="MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7004684C-7DB9-4D49-8CFE-B78B006C53FC}]
"ModifyPath"="MsiExec.exe /I{7004684C-7DB9-4D49-8CFE-B78B006C53FC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7004684C-7DB9-4D49-8CFE-B78B006C53FC}]
"UninstallString"="MsiExec.exe /I{7004684C-7DB9-4D49-8CFE-B78B006C53FC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
"ModifyPath"="MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
"UninstallString"="MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{741006D1-7B2B-4E33-B2B0-831F282EEF64}]
"ModifyPath"="MsiExec.exe /X{741006D1-7B2B-4E33-B2B0-831F282EEF64}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{741006D1-7B2B-4E33-B2B0-831F282EEF64}]
"UninstallString"="MsiExec.exe /X{741006D1-7B2B-4E33-B2B0-831F282EEF64}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}]
"ModifyPath"="MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}]
"UninstallString"="MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
"ModifyPath"="MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
"UninstallString"="MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E750542-55BC-4300-8B7B-AC2A762FB435}]
"ModifyPath"="MsiExec.exe /X{7E750542-55BC-4300-8B7B-AC2A762FB435}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7E750542-55BC-4300-8B7B-AC2A762FB435}]
"UninstallString"="MsiExec.exe /X{7E750542-55BC-4300-8B7B-AC2A762FB435}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}]
"ModifyPath"="MsiExec.exe /I{7FB00B6B-6843-97EC-EED6-78BD6D35370A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7FB00B6B-6843-97EC-EED6-78BD6D35370A}]
"UninstallString"="MsiExec.exe /I{7FB00B6B-6843-97EC-EED6-78BD6D35370A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8364E531-493B-4B05-8041-09D5CE38B975}]
"ModifyPath"="MsiExec.exe /X{8364E531-493B-4B05-8041-09D5CE38B975}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8364E531-493B-4B05-8041-09D5CE38B975}]
"UninstallString"="MsiExec.exe /X{8364E531-493B-4B05-8041-09D5CE38B975}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}]
"ModifyPath"="MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}]
"UninstallString"="MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}]
"ModifyPath"="MsiExec.exe /I{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}]
"UninstallString"="MsiExec.exe /I{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
"ModifyPath"="MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}]
"UninstallString"="MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}]
"ModifyPath"="MsiExec.exe /X{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}]
"UninstallString"="MsiExec.exe /X{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8AE50893-3A87-4439-9A57-942ED43F7189}]
"ModifyPath"="MsiExec.exe /X{8AE50893-3A87-4439-9A57-942ED43F7189}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8AE50893-3A87-4439-9A57-942ED43F7189}]
"UninstallCMD"="MsiExec.exe /X{8AE50893-3A87-4439-9A57-942ED43F7189}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}]
"ModifyPath"="MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}]
"UninstallString"="MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
"ModifyPath"="MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
"UninstallString"="MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{912CED74-88D3-4C5B-ACB0-132318649765}]
"ModifyPath"="MsiExec.exe /I{912CED74-88D3-4C5B-ACB0-132318649765}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{912CED74-88D3-4C5B-ACB0-132318649765}]
"UninstallString"="MsiExec.exe /I{912CED74-88D3-4C5B-ACB0-132318649765}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
"ModifyPath"="MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
"UninstallString"="MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95140000-0070-0000-0000-0000000FF1CE}]
"ModifyPath"="MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95140000-0070-0000-0000-0000000FF1CE}]
"UninstallString"="MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
"ModifyPath"="MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
"UninstallString"="MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
"ModifyPath"="MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
"UninstallString"="MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}]
"ModifyPath"="MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}]
"UninstallString"="MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C91188-C88F-4E86-93E6-CD7C9A266649}]
"ModifyPath"="MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C91188-C88F-4E86-93E6-CD7C9A266649}]
"UninstallString"="MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A35E58D6-2A0F-4051-983B-79342081338E}]
"ModifyPath"="MsiExec.exe /X{A35E58D6-2A0F-4051-983B-79342081338E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A35E58D6-2A0F-4051-983B-79342081338E}]
"UninstallString"="MsiExec.exe /X{A35E58D6-2A0F-4051-983B-79342081338E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}]
"ModifyPath"="MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}]
"UninstallString"="MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"ModifyPath"="MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"UninstallString"="MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
"ModifyPath"="MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
"UninstallString"="MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}]
