Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Background Programme Blocking Servers .....

Started by Ditch , May 29 2016 03:01 PM

  • Please log in to reply

#1
Ditch
Posted 29 May 2016 - 03:01 PM

Ditch

    Member

  • Member
  • PipPip
  • 43 posts

Brief Overview:  I click " Geeks To Go ". I 404. " Firefox can't find the server " what ever.  I've also got this .....

 

 

 

Untitled_zpsofx2b04k.jpg

 

 

 

Try for a Restart? This:

 

 

Untitled1_zpswyp82l2sTN_zpseywru68k.jpg

 

 

 

  It's also, randomly, said things like my Yahoo Mailer was the culprit. Either way, nothing gets rid of this programme in the background.

 

  I inhabit a Slack chat room too. Or used to. Now, I spend my days and nights in an endless cycle of trying to sign in to anywhere.

 

 

I've Tried ..... DLing and running CCleaner. Malwarebytes. Avira. Avira found a trojan by the name of K and a number? I googled that and found it being discussed on a German forum. Sadly, in German.

 

Tried running the latter two in safe mode.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Ditch (administrator) on DITCH-PC (29-05-2016 21:18:31)
Running from C:\Users\Ditch\Downloads
Loaded Profiles: Ditch (Available Profiles: Ditch)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(SanDisk Corporation) C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [ClearLogicStartUp] => E:\programmes\Camera\ONE CHANNEL USB DVR\StartUp.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [zzzHPSETUP] => D:\Setup.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [SansaDispatch] => C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-09-09] (SanDisk Corporation)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {004bbd5c-f0a2-11e5-9405-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {004bbd71-f0a2-11e5-9405-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {01d3dc68-b330-11e2-88ad-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {089e80dc-8cdb-11e5-a0a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {089e80f0-8cdb-11e5-a0a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09d027dc-f098-11e5-b613-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09d027f0-f098-11e5-b613-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09f218e3-7cfc-11e2-9b7b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09f218f7-7cfc-11e2-9b7b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0a82fde3-9f90-11e2-9a64-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0a82fdf6-9f90-11e2-9a64-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bd5365d-8c21-11e5-b26c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bd53670-8c21-11e5-b26c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bf6e5dc-4e14-11e4-a8fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bf6e5ff-4e14-11e4-a8fc-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0c09a6e4-7cff-11e2-893c-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0c09a6f7-7cff-11e2-893c-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0ca5b0db-8c91-11e5-9567-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0ca5b0ef-8c91-11e5-9567-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0f0f5bdc-1c59-11e5-934d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0f0f5bf0-1c59-11e5-934d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1017d15c-f0a3-11e5-8f53-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1017d170-f0a3-11e5-8f53-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {11f8e2f5-3716-11e5-9259-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {138907ec-fa51-11e4-97c3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {14838edb-8fca-11e5-93e4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {17f4cfdb-8bf0-11e5-a1a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {17f4cfef-8bf0-11e5-a1a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {19b986cd-3718-11e5-87d9-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {19b98704-3718-11e5-87d9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1b8f535c-8bfe-11e5-b11c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1b8f5371-8bfe-11e5-b11c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1c38e14d-8c20-11e5-b22a-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1c38e181-8c20-11e5-b22a-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1ef0595b-8fc7-11e5-9286-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1ef0596f-8fc7-11e5-9286-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {213877f0-8c96-11e5-93ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2343ee5d-371a-11e5-a370-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2343ee70-371a-11e5-a370-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {243956db-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {243956f0-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {24395714-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {269c9472-9fbc-11e2-9b61-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {27e329dc-8fcb-11e5-94e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {27e329f0-8fcb-11e5-94e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {291c6b5d-fd8a-11e4-8627-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {291c6b70-fd8a-11e4-8627-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2a17525c-8c72-11e5-94f4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2a175270-8c72-11e5-94f4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2ac8cdec-8c0b-11e5-a453-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d35c-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d370-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d39e-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {32d62e14-e66c-11e3-a5af-d43d7e4d2a3e} - G:\setup.exe -a
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {33978fdc-9f7c-11e5-9fd2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {33978ff0-9f7c-11e5-9fd2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {366fa3bb-36b3-11e5-9464-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3be80860-eb41-11e2-a71a-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3d300163-8088-11e2-896b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3d300177-8088-11e2-896b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {409bc8db-8cc7-11e5-b2c6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {409bc8ef-8cc7-11e5-b2c6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {40f28ee9-8cdc-11e5-9436-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {414c15cd-9f7a-11e5-a010-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {414c1601-9f7a-11e5-a010-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {437b1bdd-1c49-11e5-9562-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {437b1bef-1c49-11e5-9562-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44444573-8cf1-11e5-b029-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44ee63e8-3ed8-11e5-934b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44ee63fc-3ed8-11e5-934b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47f48beb-75dc-11e2-b29f-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47f48d3c-75dc-11e2-b29f-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47fb23ce-4b52-11e4-86c9-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47fb2416-4b52-11e4-86c9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {49a3f069-51d6-11e5-9fc6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {49a3f07b-51d6-11e5-9fc6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4cf28ccd-1c25-11e5-940d-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4cf28d04-1c25-11e5-940d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4eb1d1f2-9f73-11e5-a454-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {52b134ce-8bfd-11e5-b205-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {52b13501-8bfd-11e5-b205-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {53999d64-2da8-11e5-9305-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {53999d77-2da8-11e5-9305-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {598b77db-8bfc-11e5-9777-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {598b77ef-8bfc-11e5-9777-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5c19ca69-8ced-11e5-b271-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5ce8605e-1aaf-11e5-91c2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5ce86071-1aaf-11e5-91c2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {60eb3ee2-9f86-11e2-88d5-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {60eb3ef6-9f86-11e2-88d5-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {618ecfe2-9f9c-11e2-873e-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {618ecff6-9f9c-11e2-873e-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {63441cdc-1c14-11e5-b39e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {63441cf0-1c14-11e5-b39e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {64b54f62-f097-11e5-b135-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {64b54f76-f097-11e5-b135-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {69601edd-f0fc-11e5-92f3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {69601ef2-f0fc-11e5-92f3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e06595c-8c6a-11e5-94e3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e06596f-8c6a-11e5-94e3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e820ce9-8cc9-11e5-953f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e820d0a-8cc9-11e5-953f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6ec1de5d-8cb0-11e5-94ff-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6ec1de71-8cb0-11e5-94ff-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6fc4f354-9f70-11e5-bdb0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6fc4f379-9f70-11e5-bdb0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {70e5aedc-8fc8-11e5-af77-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {74738777-f1ae-11e5-92f6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {74ac41ef-4b4c-11e4-85b0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {774803e1-f624-11e2-94d9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {77dd6163-9f85-11e2-b2c9-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {7db6d25b-8fc9-11e5-a1bf-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {7db6d26f-8fc9-11e5-a1bf-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8044b0db-8bf2-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8044b0ef-8bf2-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {81c6a6e9-8bfb-11e5-a2c0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {82edc9dc-3719-11e5-b382-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {82edc9f0-3719-11e5-b382-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {885800cd-9fb2-11e2-8605-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8858010a-9fb2-11e2-8605-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8858012e-9fb2-11e2-8605-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {88be326b-8fca-11e5-b25b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b1449f0-8cb5-11e5-94a3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b67795c-b098-11e5-b185-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b677970-b098-11e5-b185-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8c79a2cd-1c3e-11e5-95e2-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8ddf2368-9f71-11e5-af29-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8ddf237a-9f71-11e5-af29-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {946bd95b-8cea-11e5-946f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {946bd96f-8cea-11e5-946f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {971cbfce-9f72-11e5-b0a4-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {971cc002-9f72-11e5-b0a4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9805c4f2-b0cc-11e5-8feb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9ce1e85d-8bf4-11e5-a1bc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9ce1e870-8bf4-11e5-a1bc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9e5de14d-8bf1-11e5-954e-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9e5de181-8bf1-11e5-954e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f87754e-1c34-11e5-90b8-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f877582-1c34-11e5-90b8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f877592-1c34-11e5-90b8-d43d7e4d2a3e} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f87759b-1c34-11e5-90b8-d43d7e4d2a3e} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f8775b6-1c34-11e5-90b8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f960adb-8bff-11e5-b21d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f960aef-8bff-11e5-b21d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a00f904d-9f76-11e5-afba-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a00f9083-9f76-11e5-afba-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a6513cdc-9f75-11e5-92ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a6513cf0-9f75-11e5-92ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aa76615c-5953-11e4-a7d4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aa766171-5953-11e4-a7d4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aae438db-8bf5-11e5-a18c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aae438ef-8bf5-11e5-a18c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {abbc35dd-4bc0-11e4-9859-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {abbc35f1-4bc0-11e4-9859-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {adbdf0e4-3481-11e5-90a9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ae099cdc-f09f-11e5-b0ae-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ae099cf0-f09f-11e5-b0ae-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b078bc5d-1c1d-11e5-8618-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b078bc70-1c1d-11e5-8618-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b55003cd-8bf0-11e5-b189-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b5500403-8bf0-11e5-b189-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b9650c5d-9f77-11e5-9f7f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b9650c70-9f77-11e5-9f7f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bba99715-a069-11e2-90e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bfa7e1ea-1f42-11e3-9195-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bfa7e1fb-1f42-11e3-9195-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c0ba23db-8c1e-11e5-8272-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c0ba23f2-8c1e-11e5-8272-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c1dfb9dc-1c59-11e5-91d8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c1dfb9f1-1c59-11e5-91d8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c5df21dc-f09b-11e5-9ef4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c5df21f0-f09b-11e5-9ef4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c7c530dd-3718-11e5-947b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c7c530f0-3718-11e5-947b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c9c49f60-3520-11e5-92c6-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ca9ba85c-8fcb-11e5-9473-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ca9ba870-8fcb-11e5-9473-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ce2d305d-8fc7-11e5-8ebe-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ce2d3070-8fc7-11e5-8ebe-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d0f169dd-b0cb-11e5-9c84-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d0f169f0-b0cb-11e5-9c84-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3679866-1c3e-11e5-87fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3679877-1c3e-11e5-87fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3b363f2-1c3d-11e5-94e4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3ea9a18-b327-11e2-860d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d479df5c-dd4b-11e4-94ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d479df70-dd4b-11e4-94ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d79fcf4d-6037-11e4-9887-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d79fcf84-6037-11e4-9887-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {db49d6ec-8cca-11e5-9430-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba116dd-f09c-11e5-a008-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba116f0-f09c-11e5-a008-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba5966b-eb41-11e2-a6b3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dfe1a15c-8c70-11e5-ae99-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dfe1a171-8c70-11e5-ae99-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e069c8dd-f0a4-11e5-a40b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e069c8f0-f0a4-11e5-a40b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e341424d-8c08-11e5-bf12-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e3ef256b-8fc8-11e5-b028-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e4b1da64-7cfc-11e2-9739-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e4b1da77-7cfc-11e2-9739-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e7f3e362-9f95-11e2-8814-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e7f3e376-9f95-11e2-8814-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e8bd065d-f09a-11e5-a150-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e8bd0670-f09a-11e5-a150-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e9c8bd5b-8bfa-11e5-95fb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e9c8bd6f-8bfa-11e5-95fb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eb0efd5c-b05e-11e4-9925-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eb0efd71-b05e-11e4-9925-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ec3f012b-a06c-11e2-8821-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eceb22dc-f09e-11e5-b260-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eceb22f1-f09e-11e5-b260-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eeeb426a-8cb6-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f64392dd-cffc-11e5-a2ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f64392f0-cffc-11e5-a2ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f7acfc52-9f74-11e5-a341-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f7acfc70-9f74-11e5-a341-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f9c28b73-9f73-11e5-b177-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {fc6fb16a-9f70-11e5-8c00-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {feef804d-1c48-11e5-94db-806e6f6e6963} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-08-31]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{2C586D8C-2F76-49E5-A070-09039B4A14A7}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{33535650-5A6B-44CB-86B4-3821687D3F27}: [DhcpNameServer] 192.168.100.200