"ModifyPath"="MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}]
"UninstallString"="MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}]
"ModifyPath"="MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}]
"UninstallString"="MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAF454FC-82CA-4F29-AB31-6A109485E76E}]
"ModifyPath"="MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAF454FC-82CA-4F29-AB31-6A109485E76E}]
"UninstallString"="MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001802114130}]
"ModifyPath"="MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001802114130}]
"UninstallString"="MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
"ModifyPath"="MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}]
"UninstallString"="MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE856388-AFAD-4753-81DF-D96B19D0A17C}]
"ModifyPath"="MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AE856388-AFAD-4753-81DF-D96B19D0A17C}]
"UninstallString"="MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}]
"ModifyPath"="MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C66824E4-CBB3-4851-BB3F-E8CFD6350923}]
"UninstallString"="MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C779648B-410E-4BBA-B75B-5815BCEFE71D}]
"ModifyPath"="MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C779648B-410E-4BBA-B75B-5815BCEFE71D}]
"UninstallString"="MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}]
"ModifyPath"="MsiExec.exe /X{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}]
"UninstallString"="MsiExec.exe /X{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}]
"ModifyPath"="MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}]
"UninstallString"="MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
"ModifyPath"="MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
"UninstallString"="MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
"ModifyPath"="MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
"UninstallString"="MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}]
"ModifyPath"="MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D436F577-1695-4D2F-8B44-AC76C99E0002}]
"UninstallString"="MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
"ModifyPath"="MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
"UninstallString"="MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}]
"ModifyPath"="MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}]
"UninstallString"="MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}]
"ModifyPath"="MsiExec.exe /X{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}]
"BackupUninstallString"="MsiExec.exe /X{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}]
"ModifyPath"="MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}]
"UninstallString"="MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
"ModifyPath"="MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
"UninstallString"="MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}]
"ModifyPath"="MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}]
"UninstallString"="MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}]
"ModifyPath"="MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}]
"UninstallString"="MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
"ModifyPath"="MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}]
"UninstallString"="MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
"ModifyPath"="MsiExec.exe /I{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}]
"UninstallString"="MsiExec.exe /I{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
"ModifyPath"="MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}]
"UninstallString"="MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F89BADB0-D319-470E-8024-443EE3A3402B}]
"ModifyPath"="MsiExec.exe /I{F89BADB0-D319-470E-8024-443EE3A3402B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F89BADB0-D319-470E-8024-443EE3A3402B}]
"UninstallString"="MsiExec.exe /I{F89BADB0-D319-470E-8024-443EE3A3402B}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}]
"ModifyPath"="MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}]
"UninstallString"="MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live\Messenger]
"RollbackCommand"="msiexec.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Live Mail]
"RollbackCommand"="msiexec.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Mail\Windows Live Mail\InstallInfo]
"ReinstallCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible MAILDEFAULT=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Mail\Windows Live Mail\InstallInfo]
"HideIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailVisible ADDLOCAL=WinMailInvisible"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Mail\Windows Live Mail\InstallInfo]
"ShowIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\News\Windows Live Mail\InstallInfo]
"ReinstallCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible MAILDEFAULT=1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\News\Windows Live Mail\InstallInfo]
"HideIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailVisible ADDLOCAL=WinMailInvisible"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\News\Windows Live Mail\InstallInfo]
"ShowIconsCommand"=""%SYSTEMROOT%\system32\msiexec.exe" /qn /i {9D56775A-93F3-44A3-8092-840E3826DE30} REMOVE=WinMailInvisible ADDLOCAL=WinMailVisible"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

Searching for "WidgiHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\WidgiHelper.exe"

Searching for "ytd"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\YTD]
[HKEY_CURRENT_USER\Software\YTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF74FB2A-DBB2-4c8d-9C8E-0424AB05C810}]
@="DolbyTDAS Class (Analog)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE]
"ProductName"="YTD Toolbar v7.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\SourceList]
"PackageName"="ytdToolbar.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\Res\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\Res\Lang\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\FF\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\FF\chrome\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\FF\components\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\IE\7.3\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\YTD Toolbar\IE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\IE\7.3\ytdToolbarIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\Res\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32D4A297F6AED6742B2145BE6366CEC6]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C?\Program Files (x86)\YTD Toolbar\FF\install.rdf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3447DED66EC95FF47A6AA9C870109940]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C?\Program Files (x86)\YTD Toolbar\FF\chrome.manifest"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\934A25CC6B7E2BC45B7BC1D4DD74ABB8]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\FF\components\ytdToolbarFF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\WidgiHelper.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\YTD Toolbar\Res\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC545A72D9A764244B9F62BBCCF160EE]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C?\Program Files (x86)\YTD Toolbar\FF\chrome\chrome.jar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\19DBBBA25E197DA429A9EF511DCD5067\Features]
"iTunes"="jQ9jsb5r0@]6YQx=3485p[-tfn}en=MCS'sfb@bLVyj3mic$?9V0w]z[By,PU2[p=n+7YA(D~CnWx3g?=FFgr@Ojd8}`2h98(`S()h9idqIdW@lZECy0u$GyoPtypKSZn9K6Ho@?kX_GK8dP]zE9h(itBN.,$wkRzH`dut%m`92mul1OT?0SVPQzF2_U293&Qcg]4[lad}*VFucD_@~4xI8Km@ufEH]pPD6Hr?f'VlgR&KeqM5pfL_Ktg(l*d=J%lrLW@Tl9soU]r=kj0f@?}RQ!'TZx.qM]h()CG2$u3MzY@V[zER4cO9nDwowDX%}t_pGGkZzLh9r3NU)LvJSVSkCIHffW`@Xg7l2d2''UpAf$J@wDf8V9q`6A+SeB0L0c.J.Pt?p^g$mCOr5oIKX?ycJN2=mHXlE}mM%'dFsVxY,_3?t3axt)YZJAZ[Il'f`C.?a~f-xmu.JuEkcIr]70~98ufRSxITDzxP.VL$)iq8+K=9$3,hx?VzO*_2dt,Ai@SrsbWH*hv9h@VbudQ9Vm(S-yyVM7+1*w%l]Cz=}Cm?t^oWW7!Es`1i3ph@CdCJWfQ``wmVun,Wme2@8=tSt7),`PjUmpC=k2`A8%19C]2_O4DdyzU_7l)?fgWNHc5QLt)='[Ll4y!@YV`riTeol&7rMC+vAJh(2`uG'-lVnY3!nmMupd^?Wl^BAMmje(GseJ3%dyV9_6Eha8hfVzI.=?_w*3]9wpw2TNA2j!MR(K&gwxF?)-tP6upAq$tKr@[J(-.Ey,4(RMTE$,2s9yT=&oJ?p(@S+mRqFecx{VnRa{L=1Pkrz@ZLQFDEZrMy!E19.Iikyt+X!56yhKIN5]a=v?Vp@]3L7xry2a86}Bj8o
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3E2D8E8CA6FED1B40AE9B772BE2E3FEC\Features]
"Complete"="f'sYWjEny=q_J+uwq(NN=(QmdAaZMA^U8(Di7ix=K(VzNBi!5=NiM4ER$O6($'M*X+?Wp9+'_L?kB84g)salmVB5y9Emv5Ob,.iW*e*3[G^J4=PPvG,H]Iq[kB0(Pba~D9.b!xMt)5!a.$a?7ebJ,=CB1zR{mc7Zypi&(PUi!?)3XAY=hTH_QP~dXQ+DW95`0P^p?b,GFZGi)5(+1@^hobK0B4d,(8PsJW~w+9kn2P3bKg'YMH`PGhU8}@w6I9PO^TQn}pExuaz]$9SPT'Cf=y'ILM3{]yd{5@^O}XZPSs5c]03}m}Nm[?X*xyu2}'{!m!&WXyjx9@1gU$wN+rl$~sTVLcnXt82b=`81aQjhsj3~f_@7QABY*]uGdx(7$ag)a)cXQ=_6f%]{DT@7O*(^,Iz)b9xzUq'-aVo(,is5t%{H~8dA~685H].d9Rx.V!q[DA@BQYJAj)REY[$.&-08!@L=xP2]`CBtT7d{fd)?5AwL(h8%_kqEck~iCvcMA?*)67]rx^h819Sg(.cx[@KhB1aZl%+%m{8`g1RLh?~Zi4xky'Y_%2$xVSSL`?LOBd&GI1B)0DCTB9Dw%?q*W(V2xZ9]cR8tO&opU@$2d^$ES3[mH*mnS[r$8A{'g?LY+dF'}%jp'w_}R9_+E&Mc,9`!ZsSgp=g^H@w,BrgR,Q~]ytVDuEe11?jMeLe[7qDSnjV{3BlR_A]&0*NG61+Zak0,cEHsQ@d@k2^g@GKG[paUdESm'@Sb`'C=Rc-NmztB4.,4a?)g)mqD9rK&?41*J~PDg@pdsx`2t%M^(8cnmlm{2@xdg&4(uP]FkFNZB$%}3=_bz88w'yIIb%kq]s{~6@{&@s%T+g[Oe3-}vq@?,