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> G:\programmes\VLC Media Player\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-1600889185-3656679571-3126259524-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ditch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-29]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-24] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-12-26] (Microsoft Corporation)
S2 tbbLoaderService; "E:\Programmes\Bamdwidth Meter\tbbLoaderService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [216576 2009-09-04] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-24] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2013-04-18] (microOLAP Technologies LTD)
R1 RapportCerberus_1609040; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609040.sys [1157160 2016-05-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-24] (IBM Corp.)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-24] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-24] (IBM Corp.)
R3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-24] (IBM Corp.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 21:18 - 2016-05-29 21:18 - 00043383 ____C C:\Users\Ditch\Downloads\FRST.txt
2016-05-29 21:18 - 2016-05-29 21:18 - 00000000 ___DC C:\FRST
2016-05-29 21:16 - 2016-05-29 21:16 - 02383872 ____C (Farbar) C:\Users\Ditch\Downloads\FRST64.exe
2016-05-29 18:55 - 2016-05-29 18:55 - 00000028 ____C C:\Users\Ditch\Desktop\3.txt
2016-05-29 01:22 - 2016-05-29 01:22 - 00000000 ___DC C:\Users\Ditch\Desktop\Post Back Up
2016-05-28 19:30 - 2016-05-28 19:30 - 00122880 __SHC C:\Users\Ditch\Thumbs.db
2016-05-25 14:02 - 2016-05-25 14:33 - 00323406 ____C C:\Windows\ntbtlog.txt
2016-05-05 02:49 - 2016-05-05 02:49 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Avira
2016-05-05 02:47 - 2016-04-04 17:07 - 00154816 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00141920 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00079696 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00028600 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-05-05 02:14 - 2016-05-25 16:48 - 00000000 ___DC C:\ProgramData\Package Cache
2016-05-05 02:14 - 2016-05-25 16:47 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\ProgramData\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\Program Files (x86)\Avira
2016-05-04 14:39 - 2009-06-10 22:00 - 00000824 ____C C:\Windows\system32\Drivers\etc\hosts.20160504-143956.backup
2016-05-04 14:01 - 2016-05-04 14:01 - 00001395 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-04 14:01 - 2016-05-04 14:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-04 14:01 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-05-04 00:36 - 2016-05-04 00:36 - 00242200 ____C C:\Users\Ditch\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-03 19:06 - 2016-05-04 14:06 - 00000000 ___DC C:\Program Files\Common Files\AV
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\TuneUp Software
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\AVG
2016-05-03 19:05 - 2016-05-03 19:05 - 00000000 __HDC C:\$AVG
2016-05-03 18:49 - 2016-05-04 19:33 - 00000000 ___DC C:\ProgramData\Avg
2016-05-03 18:49 - 2016-05-04 19:33 - 00000000 ___DC C:\Program Files (x86)\AVG
2016-05-03 18:46 - 2016-05-03 18:50 - 00000000 ___DC C:\Users\Ditch\AppData\Local\AvgSetupLog
2016-05-03 18:45 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Avg
2016-05-03 18:44 - 2016-05-04 00:22 - 00000000 ___DC C:\ProgramData\MFAData
2016-05-03 18:44 - 2016-05-03 18:44 - 00000000 ___DC C:\Users\Ditch\AppData\Local\MFAData
2016-05-03 18:44 - 2016-05-03 18:44 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Avg2015
2016-05-03 18:10 - 2016-05-04 00:21 - 00000000 ___DC C:\Program Files\CCleaner
2016-05-03 18:10 - 2016-05-03 18:10 - 00002790 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-29 21:16 - 2013-02-13 15:27 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-29 20:41 - 2013-11-30 10:06 - 00000898 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-29 19:01 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-29 19:01 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-29 18:58 - 2009-07-14 06:13 - 00782470 ____C C:\Windows\system32\PerfStringBackup.INI
2016-05-29 18:58 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\inf
2016-05-29 18:54 - 2013-11-30 10:06 - 00000894 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-29 18:54 - 2013-09-16 13:04 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-05-29 18:53 - 2009-07-14 06:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-05-29 18:47 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\NDF
2016-05-29 04:17 - 2016-03-25 22:53 - 01783296 __SHC C:\Users\Ditch\Desktop\Thumbs.db
2016-05-28 19:30 - 2013-02-05 19:48 - 00000000 ___DC C:\Users\Ditch
2016-05-28 03:21 - 2013-06-02 13:12 - 00000000 __RDC C:\Users\Ditch\Desktop\Desk Top
2016-05-25 14:24 - 2014-07-12 14:09 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 16:55 - 2015-06-08 13:31 - 00215560 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-05-24 16:55 - 2013-06-22 14:20 - 00470056 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-05-13 04:16 - 2013-02-13 15:27 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 04:16 - 2013-02-13 15:27 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 04:16 - 2013-02-13 15:27 - 00003768 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-10 22:36 - 2013-11-30 10:06 - 00003894 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 22:36 - 2013-11-30 10:06 - 00003642 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 17:44 - 2015-05-18 17:09 - 00001188 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-05-06 17:44 - 2015-05-18 17:09 - 00000000 ___DC C:\Program Files\paint.net
2016-05-06 17:34 - 2013-03-03 23:47 - 00766336 ____C C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-04 14:28 - 2015-05-22 03:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2016-05-04 14:23 - 2015-05-22 03:21 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-04 02:05 - 2015-05-17 21:01 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 00:38 - 2016-04-27 02:58 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-05-04 00:38 - 2015-05-17 21:01 - 00001163 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-04 00:36 - 2013-02-05 19:52 - 00000000 ___DC C:\Users\Ditch\AppData\Local\ElevatedDiagnostics
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Sidebar
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Photo Viewer
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Defender
2016-05-04 00:25 - 2013-02-21 23:17 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Easy Thumbnails
2016-05-04 00:24 - 2016-03-24 13:17 - 00000000 ___DC C:\ProgramData\MobileBrServ
2016-05-04 00:24 - 2014-11-17 20:19 - 00000000 ___DC C:\Program Files\File Association Helper
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\registration
2016-05-04 00:23 - 2013-02-13 15:27 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\WCN
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\slmgr
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\WCN
2016-05-04 00:23 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\system32\WinBioPlugIns
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Web
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Vss
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\MUI
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Msdtc
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\migwiz
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\InstallShield
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\IME
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Dism
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\com
2016-05-04 00:22 - 2016-01-21 14:53 - 00000000 ___DC C:\Users\Public\Foxit Software
2016-05-04 00:22 - 2015-05-17 18:23 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Chromium
2016-05-04 00:22 - 2015-05-17 18:08 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\RecLib
2016-05-04 00:22 - 2014-07-23 18:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ezr8
2016-05-04 00:22 - 2014-05-28 16:10 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Motorola
2016-05-04 00:22 - 2014-05-26 20:41 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Freelang
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\LocalLow\Unity
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Unity
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ancestry.com
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2016-05-04 00:22 - 2014-03-19 16:03 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Thunderbird
2016-05-04 00:22 - 2013-11-29 13:05 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\AnvSoft
2016-05-04 00:22 - 2013-09-09 16:39 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2016-05-04 00:22 - 2013-09-09 16:38 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\SanDisk
2016-05-04 00:22 - 2013-08-03 14:25 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Amazon
2016-05-04 00:22 - 2013-07-04 17:56 - 00000000 ___DC C:\Users\Ditch\Documents\Fax
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default User\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-23 18:46 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Dropbox
2016-05-04 00:22 - 2013-06-22 14:20 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-22 14:17 - 00000000 ___DC C:\ProgramData\Trusteer
2016-05-04 00:22 - 2013-06-01 18:33 - 00000000 ___DC C:\programmes
2016-05-04 00:22 - 2013-04-04 19:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Downloaded Installations
2016-05-04 00:22 - 2013-03-30 20:40 - 00000000 ___DC C:\Users\Ditch\AppData\Local\PMH
2016-05-04 00:22 - 2013-03-30 20:37 - 00000000 __HDC C:\ProgramData\CanonBJ
2016-05-04 00:22 - 2013-03-18 23:44 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Foxit Software
2016-05-04 00:22 - 2013-02-13 15:26 - 00000000 ___DC C:\Windows\system32\Macromed
2016-05-04 00:22 - 2013-02-13 14:07 - 00000000 ___DC C:\ProgramData\Yahoo!
2016-05-04 00:22 - 2013-02-13 13:58 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Adobe
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Mozilla
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Mozilla
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\slmgr
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\Printing_Admin_Scripts
2016-05-04 00:22 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\Performance
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\Setup
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\ServiceProfiles
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 _RSDC C:\Windows\Media
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\sysprep
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\spool
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\SMI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\oobe
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\MUI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Msdtc
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\migwiz
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Dism
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\com
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\security
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\schemas
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Resources
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PLA
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Help
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Globalization
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Branding
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\AppCompat
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-05-04 00:21 - 2016-03-23 14:40 - 00000000 ___DC C:\Program Files (x86)\Huawei Modems
2016-05-04 00:21 - 2015-07-12 00:37 - 00000000 ___DC C:\Program Files (x86)\Amazon
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2016-05-04 00:21 - 2015-05-22 03:03 - 00000000 ___DC C:\AdwCleaner
2016-05-04 00:21 - 2014-04-17 15:31 - 00000000 ___DC C:\Program Files (x86)\Family Tree Maker 2011
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Windows Media Components
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Microsoft WSE
2016-05-04 00:21 - 2014-04-17 14:10 - 00000000 ___DC C:\Program Files (x86)\BCL Technologies
2016-05-04 00:21 - 2014-04-07 16:10 - 00000000 ___DC C:\Program Files (x86)\FOXIT SOFTWARE
2016-05-04 00:21 - 2014-03-20 14:33 - 00000000 ___DC C:\Program Files (x86)\APC
2016-05-04 00:21 - 2013-11-30 10:05 - 00000000 ___DC C:\Program Files (x86)\Google
2016-05-04 00:21 - 2013-07-10 12:47 - 00000000 ___DC C:\Program Files (x86)\Huawei technologies
2016-05-04 00:21 - 2013-06-22 14:19 - 00000000 ___DC C:\Program Files (x86)\Trusteer
2016-05-04 00:21 - 2013-03-05 04:17 - 00000000 ___DC C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Windows Live
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-05-04 00:21 - 2013-02-13 14:07 - 00000000 ___DC C:\Program Files (x86)\Yahoo!
2016-05-04 00:21 - 2013-02-05 19:58 - 00000000 ___DC C:\Program Files\Realtek
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 ___DC C:\Program Files (x86)\Realtek
2016-05-04 00:21 - 2013-02-05 19:55 - 00000000 ___DC C:\Program Files\Common Files\Intel
2016-05-04 00:21 - 2013-02-05 19:53 - 00000000 ___DC C:\Program Files (x86)\Intel
2016-05-04 00:21 - 2010-11-21 08:16 - 00000000 ___DC C:\Program Files\Windows Journal
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\MSBuild
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Microsoft Games
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\DVD Maker
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Sidebar
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Photo Viewer
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Windows NT
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\System
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\SpeechEngines
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files (x86)\Windows NT
2016-05-03 18:12 - 2015-06-14 00:33 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\MPC-HC
2016-05-03 18:12 - 2013-03-03 23:23 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Media Player Classic
2016-05-03 18:12 - 2013-02-06 03:43 - 00000000 ___DC C:\Windows\Panther
2016-05-03 18:12 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\ModemLogs
2016-04-29 14:01 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-07-06 16:09 - 2015-07-06 16:09 - 0006144 ____C () C:\Users\Ditch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Ditch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 13:57