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA73301B744BA0000000010\Features]
"ReaderProgramFiles"="._FU*(*_2@0slVZ*5.z_v-]SdHa@k@=nH}PCv=bB50bJl4chS@.CFU=z7XY9b=194Dy`K@s.h4d@le2hu+bKa)B~TAV?e@vJ4`k3fWDK6Qbnd93&(S^FJi40_QYe0sBt??CX%pr$P[^p%Dr=J5G.3@B[o!jMLkHhI[PPih36KA!7MB!^J,R&.xeodI0a9?*PwJ9PAh$$5JiDH@eh99k.)~2E+oT*s5KOXX(Tx@O9it$PYp0%jk{+A~6N{9`DgK-3r%I'p5H~36!nc@e2YLT4GPl[JdnnNi-d?AjlR&UdQ%RRn=B1Z`VZ%@3r?8ZtrD7qUN,X=YFYQ?,&G1Mb?F?s*iv+yATUy8JF$5xzgV35v-JpP%J!N@1sI*A^'am)TAAcE^xSl=6]*iWU}_4Bqf1%AM?J%@XU0gul@$1X2w5jd-GZz?h}Lfo5YWDG,R@)]PIv{8Kg?Tjg3)dqD^1GS5(b99mWRS24Xr5ybfc2Q[$K^?4u?3%1C&QK8pVC=,wIs9B+Owz0mED3H5s^n,Q~@@GK8CTMTal(gl75uP^qD=cUtj+4]v4i]c6?skucQ?R1YF3gM`d[C?OaVN&E}8!+o8IP}@y^P}a,0_Q]FA!pRKKOv=cNu8w$9U3=]@nB*1`sW$d_+I_q9xm5l@5fj[hX8tk)0=J[O`v^9=_qKwW[nRoe-9)'z0'GX?9nMWL]C3*w)yaokOVQZ9T-Dto=@fKY*Ha*n,@RL9M&Axn4={nnTSp[-gRtTA==]p?,NP9=-X?LDM71+@qP?h+'SxpL[nIX?V7zP?.^b^v{2x_r$GtTiU[Dl@5b.-!NAFUaJDcb&69~N?vrX$oHDCU(ip{$(8(+b?3!_Gw`F~J
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\85D8CC9AF7931424687C453672E4B980\Features]
"Scan"="7y)eW8l7_eO9MkbIdFwUpR^pXI`Quoe8MkbIdFwU7y)eW8l7_e?9MkbIdFwU!~]pXJ~Quo*9MkbIdFwU!~]pXJ~Quou8MkbIdFwUpR^pXI`Quou8MkbIdFwUpR^pXI`Quo*9MkbIdFwU53^pXAtQuou8MkbIdFwU53^pXAtQuo*9MkbIdFwU6k}pHLH$SDe8MkbIdFwUH=}pHMf$SD*9MkbIdFwU6k}pHLH$SD*9MkbIdFwUYN}pHD]$SD*9MkbIdFwU%9YbWIfIbe?9MkbIdFwU_j0,Y]s!Soe8MkbIdFwUm90,Y^6$Sou8MkbIdFwUm90,Y^6$So*9MkbIdFwU_j0,Y]s!Sou8MkbIdFwU_j0,Y]s!So*9MkbIdFwU!N0,YT,$So*9MkbIdFwU!N0,YT,$Sou8MkbIdFwUaZO,H*K2`Ee8MkbIdFwUo)O,H+i2`E*9MkbIdFwUaZO,H*K2`E*9MkbIdFwU%?O,H~_2`E*9MkbIdFwU4080g{z%AA,v[1C4vxrM_Fq?y,vU)Al=YzpK.-l'09Dl080d%=azO0'XPga8kp*^uo1%'=5)*4X*vJ!P@+*)01n'PAK.4u*Nn*cz8aFWpWb4t?8(Vh0n}j$1'igjHCcB_@.^cYF0=bhm*[SBXEzr&@M[RTJ85VT8'$),hi(D.AexK_D*wlc3N93XC+V5a=v!iKZ`}~},5%sT0ETS^A9k4r3Q}?AGf2^A+@&^c=oGeGRo.7TCnL+$vY,s^9W~ip+m~F+bkk$z*]c9Q9*RN^cG$9^VEbU2I4H@x=vm3IO{DQofQCpz_^oD`8ttARjmmg0@}E*CT6t*&?cb!)IRpCVWZ@~FWLz2s?WL16-elj)9E_7+t6kZZ=$TB
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties]
"InstallLocation"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties]
"DisplayName"="YTD Toolbar v7.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GeniusBox]
"ptn"="geniusbox-spigot-ytd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GeniusBox]
"implementationid"="geniusbox-spigot-ytd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}]
"InstallLocation"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}]
"DisplayName"="YTD Toolbar v7.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
"serverURL"="http://ytd.mybrowserbar.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
"partnerName"="YTD"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
"partnerNameSafe"="ytd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
"ffext_path"="C:\Program Files (x86)\YTD Toolbar\FF\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
"installDir"="C:\Program Files (x86)\YTD Toolbar\"
[HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1000\Software\AppDataLow\Software\YTD]
[HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1000\Software\YTD]
[HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\AppDataLow\Software\YTD]
[HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\OpenWithList]
"c"="ytd.exe"
[HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\YTD]

Searching for "63978e510510e3598b0dfa8e6d0469cb"
No data found.

Searching for "Spigot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Spigot\GC\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34B66CF356D744245B0C8EDE24AC03DC]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62F013B2CCF0DEE4EB7CB83D7A21280C]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62F013B2CCF0DEE4EB7CB83D7A21280C]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8740C21CF79D2514E94A247F4DEFE091]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
"00000000000000000000000000000000"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E83F13912F1FBF64390A163E8464B6C7]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\Common Files\Spigot\GC\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9]
"F8D785C6B8EFEAF4CAC49B09ABFC6EBE"="C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties]
"Publisher"="Spigot, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GeniusBox]
"ptn"="geniusbox-spigot-ytd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GeniusBox]
"implementationid"="geniusbox-spigot-ytd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}]
"Publisher"="Spigot, Inc."

-= EOF =-
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby pgmigg » March 9th, 2015, 10:39 pm

Hello jimmywond123,

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Highlight and copy the following entries: into the Image text box.
    (Do not include the words Code: Select all - instead of it please click the Select all button next to Code: to select the entire script.)
    Code: Select all
    :Commands
    [createrestorepoint]
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\YTD]
    [-HKEY_CURRENT_USER\Software\YTD]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE]
    "ProductName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\SourceList]
    "PackageName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\Res\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\Res\Lang\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\FF\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\FF\chrome\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\FF\components\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\IE\7.3\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\YTD Toolbar\IE\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32D4A297F6AED6742B2145BE6366CEC6]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3447DED66EC95FF47A6AA9C870109940]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\934A25CC6B7E2BC45B7BC1D4DD74ABB8]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC545A72D9A764244B9F62BBCCF160EE]
    "F8D785C6B8EFEAF4CAC49B09ABFC6EBE"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties]
    "DisplayName"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}]
    "InstallLocation"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}]
    "DisplayName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD]
    [-HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1000\Software\AppDataLow\Software\YTD]
    [-HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1000\Software\YTD]
    [-HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\AppDataLow\Software\YTD]
    [HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\OpenWithList]
    "c"=-
    [-HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\YTD]
    