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Ditch (2016-05-29 21:18:56)
Running from C:\Users\Ditch\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-02-05 18:48:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1600889185-3656679571-3126259524-500 - Administrator - Disabled)
Ditch (S-1-5-21-1600889185-3656679571-3126259524-1000 - Administrator - Enabled) => C:\Users\Ditch
Guest (S-1-5-21-1600889185-3656679571-3126259524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1600889185-3656679571-3126259524-1003 - Limited - Enabled)
New account (S-1-5-21-1600889185-3656679571-3126259524-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
APC PowerChute Personal Edition 3.0 (HKLM-x32\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
AVG 2016 (Version: 16.0.4565 - AVG Technologies) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Awesomium.NET Redistribution Module (x32 Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Family Tree Maker 2010 (HKLM-x32\...\Family Tree Maker 2010) (Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.376 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.376 - Ancestry.com) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.00.21 - Huawei Technologies Co.,Ltd)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-GB)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Rapport (x32 Version: 3.5.1609.63 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
tbbMeter Loader Service (HKLM-x32\...\{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}) (Version: 1.0.0 - thinkbroadband.com)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.63 - Trusteer)
Unity Web Player (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CC914B-F8E7-4F78-908C-746F32A9E35E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {02B932F7-D744-463E-B9C7-C7FF88A0F9CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {04CA2BE5-F9EA-4A95-9E27-1F9EA0DAF73A} - System32\Tasks\{02B780C8-9B38-466A-8FF0-CAC15F59300A} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\setup.exe" -c -runfromtemp -l0x0009 -removeonly /z"Uninstall"
Task: {280BD6CF-1463-4664-81A1-4FCFA91AB7D8} - System32\Tasks\{5A87B4E4-0B17-49E5-ABD4-C378584203C2} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {4ADF4CD1-885F-4AA3-AA3F-06EB50EF2226} - System32\Tasks\{44CBFDCD-23C5-41AA-83BD-C8C0A6E4E655} => pcalua.exe -a C:\Users\Ditch\AppData\Local\Temp\Temp1_7659(1).zip\setup.exe
Task: {5494BE96-C865-4307-AC83-58C47F22DE36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {65763892-931D-4A8D-B9DE-C1B349B464AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {73FE6C5C-17D7-48FE-BA33-5686C1B1A6F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8B9E3015-0A0D-4875-9FDA-A20672209D97} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9C2FA8EE-38C3-4874-B888-C776849C40B6} - System32\Tasks\{92941F7C-D841-4778-9D5F-D9BBE72180CB} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {A5F29DC2-9B71-43CA-80B3-2733A92D0231} - System32\Tasks\{181E5F28-814F-4B6A-AC34-CC963D168CBA} => pcalua.exe -a D:\setup.exe -d D:\
Task: {AF87FCD5-A527-4C04-9679-1455313B8DED} - System32\Tasks\{A80C8E92-F0AE-4CD2-A775-30906D889584} => pcalua.exe -a D:\Reg\setup.exe -d D:\
Task: {B16BDE49-E6DB-4FD3-9EA2-7041CF35E511} - System32\Tasks\{9DCFE29F-6BA5-40E0-82EB-0B686B1532F3} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe"
Task: {F8BA87EF-9EC6-4386-A01C-09862C1A5D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-24 13:17 - 2014-11-20 09:48 - 00242264 ____C () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-05-04 14:01 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-05-04 14:01 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-05-04 14:01 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 ____C () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.

IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-05-04 14:39 - 00452288 ___RC C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15518 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86472CA0-D35C-47A6-AB62-EF3B97AB307D}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{22520538-16FD-43CC-BDBB-9B854D3FE174}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{3EBECDEB-2097-4112-9004-0C3E30740819}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{61B43AC4-1F3C-465F-9928-947BD744D168}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{00063C30-0ACE-4AA3-BB8E-594F5F332533}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{3DE09D31-BDD1-4E5F-8C18-D5D05573B5FE}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{7314E4FA-9BA9-45BF-B7A1-6465DFB07357}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{2943861C-19FE-4041-BD0C-CAA271A4DE90}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{86417CB2-3D69-47CC-A157-2E40E38BF140}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB68F1AA-E74B-4560-9B19-A2090638664A}] => (Allow) LPort=2869
FirewallRules: [{92520CCC-DE9F-4138-99AC-4950A7041764}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2666C8BD-B917-4FCA-8E5F-C024D8FAD4BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{38E72EB0-B5F3-45D5-924E-47D9CD112CEE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B251A538-60C0-4303-895A-3D533F67E8F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A58AA8E-FFB0-45DD-A1EF-5E2FE8DE4794}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC923D67-5DEB-4A45-B0AF-5C4FE97FB1E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{169D3FC1-981D-4AC0-A728-6391AD008250}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F44E50A1-73D7-4A11-8BA8-CF03586F0756}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6E905761-8540-494B-856F-243F4143067C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-05-2016 18:54:24 Installed Rapport

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2016 06:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2016 02:38:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/29/2016 04:18:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2016 01:32:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2016 01:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2016 01:06:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2016 03:53:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2016 02:35:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2016 02:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/25/2016 02:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/29/2016 06:53:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2

Error: (05/29/2016 02:38:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2

Error: (05/29/2016 04:18:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2

Error: (05/28/2016 01:32:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2

Error: (05/27/2016 08:19:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/27/2016 08:19:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/27/2016 08:19:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/27/2016 08:19:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.

Error: (05/27/2016 01:17:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2

Error: (05/26/2016 01:06:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
  Date: 2016-02-02 12:11:19.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:19.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:15.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:15.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3982.2 MB
Available physical RAM: 2087.7 MB
Total Virtual: 7962.58 MB
Available Virtual: 5749.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:21.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: FC375C36)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Thankyou.

 


  • 0

Advertisements

#2
RKinner
Posted 30 May 2016 - 10:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
 
tbbMeter Loader Service (not working and causing errors)
Trusteer Endpoint Protection  (not working and causing errors) To Uninstall SEE:  https://www.trusteer...install-utility
 
It would be nice if you could uninstall Spybot and AVG too but I don't see spybot listed and AVG is hidden.
 
 
Download and save the AVG removal tool
 
Right click on it and Run As Admin.  
 
Reboot
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
 
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
Run FRST again, check addition.txt and then SCAN.  Post both logs.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 

  • 0

#3
Ditch
Posted 30 May 2016 - 01:00 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Okay, RKinner. Thanks for ye time and effort. Very much appreciated :)  Just to let ye know, I found ye response within twenty minutes. I've been working away at ye instructions ever since. Each click can take me ten minutes of time outs yet.

 

TTBL threw me:

 

 

tbb_zpsrvgizgos.jpg

 

 

TEP I appear to have got rid of. (My bank sort of insists I have that).

 

AVG chucks up: " 2016-05-30 18:40:05,208 ERROR Wrong application platform. Use corresponding application version for 32bit or 64bit systems "

 

I have the DL button. But, hit it and it presents that message in notepad.

 

I'm ready to stick to your instructions, to the letter. I believe that's what we're advised to do here? I'll wait to hear then.

 

Thanks again.

 


  • 0

#4
RKinner
Posted 30 May 2016 - 01:17 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Don't worry about TTBL.  I'll remove it next time with a Fixlist.

 

Sorry about the AVG remover.  Try this one:

 

http://files-downloa...AVG_Remover.exe

 

Yes your bank wants Trusteer but it is not working right and is throwing errors.  You can always reinstall when we are done.

 

No idea what you mean by DL button.


  • 0

#5
Ditch
Posted 30 May 2016 - 03:16 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

  Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Ditch (2016-05-30 22:06:38) Run:2
Running from C:\Users\Ditch\Desktop
Loaded Profiles: Ditch (Available Profiles: Ditch)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [ClearLogicStartUp] => E:\programmes\Camera\ONE CHANNEL USB DVR\StartUp.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {004bbd5c-f0a2-11e5-9405-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {004bbd71-f0a2-11e5-9405-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {01d3dc68-b330-11e2-88ad-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {089e80dc-8cdb-11e5-a0a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {089e80f0-8cdb-11e5-a0a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09d027dc-f098-11e5-b613-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09d027f0-f098-11e5-b613-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09f218e3-7cfc-11e2-9b7b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09f218f7-7cfc-11e2-9b7b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0a82fde3-9f90-11e2-9a64-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0a82fdf6-9f90-11e2-9a64-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bd5365d-8c21-11e5-b26c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bd53670-8c21-11e5-b26c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bf6e5dc-4e14-11e4-a8fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bf6e5ff-4e14-11e4-a8fc-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0c09a6e4-7cff-11e2-893c-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0c09a6f7-7cff-11e2-893c-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0ca5b0db-8c91-11e5-9567-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0ca5b0ef-8c91-11e5-9567-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0f0f5bdc-1c59-11e5-934d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0f0f5bf0-1c59-11e5-934d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1017d15c-f0a3-11e5-8f53-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1017d170-f0a3-11e5-8f53-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {11f8e2f5-3716-11e5-9259-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {138907ec-fa51-11e4-97c3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {14838edb-8fca-11e5-93e4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {17f4cfdb-8bf0-11e5-a1a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {17f4cfef-8bf0-11e5-a1a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {19b986cd-3718-11e5-87d9-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {19b98704-3718-11e5-87d9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1b8f535c-8bfe-11e5-b11c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1b8f5371-8bfe-11e5-b11c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1c38e14d-8c20-11e5-b22a-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1c38e181-8c20-11e5-b22a-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1ef0595b-8fc7-11e5-9286-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1ef0596f-8fc7-11e5-9286-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {213877f0-8c96-11e5-93ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2343ee5d-371a-11e5-a370-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2343ee70-371a-11e5-a370-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {243956db-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {243956f0-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {24395714-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {269c9472-9fbc-11e2-9b61-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {27e329dc-8fcb-11e5-94e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {27e329f0-8fcb-11e5-94e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {291c6b5d-fd8a-11e4-8627-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {291c6b70-fd8a-11e4-8627-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2a17525c-8c72-11e5-94f4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2a175270-8c72-11e5-94f4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2ac8cdec-8c0b-11e5-a453-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d35c-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d370-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d39e-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {32d62e14-e66c-11e3-a5af-d43d7e4d2a3e} - G:\setup.exe -a
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {33978fdc-9f7c-11e5-9fd2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {33978ff0-9f7c-11e5-9fd2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {366fa3bb-36b3-11e5-9464-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3be80860-eb41-11e2-a71a-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3d300163-8088-11e2-896b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3d300177-8088-11e2-896b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {409bc8db-8cc7-11e5-b2c6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {409bc8ef-8cc7-11e5-b2c6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {40f28ee9-8cdc-11e5-9436-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {414c15cd-9f7a-11e5-a010-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {414c1601-9f7a-11e5-a010-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {437b1bdd-1c49-11e5-9562-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {437b1bef-1c49-11e5-9562-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44444573-8cf1-11e5-b029-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44ee63e8-3ed8-11e5-934b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44ee63fc-3ed8-11e5-934b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47f48beb-75dc-11e2-b29f-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47f48d3c-75dc-11e2-b29f-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47fb23ce-4b52-11e4-86c9-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47fb2416-4b52-11e4-86c9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {49a3f069-51d6-11e5-9fc6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {49a3f07b-51d6-11e5-9fc6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4cf28ccd-1c25-11e5-940d-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4cf28d04-1c25-11e5-940d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4eb1d1f2-9f73-11e5-a454-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {52b134ce-8bfd-11e5-b205-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {52b13501-8bfd-11e5-b205-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {53999d64-2da8-11e5-9305-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {53999d77-2da8-11e5-9305-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {598b77db-8bfc-11e5-9777-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {598b77ef-8bfc-11e5-9777-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5c19ca69-8ced-11e5-b271-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5ce8605e-1aaf-11e5-91c2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5ce86071-1aaf-11e5-91c2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {60eb3ee2-9f86-11e2-88d5-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {60eb3ef6-9f86-11e2-88d5-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {618ecfe2-9f9c-11e2-873e-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {618ecff6-9f9c-11e2-873e-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {63441cdc-1c14-11e5-b39e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {63441cf0-1c14-11e5-b39e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {64b54f62-f097-11e5-b135-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {64b54f76-f097-11e5-b135-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {69601edd-f0fc-11e5-92f3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {69601ef2-f0fc-11e5-92f3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e06595c-8c6a-11e5-94e3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e06596f-8c6a-11e5-94e3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e820ce9-8cc9-11e5-953f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e820d0a-8cc9-11e5-953f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6ec1de5d-8cb0-11e5-94ff-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6ec1de71-8cb0-11e5-94ff-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6fc4f354-9f70-11e5-bdb0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6fc4f379-9f70-11e5-bdb0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {70e5aedc-8fc8-11e5-af77-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {74738777-f1ae-11e5-92f6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {74ac41ef-4b4c-11e4-85b0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {774803e1-f624-11e2-94d9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {77dd6163-9f85-11e2-b2c9-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {7db6d25b-8fc9-11e5-a1bf-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {7db6d26f-8fc9-11e5-a1bf-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8044b0db-8bf2-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8044b0ef-8bf2-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {81c6a6e9-8bfb-11e5-a2c0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {82edc9dc-3719-11e5-b382-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {82edc9f0-3719-11e5-b382-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {885800cd-9fb2-11e2-8605-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8858010a-9fb2-11e2-8605-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8858012e-9fb2-11e2-8605-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {88be326b-8fca-11e5-b25b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b1449f0-8cb5-11e5-94a3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b67795c-b098-11e5-b185-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b677970-b098-11e5-b185-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8c79a2cd-1c3e-11e5-95e2-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8ddf2368-9f71-11e5-af29-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8ddf237a-9f71-11e5-af29-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {946bd95b-8cea-11e5-946f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {946bd96f-8cea-11e5-946f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {971cbfce-9f72-11e5-b0a4-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {971cc002-9f72-11e5-b0a4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9805c4f2-b0cc-11e5-8feb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9ce1e85d-8bf4-11e5-a1bc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9ce1e870-8bf4-11e5-a1bc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9e5de14d-8bf1-11e5-954e-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9e5de181-8bf1-11e5-954e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f87754e-1c34-11e5-90b8-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f877582-1c34-11e5-90b8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f877592-1c34-11e5-90b8-d43d7e4d2a3e} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f87759b-1c34-11e5-90b8-d43d7e4d2a3e} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f8775b6-1c34-11e5-90b8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f960adb-8bff-11e5-b21d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f960aef-8bff-11e5-b21d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a00f904d-9f76-11e5-afba-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a00f9083-9f76-11e5-afba-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a6513cdc-9f75-11e5-92ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a6513cf0-9f75-11e5-92ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aa76615c-5953-11e4-a7d4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aa766171-5953-11e4-a7d4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aae438db-8bf5-11e5-a18c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aae438ef-8bf5-11e5-a18c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {abbc35dd-4bc0-11e4-9859-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {abbc35f1-4bc0-11e4-9859-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {adbdf0e4-3481-11e5-90a9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ae099cdc-f09f-11e5-b0ae-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ae099cf0-f09f-11e5-b0ae-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b078bc5d-1c1d-11e5-8618-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b078bc70-1c1d-11e5-8618-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b55003cd-8bf0-11e5-b189-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b5500403-8bf0-11e5-b189-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b9650c5d-9f77-11e5-9f7f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b9650c70-9f77-11e5-9f7f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bba99715-a069-11e2-90e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bfa7e1ea-1f42-11e3-9195-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bfa7e1fb-1f42-11e3-9195-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c0ba23db-8c1e-11e5-8272-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c0ba23f2-8c1e-11e5-8272-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c1dfb9dc-1c59-11e5-91d8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c1dfb9f1-1c59-11e5-91d8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c5df21dc-f09b-11e5-9ef4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c5df21f0-f09b-11e5-9ef4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c7c530dd-3718-11e5-947b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c7c530f0-3718-11e5-947b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c9c49f60-3520-11e5-92c6-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ca9ba85c-8fcb-11e5-9473-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ca9ba870-8fcb-11e5-9473-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ce2d305d-8fc7-11e5-8ebe-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ce2d3070-8fc7-11e5-8ebe-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d0f169dd-b0cb-11e5-9c84-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d0f169f0-b0cb-11e5-9c84-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3679866-1c3e-11e5-87fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3679877-1c3e-11e5-87fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3b363f2-1c3d-11e5-94e4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3ea9a18-b327-11e2-860d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d479df5c-dd4b-11e4-94ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d479df70-dd4b-11e4-94ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d79fcf4d-6037-11e4-9887-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d79fcf84-6037-11e4-9887-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {db49d6ec-8cca-11e5-9430-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba116dd-f09c-11e5-a008-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba116f0-f09c-11e5-a008-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba5966b-eb41-11e2-a6b3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dfe1a15c-8c70-11e5-ae99-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dfe1a171-8c70-11e5-ae99-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e069c8dd-f0a4-11e5-a40b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e069c8f0-f0a4-11e5-a40b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e341424d-8c08-11e5-bf12-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e3ef256b-8fc8-11e5-b028-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e4b1da64-7cfc-11e2-9739-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e4b1da77-7cfc-11e2-9739-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e7f3e362-9f95-11e2-8814-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e7f3e376-9f95-11e2-8814-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e8bd065d-f09a-11e5-a150-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e8bd0670-f09a-11e5-a150-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e9c8bd5b-8bfa-11e5-95fb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e9c8bd6f-8bfa-11e5-95fb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eb0efd5c-b05e-11e4-9925-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eb0efd71-b05e-11e4-9925-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ec3f012b-a06c-11e2-8821-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eceb22dc-f09e-11e5-b260-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eceb22f1-f09e-11e5-b260-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eeeb426a-8cb6-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f64392dd-cffc-11e5-a2ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f64392f0-cffc-11e5-a2ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f7acfc52-9f74-11e5-a341-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f7acfc70-9f74-11e5-a341-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f9c28b73-9f73-11e5-b177-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {fc6fb16a-9f70-11e5-8c00-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {feef804d-1c48-11e5-94db-806e6f6e6963} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> G:\programmes\VLC Media Player\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 tbbLoaderService; "E:\Programmes\Bamdwidth Meter\tbbLoaderService.exe" [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2016-05-04 14:01 - 2016-05-04 14:01 - 00001395 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-04 14:01 - 2016-05-04 14:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-04 14:01 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-05-03 19:06 - 2016-05-04 14:06 - 00000000 ___DC C:\Program Files\Common Files\AV
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\TuneUp Software
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\AVG
2016-05-03 19:05 - 2016-05-03 19:05 - 00000000 __HDC C:\$AVG
2016-05-03 18:49 - 2016-05-04 19:33 - 00000000 ___DC C:\ProgramData\Avg
2016-05-03 18:49 - 2016-05-04 19:33 - 00000000 ___DC C:\Program Files (x86)\AVG
2016-05-03 18:46 - 2016-05-03 18:50 - 00000000 ___DC C:\Users\Ditch\AppData\Local\AvgSetupLog
2016-05-03 18:45 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Avg
2016-05-03 18:44 - 2016-05-04 00:22 - 00000000 ___DC C:\ProgramData\MFAData
2016-05-03 18:44 - 2016-05-03 18:44 - 00000000 ___DC C:\Users\Ditch\AppData\Local\MFAData
2016-05-03 18:44 - 2016-05-03 18:44 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Avg2015
AVG 2016 (Version: 16.0.4565 - AVG Technologies) Hidden
Task: {01CC914B-F8E7-4F78-908C-746F32A9E35E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {04CA2BE5-F9EA-4A95-9E27-1F9EA0DAF73A} - System32\Tasks\{02B780C8-9B38-466A-8FF0-CAC15F59300A} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\setup.exe" -c -runfromtemp -l0x0009 -removeonly /z"Uninstall"
Task: {4ADF4CD1-885F-4AA3-AA3F-06EB50EF2226} - System32\Tasks\{44CBFDCD-23C5-41AA-83BD-C8C0A6E4E655} => pcalua.exe -a C:\Users\Ditch\AppData\Local\Temp\Temp1_7659(1).zip\setup.exe
Task: {73FE6C5C-17D7-48FE-BA33-5686C1B1A6F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8B9E3015-0A0D-4875-9FDA-A20672209D97} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A5F29DC2-9B71-43CA-80B3-2733A92D0231} - System32\Tasks\{181E5F28-814F-4B6A-AC34-CC963D168CBA} => pcalua.exe -a D:\setup.exe -d D:\
Task: {AF87FCD5-A527-4C04-9679-1455313B8DED} - System32\Tasks\{A80C8E92-F0AE-4CD2-A775-30906D889584} => pcalua.exe -a D:\Reg\setup.exe -d D:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HOSTS:
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\FAHConsole => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ClearLogicStartUp => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004bbd5c-f0a2-11e5-9405-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{004bbd5c-f0a2-11e5-9405-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{004bbd71-f0a2-11e5-9405-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{004bbd71-f0a2-11e5-9405-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01d3dc68-b330-11e2-88ad-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{01d3dc68-b330-11e2-88ad-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{089e80dc-8cdb-11e5-a0a5-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{089e80dc-8cdb-11e5-a0a5-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{089e80f0-8cdb-11e5-a0a5-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{089e80f0-8cdb-11e5-a0a5-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09d027dc-f098-11e5-b613-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{09d027dc-f098-11e5-b613-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09d027f0-f098-11e5-b613-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{09d027f0-f098-11e5-b613-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f218e3-7cfc-11e2-9b7b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{09f218e3-7cfc-11e2-9b7b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09f218f7-7cfc-11e2-9b7b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{09f218f7-7cfc-11e2-9b7b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a82fde3-9f90-11e2-9a64-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0a82fde3-9f90-11e2-9a64-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a82fdf6-9f90-11e2-9a64-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0a82fdf6-9f90-11e2-9a64-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd5365d-8c21-11e5-b26c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0bd5365d-8c21-11e5-b26c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bd53670-8c21-11e5-b26c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0bd53670-8c21-11e5-b26c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bf6e5dc-4e14-11e4-a8fc-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0bf6e5dc-4e14-11e4-a8fc-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0bf6e5ff-4e14-11e4-a8fc-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0bf6e5ff-4e14-11e4-a8fc-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c09a6e4-7cff-11e2-893c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0c09a6e4-7cff-11e2-893c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c09a6f7-7cff-11e2-893c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0c09a6f7-7cff-11e2-893c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ca5b0db-8c91-11e5-9567-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0ca5b0db-8c91-11e5-9567-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ca5b0ef-8c91-11e5-9567-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0ca5b0ef-8c91-11e5-9567-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0f5bdc-1c59-11e5-934d-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0f0f5bdc-1c59-11e5-934d-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f0f5bf0-1c59-11e5-934d-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{0f0f5bf0-1c59-11e5-934d-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1017d15c-f0a3-11e5-8f53-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{1017d15c-f0a3-11e5-8f53-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1017d170-f0a3-11e5-8f53-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{1017d170-f0a3-11e5-8f53-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{11f8e2f5-3716-11e5-9259-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{11f8e2f5-3716-11e5-9259-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{138907ec-fa51-11e4-97c3-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{138907ec-fa51-11e4-97c3-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14838edb-8fca-11e5-93e4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{14838edb-8fca-11e5-93e4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17f4cfdb-8bf0-11e5-a1a5-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{17f4cfdb-8bf0-11e5-a1a5-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17f4cfef-8bf0-11e5-a1a5-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{17f4cfef-8bf0-11e5-a1a5-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b986cd-3718-11e5-87d9-806e6f6e6963} => key not found.
HKCR\CLSID\{19b986cd-3718-11e5-87d9-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19b98704-3718-11e5-87d9-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{19b98704-3718-11e5-87d9-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b8f535c-8bfe-11e5-b11c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{1b8f535c-8bfe-11e5-b11c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b8f5371-8bfe-11e5-b11c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{1b8f5371-8bfe-11e5-b11c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c38e14d-8c20-11e5-b22a-806e6f6e6963} => key not found.
HKCR\CLSID\{1c38e14d-8c20-11e5-b22a-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c38e181-8c20-11e5-b22a-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{1c38e181-8c20-11e5-b22a-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ef0595b-8fc7-11e5-9286-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{1ef0595b-8fc7-11e5-9286-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ef0596f-8fc7-11e5-9286-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{1ef0596f-8fc7-11e5-9286-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{213877f0-8c96-11e5-93ed-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{213877f0-8c96-11e5-93ed-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2343ee5d-371a-11e5-a370-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{2343ee5d-371a-11e5-a370-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2343ee70-371a-11e5-a370-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{2343ee70-371a-11e5-a370-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{243956db-8c09-11e5-9623-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{243956db-8c09-11e5-9623-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{243956f0-8c09-11e5-9623-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{243956f0-8c09-11e5-9623-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24395714-8c09-11e5-9623-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{24395714-8c09-11e5-9623-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{269c9472-9fbc-11e2-9b61-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{269c9472-9fbc-11e2-9b61-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27e329dc-8fcb-11e5-94e2-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{27e329dc-8fcb-11e5-94e2-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27e329f0-8fcb-11e5-94e2-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{27e329f0-8fcb-11e5-94e2-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{291c6b5d-fd8a-11e4-8627-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{291c6b5d-fd8a-11e4-8627-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{291c6b70-fd8a-11e4-8627-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{291c6b70-fd8a-11e4-8627-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a17525c-8c72-11e5-94f4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{2a17525c-8c72-11e5-94f4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a175270-8c72-11e5-94f4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{2a175270-8c72-11e5-94f4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ac8cdec-8c0b-11e5-a453-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{2ac8cdec-8c0b-11e5-a453-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3231d35c-fa3e-11e4-8970-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{3231d35c-fa3e-11e4-8970-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3231d370-fa3e-11e4-8970-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{3231d370-fa3e-11e4-8970-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3231d39e-fa3e-11e4-8970-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{3231d39e-fa3e-11e4-8970-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{32d62e14-e66c-11e3-a5af-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{32d62e14-e66c-11e3-a5af-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33978fdc-9f7c-11e5-9fd2-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{33978fdc-9f7c-11e5-9fd2-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33978ff0-9f7c-11e5-9fd2-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{33978ff0-9f7c-11e5-9fd2-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{366fa3bb-36b3-11e5-9464-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{366fa3bb-36b3-11e5-9464-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3be80860-eb41-11e2-a71a-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{3be80860-eb41-11e2-a71a-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d300163-8088-11e2-896b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{3d300163-8088-11e2-896b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d300177-8088-11e2-896b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{3d300177-8088-11e2-896b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{409bc8db-8cc7-11e5-b2c6-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{409bc8db-8cc7-11e5-b2c6-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{409bc8ef-8cc7-11e5-b2c6-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{409bc8ef-8cc7-11e5-b2c6-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40f28ee9-8cdc-11e5-9436-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{40f28ee9-8cdc-11e5-9436-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{414c15cd-9f7a-11e5-a010-806e6f6e6963} => key not found.