    :Files
    C:\Users\Curtis McClay\Desktop\Old Firefox Data\rwt8s0xt.default-1364529067499\extensions\ytd@mybrowserbar.com
    C:\Users\Guest\AppData\LocalLow\YTD
    
    :Commands
    [emptytemp]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. Let the program run unhindered and reboot the PC when it is done.
    When the computer reboots, and you start your usual account, a Notepad text file will appear.
  8. Copy the contents of that file and post it in your next reply. The log can also be found, based on the date/time it was created, as C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Step 2.
ESET NOD32 Online Scan
  1. Firstly please Disable any Antivirus you have active, as shown in This topic. If active, it could impact the online scan.
    Do NOT use the computer while the scan is running!
    Make sure all other programs and windows are closed!
  2. You need to right-click on the Internet Explorer or Firefox icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.
  3. Go to ESET Online Scanner - © ESET All Rights Reserved, to run an online scan.
  4. Click the dark blue Run ESET Online Scanner button:
    • If you using Google Chrome or Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted. Then double click on it to install.
    • If you using Internet Explorer please read the End User License Agreement and check the box: Yes, I accept the terms of use. Then click the green Start button.
  5. Accept any security warnings from your browser and allow the download/installation of any required files.
    If your browser blocks or halts a download, please allow it to download any required files.
  6. Under scan settings:
    • Check "Scan archives"
    • UNCHECK "Remove found threats"
  7. Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  8. Click the Start button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running!
  9. When the scan completes, please press the text: Image
  10. Press the text: Image, then save the file to your desktop as ESETScan.txt.
  11. Press the Back button, then press the Finish button.
  12. Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log log file after OTL FixScript run
  3. Contents of the ESETScan.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 13th, 2015, 2:04 am

working on this now.
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 13th, 2015, 2:16 am

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\YTD\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\YTD\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\\ProductName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\SourceList\\PackageName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1039F8C12A30A304D910F4156F6CB9D6 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B4B261A2ECC1943BE70631F436E48A not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32D4A297F6AED6742B2145BE6366CEC6 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3447DED66EC95FF47A6AA9C870109940 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38FE02D4E14502B43B7E7F7DAEA50FF6 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\854D7616DD752AA439F2BD7B7AA4E253 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\934A25CC6B7E2BC45B7BC1D4DD74ABB8 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BB8027A57AF3E499094F178F81F04C not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD1B33C4DAE26564DBAE2830EF3B9014 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC545A72D9A764244B9F62BBCCF160EE not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F8D785C6B8EFEAF4CAC49B09ABFC6EBE\InstallProperties not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}\\InstallLocation deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C587D8F-FE8B-4FAE-AC4C-B990BACFE6EB}\\DisplayName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YTD\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1000\Software\AppDataLow\Software\YTD\ not found.
Registry key HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1000\Software\YTD\ not found.
Registry key HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\AppDataLow\Software\YTD\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\OpenWithList\\c deleted successfully.
Registry key HKEY_USERS\S-1-5-21-3340973777-658078649-2245101506-1003\Software\YTD\ deleted successfully.
========== FILES ==========
C:\Users\Curtis McClay\Desktop\Old Firefox Data\rwt8s0xt.default-1364529067499\extensions\ytd@mybrowserbar.com moved successfully.
C:\Users\Guest\AppData\LocalLow\YTD\temp folder moved successfully.
C:\Users\Guest\AppData\LocalLow\YTD\res folder moved successfully.
C:\Users\Guest\AppData\LocalLow\YTD folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Curtis McClay
->Temp folder emptied: 86496 bytes
->Temporary Internet Files folder emptied: 930005 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 369782397 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 13003 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Harvey McClay
->Temp folder emptied: 110813 bytes
->Temporary Internet Files folder emptied: 16917 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14043443 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: NULL

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32729 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 367.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03132015_010631

Files\Folders moved on Reboot...
C:\Users\Curtis McClay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Curtis McClay\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Harvey McClay\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby jimmywong123 » March 13th, 2015, 10:06 am