HKCR\CLSID\{414c15cd-9f7a-11e5-a010-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{414c1601-9f7a-11e5-a010-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{414c1601-9f7a-11e5-a010-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437b1bdd-1c49-11e5-9562-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{437b1bdd-1c49-11e5-9562-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{437b1bef-1c49-11e5-9562-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{437b1bef-1c49-11e5-9562-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44444573-8cf1-11e5-b029-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{44444573-8cf1-11e5-b029-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ee63e8-3ed8-11e5-934b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{44ee63e8-3ed8-11e5-934b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44ee63fc-3ed8-11e5-934b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{44ee63fc-3ed8-11e5-934b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47f48beb-75dc-11e2-b29f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{47f48beb-75dc-11e2-b29f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47f48d3c-75dc-11e2-b29f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{47f48d3c-75dc-11e2-b29f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47fb23ce-4b52-11e4-86c9-806e6f6e6963} => key not found.
HKCR\CLSID\{47fb23ce-4b52-11e4-86c9-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47fb2416-4b52-11e4-86c9-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{47fb2416-4b52-11e4-86c9-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a3f069-51d6-11e5-9fc6-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{49a3f069-51d6-11e5-9fc6-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49a3f07b-51d6-11e5-9fc6-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{49a3f07b-51d6-11e5-9fc6-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cf28ccd-1c25-11e5-940d-806e6f6e6963} => key not found.
HKCR\CLSID\{4cf28ccd-1c25-11e5-940d-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4cf28d04-1c25-11e5-940d-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{4cf28d04-1c25-11e5-940d-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb1d1f2-9f73-11e5-a454-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{4eb1d1f2-9f73-11e5-a454-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52b134ce-8bfd-11e5-b205-806e6f6e6963} => key not found.
HKCR\CLSID\{52b134ce-8bfd-11e5-b205-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52b13501-8bfd-11e5-b205-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{52b13501-8bfd-11e5-b205-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53999d64-2da8-11e5-9305-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{53999d64-2da8-11e5-9305-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53999d77-2da8-11e5-9305-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{53999d77-2da8-11e5-9305-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{598b77db-8bfc-11e5-9777-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{598b77db-8bfc-11e5-9777-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{598b77ef-8bfc-11e5-9777-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{598b77ef-8bfc-11e5-9777-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5c19ca69-8ced-11e5-b271-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{5c19ca69-8ced-11e5-b271-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ce8605e-1aaf-11e5-91c2-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{5ce8605e-1aaf-11e5-91c2-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ce86071-1aaf-11e5-91c2-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{5ce86071-1aaf-11e5-91c2-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60eb3ee2-9f86-11e2-88d5-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{60eb3ee2-9f86-11e2-88d5-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{60eb3ef6-9f86-11e2-88d5-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{60eb3ef6-9f86-11e2-88d5-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{618ecfe2-9f9c-11e2-873e-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{618ecfe2-9f9c-11e2-873e-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{618ecff6-9f9c-11e2-873e-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{618ecff6-9f9c-11e2-873e-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63441cdc-1c14-11e5-b39e-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{63441cdc-1c14-11e5-b39e-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63441cf0-1c14-11e5-b39e-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{63441cf0-1c14-11e5-b39e-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64b54f62-f097-11e5-b135-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{64b54f62-f097-11e5-b135-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64b54f76-f097-11e5-b135-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{64b54f76-f097-11e5-b135-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69601edd-f0fc-11e5-92f3-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{69601edd-f0fc-11e5-92f3-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69601ef2-f0fc-11e5-92f3-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{69601ef2-f0fc-11e5-92f3-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e06595c-8c6a-11e5-94e3-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6e06595c-8c6a-11e5-94e3-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e06596f-8c6a-11e5-94e3-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6e06596f-8c6a-11e5-94e3-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e820ce9-8cc9-11e5-953f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6e820ce9-8cc9-11e5-953f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e820d0a-8cc9-11e5-953f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6e820d0a-8cc9-11e5-953f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ec1de5d-8cb0-11e5-94ff-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6ec1de5d-8cb0-11e5-94ff-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ec1de71-8cb0-11e5-94ff-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6ec1de71-8cb0-11e5-94ff-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fc4f354-9f70-11e5-bdb0-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6fc4f354-9f70-11e5-bdb0-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fc4f379-9f70-11e5-bdb0-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{6fc4f379-9f70-11e5-bdb0-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70e5aedc-8fc8-11e5-af77-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{70e5aedc-8fc8-11e5-af77-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74738777-f1ae-11e5-92f6-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{74738777-f1ae-11e5-92f6-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74ac41ef-4b4c-11e4-85b0-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{74ac41ef-4b4c-11e4-85b0-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{774803e1-f624-11e2-94d9-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{774803e1-f624-11e2-94d9-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77dd6163-9f85-11e2-b2c9-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{77dd6163-9f85-11e2-b2c9-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7db6d25b-8fc9-11e5-a1bf-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{7db6d25b-8fc9-11e5-a1bf-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7db6d26f-8fc9-11e5-a1bf-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{7db6d26f-8fc9-11e5-a1bf-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8044b0db-8bf2-11e5-b251-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8044b0db-8bf2-11e5-b251-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8044b0ef-8bf2-11e5-b251-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8044b0ef-8bf2-11e5-b251-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81c6a6e9-8bfb-11e5-a2c0-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{81c6a6e9-8bfb-11e5-a2c0-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82edc9dc-3719-11e5-b382-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{82edc9dc-3719-11e5-b382-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82edc9f0-3719-11e5-b382-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{82edc9f0-3719-11e5-b382-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{885800cd-9fb2-11e2-8605-806e6f6e6963} => key not found.
HKCR\CLSID\{885800cd-9fb2-11e2-8605-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8858010a-9fb2-11e2-8605-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8858010a-9fb2-11e2-8605-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8858012e-9fb2-11e2-8605-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8858012e-9fb2-11e2-8605-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88be326b-8fca-11e5-b25b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{88be326b-8fca-11e5-b25b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b1449f0-8cb5-11e5-94a3-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8b1449f0-8cb5-11e5-94a3-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b67795c-b098-11e5-b185-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8b67795c-b098-11e5-b185-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b677970-b098-11e5-b185-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8b677970-b098-11e5-b185-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c79a2cd-1c3e-11e5-95e2-806e6f6e6963} => key not found.
HKCR\CLSID\{8c79a2cd-1c3e-11e5-95e2-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ddf2368-9f71-11e5-af29-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8ddf2368-9f71-11e5-af29-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ddf237a-9f71-11e5-af29-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{8ddf237a-9f71-11e5-af29-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946bd95b-8cea-11e5-946f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{946bd95b-8cea-11e5-946f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946bd96f-8cea-11e5-946f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{946bd96f-8cea-11e5-946f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971cbfce-9f72-11e5-b0a4-806e6f6e6963} => key not found.
HKCR\CLSID\{971cbfce-9f72-11e5-b0a4-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971cc002-9f72-11e5-b0a4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{971cc002-9f72-11e5-b0a4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9805c4f2-b0cc-11e5-8feb-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9805c4f2-b0cc-11e5-8feb-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ce1e85d-8bf4-11e5-a1bc-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9ce1e85d-8bf4-11e5-a1bc-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ce1e870-8bf4-11e5-a1bc-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9ce1e870-8bf4-11e5-a1bc-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e5de14d-8bf1-11e5-954e-806e6f6e6963} => key not found.
HKCR\CLSID\{9e5de14d-8bf1-11e5-954e-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e5de181-8bf1-11e5-954e-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9e5de181-8bf1-11e5-954e-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f87754e-1c34-11e5-90b8-806e6f6e6963} => key not found.
HKCR\CLSID\{9f87754e-1c34-11e5-90b8-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f877582-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9f877582-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f877592-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9f877592-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f87759b-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9f87759b-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f8775b6-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9f8775b6-1c34-11e5-90b8-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f960adb-8bff-11e5-b21d-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9f960adb-8bff-11e5-b21d-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9f960aef-8bff-11e5-b21d-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{9f960aef-8bff-11e5-b21d-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a00f904d-9f76-11e5-afba-806e6f6e6963} => key not found.
HKCR\CLSID\{a00f904d-9f76-11e5-afba-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a00f9083-9f76-11e5-afba-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{a00f9083-9f76-11e5-afba-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6513cdc-9f75-11e5-92ed-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{a6513cdc-9f75-11e5-92ed-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6513cf0-9f75-11e5-92ed-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{a6513cf0-9f75-11e5-92ed-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa76615c-5953-11e4-a7d4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{aa76615c-5953-11e4-a7d4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa766171-5953-11e4-a7d4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{aa766171-5953-11e4-a7d4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae438db-8bf5-11e5-a18c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{aae438db-8bf5-11e5-a18c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aae438ef-8bf5-11e5-a18c-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{aae438ef-8bf5-11e5-a18c-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abbc35dd-4bc0-11e4-9859-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{abbc35dd-4bc0-11e4-9859-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abbc35f1-4bc0-11e4-9859-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{abbc35f1-4bc0-11e4-9859-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{adbdf0e4-3481-11e5-90a9-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{adbdf0e4-3481-11e5-90a9-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae099cdc-f09f-11e5-b0ae-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{ae099cdc-f09f-11e5-b0ae-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae099cf0-f09f-11e5-b0ae-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{ae099cf0-f09f-11e5-b0ae-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b078bc5d-1c1d-11e5-8618-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{b078bc5d-1c1d-11e5-8618-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b078bc70-1c1d-11e5-8618-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{b078bc70-1c1d-11e5-8618-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b55003cd-8bf0-11e5-b189-806e6f6e6963} => key not found.
HKCR\CLSID\{b55003cd-8bf0-11e5-b189-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5500403-8bf0-11e5-b189-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{b5500403-8bf0-11e5-b189-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9650c5d-9f77-11e5-9f7f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{b9650c5d-9f77-11e5-9f7f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9650c70-9f77-11e5-9f7f-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{b9650c70-9f77-11e5-9f7f-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bba99715-a069-11e2-90e2-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{bba99715-a069-11e2-90e2-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfa7e1ea-1f42-11e3-9195-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{bfa7e1ea-1f42-11e3-9195-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bfa7e1fb-1f42-11e3-9195-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{bfa7e1fb-1f42-11e3-9195-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0ba23db-8c1e-11e5-8272-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c0ba23db-8c1e-11e5-8272-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0ba23f2-8c1e-11e5-8272-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c0ba23f2-8c1e-11e5-8272-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1dfb9dc-1c59-11e5-91d8-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c1dfb9dc-1c59-11e5-91d8-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1dfb9f1-1c59-11e5-91d8-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c1dfb9f1-1c59-11e5-91d8-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5df21dc-f09b-11e5-9ef4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c5df21dc-f09b-11e5-9ef4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5df21f0-f09b-11e5-9ef4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c5df21f0-f09b-11e5-9ef4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c530dd-3718-11e5-947b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c7c530dd-3718-11e5-947b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7c530f0-3718-11e5-947b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c7c530f0-3718-11e5-947b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9c49f60-3520-11e5-92c6-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{c9c49f60-3520-11e5-92c6-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca9ba85c-8fcb-11e5-9473-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{ca9ba85c-8fcb-11e5-9473-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ca9ba870-8fcb-11e5-9473-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{ca9ba870-8fcb-11e5-9473-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce2d305d-8fc7-11e5-8ebe-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{ce2d305d-8fc7-11e5-8ebe-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce2d3070-8fc7-11e5-8ebe-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{ce2d3070-8fc7-11e5-8ebe-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0f169dd-b0cb-11e5-9c84-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d0f169dd-b0cb-11e5-9c84-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0f169f0-b0cb-11e5-9c84-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d0f169f0-b0cb-11e5-9c84-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3679866-1c3e-11e5-87fc-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d3679866-1c3e-11e5-87fc-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3679877-1c3e-11e5-87fc-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d3679877-1c3e-11e5-87fc-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b363f2-1c3d-11e5-94e4-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d3b363f2-1c3d-11e5-94e4-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ea9a18-b327-11e2-860d-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d3ea9a18-b327-11e2-860d-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d479df5c-dd4b-11e4-94ed-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d479df5c-dd4b-11e4-94ed-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d479df70-dd4b-11e4-94ed-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d479df70-dd4b-11e4-94ed-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d79fcf4d-6037-11e4-9887-806e6f6e6963} => key not found.
HKCR\CLSID\{d79fcf4d-6037-11e4-9887-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d79fcf84-6037-11e4-9887-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{d79fcf84-6037-11e4-9887-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db49d6ec-8cca-11e5-9430-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{db49d6ec-8cca-11e5-9430-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba116dd-f09c-11e5-a008-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{dba116dd-f09c-11e5-a008-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba116f0-f09c-11e5-a008-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{dba116f0-f09c-11e5-a008-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba5966b-eb41-11e2-a6b3-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{dba5966b-eb41-11e2-a6b3-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfe1a15c-8c70-11e5-ae99-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{dfe1a15c-8c70-11e5-ae99-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfe1a171-8c70-11e5-ae99-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{dfe1a171-8c70-11e5-ae99-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e069c8dd-f0a4-11e5-a40b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e069c8dd-f0a4-11e5-a40b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e069c8f0-f0a4-11e5-a40b-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e069c8f0-f0a4-11e5-a40b-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e341424d-8c08-11e5-bf12-806e6f6e6963} => key not found.
HKCR\CLSID\{e341424d-8c08-11e5-bf12-806e6f6e6963} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e3ef256b-8fc8-11e5-b028-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e3ef256b-8fc8-11e5-b028-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4b1da64-7cfc-11e2-9739-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e4b1da64-7cfc-11e2-9739-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4b1da77-7cfc-11e2-9739-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e4b1da77-7cfc-11e2-9739-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f3e362-9f95-11e2-8814-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e7f3e362-9f95-11e2-8814-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f3e376-9f95-11e2-8814-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e7f3e376-9f95-11e2-8814-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8bd065d-f09a-11e5-a150-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e8bd065d-f09a-11e5-a150-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8bd0670-f09a-11e5-a150-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e8bd0670-f09a-11e5-a150-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9c8bd5b-8bfa-11e5-95fb-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e9c8bd5b-8bfa-11e5-95fb-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9c8bd6f-8bfa-11e5-95fb-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{e9c8bd6f-8bfa-11e5-95fb-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb0efd5c-b05e-11e4-9925-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{eb0efd5c-b05e-11e4-9925-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb0efd71-b05e-11e4-9925-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{eb0efd71-b05e-11e4-9925-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ec3f012b-a06c-11e2-8821-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{ec3f012b-a06c-11e2-8821-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eceb22dc-f09e-11e5-b260-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{eceb22dc-f09e-11e5-b260-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eceb22f1-f09e-11e5-b260-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{eceb22f1-f09e-11e5-b260-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eeeb426a-8cb6-11e5-b251-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{eeeb426a-8cb6-11e5-b251-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f64392dd-cffc-11e5-a2ed-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{f64392dd-cffc-11e5-a2ed-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f64392f0-cffc-11e5-a2ed-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{f64392f0-cffc-11e5-a2ed-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7acfc52-9f74-11e5-a341-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{f7acfc52-9f74-11e5-a341-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7acfc70-9f74-11e5-a341-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{f7acfc70-9f74-11e5-a341-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f9c28b73-9f73-11e5-b177-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{f9c28b73-9f73-11e5-b177-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc6fb16a-9f70-11e5-8c00-d43d7e4d2a3e} => key not found.
HKCR\CLSID\{fc6fb16a-9f70-11e5-8c00-d43d7e4d2a3e} => key not found.
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{feef804d-1c48-11e5-94db-806e6f6e6963} => key not found.
HKCR\CLSID\{feef804d-1c48-11e5-94db-806e6f6e6963} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => key not found.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => key not found.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => key not found.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => key not found.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key not found.
HKCR\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key not found.
HKCR\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.5 => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5 => key not found.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\[email protected] => value not found.
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
tbbLoaderService => service not found.
BTCFilterService => service not found.
hwusbfake => service not found.
motccgp => service not found.
motccgpfl => service not found.
motmodem => service not found.
MotoSwitchService => service not found.
Motousbnet => service not found.
motusbdevice => service not found.
MSICDSetup => service not found.
NTIOLib_1_0_C => service not found.
VGPU => service not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => not found.
"C:\Windows\system32\sdnclean64.exe" => not found.
"C:\Program Files\Common Files\AV" => not found.
"C:\Users\Ditch\AppData\Roaming\TuneUp Software" => not found.
"C:\Users\Ditch\AppData\Roaming\AVG" => not found.
"C:\$AVG" => not found.
"C:\ProgramData\Avg" => not found.
"C:\Program Files (x86)\AVG" => not found.
"C:\Users\Ditch\AppData\Local\AvgSetupLog