C:\AdwCleaner\Quarantine\C\Users\Curtis McClay\AppData\Local\Browser Extensions\Client.exe.vir a variant of Win32/Adware.iBryte.CD application
C:\AdwCleaner\Quarantine\C\Users\Curtis McClay\AppData\Local\Browser Extensions\Tasks.exe.vir MSIL/Adware.iBryte.X application
C:\AdwCleaner\Quarantine\C\Users\Curtis McClay\AppData\Local\Browser Extensions\Uninstall.exe.vir a variant of MSIL/Adware.iBryte.X application
C:\AdwCleaner\Quarantine\C\Users\Curtis McClay\AppData\Local\Browser Extensions\Updater.exe.vir MSIL/Adware.iBryte.X application
C:\AdwCleaner\Quarantine\C\Users\Harvey McClay\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir a variant of Win32/Speedchecker.A potentially unwanted application
C:\Users\Curtis McClay\Documents\progroms\zzprog1\7zipfree_8675.exe a variant of Win32/InstallIQ.A potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\hk64tbVgra.dll Win64/Toolbar.Conduit.A potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\hktbVgra.dll Win32/Toolbar.Conduit.W potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\ldrtbVgra.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\tbVgra.dll a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A potentially unwanted application
C:\Windows\Installer\513f047.msi a variant of Win32/Toolbar.Babylon.Q potentially unwanted application
C:\Windows\Installer\MSI2CAD.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
jimmywong123
Regular Member
 
Posts: 23
Joined: February 1st, 2015, 8:32 pm

Re: YTD Video Downloader virus

Unread postby pgmigg » March 14th, 2015, 12:13 am

Hello jimmywong123,

Step 1.
Fresh OTL Scan
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Include 64 bit scans
    • Scan All Users
    • Processes > All <- Important
    • Extra Registry > Use SafeList
    • LOP check
  4. Click on Run Scan at the top left hand corner.
  5. When done, one Notepad file OTL.txt <-- Will be opened, maximized
  6. Please post the content of OTL.txt file ONLY in your next reply.

Step 2.
Show Hidden and System files
  1. Close all programs so that you are at your desktop.
  2. Press Image.
  3. Click the Start Search box on the Start Menu
  4. Copy and paste the following value in blue, in the open text entry box:
    change search options for files and folders
    then press Enter button
  5. Click on the View tab, then under the "Hidden files and folders" section please
    • SELECT "Show hidden files and folders"
  6. Find below and
    • remove check mark from check box "Hide extensions for known file types"
    • remove check mark from check box "Hide protected operating system files"
  7. Press the Apply, then the OK buttons.

Step 3.
Online Multi Antivirus file scan
Please go to either: Jotti or Virus Total and upload -only one file per scan- the following file(s) for scanning:

C:\Users\Curtis McClay\Documents\progroms\zzprog1\7zipfree_8675.exe
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\hk64tbVgra.dll
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\hktbVgra.dll
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\ldrtbVgra.dll
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\tbVgra.dll
C:\Users\Guest\AppData\LocalLow\Vgrabber_v1.5\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll
C:\Windows\Installer\513f047.msi
C:\Windows\Installer\MSI2CAD.tmp


Using Jotti
  1. Choose the appropriate language (if needed)... once a language is selected, you'll see a message "Ready to receive files"
  2. Press the Browse button and navigate to -one- of the files in the list.
  3. Double click the located file name...The file name should now appear in the online scanner's "File to scan:" box.
  4. Click on Submit..button.
      If you receive the message: This file has been scanned before. The results for this previous scan are listed below.
      Please press the Scan again button, so your file will be scanned.
  5. The file will be uploaded and scanned by various antivirus scanners..this may take a few minutes.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address :
    Image
  8. Please repeat this procedure for each file listed above.
  9. Paste the Web address link(s) for the scan results in your next reply.

Using Virus Total
  1. Press the Browse button and navigate to -one- of the files in the list.
  2. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  3. Click on Send File...button.
  4. The file will be queued, uploaded and scanned by various antivirus scanners..this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse file now button, so your file will be scanned.
  5. When all scans have completed... the results page is displayed
  6. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  7. Please repeat this procedure for each file listed above.
  8. Paste the Web address link(s) for the scan results in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections....

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a OTL.txt log file after OTL fresh scan
  3. The resulting web links after online file scan by Virus Total or Jotti.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 117 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware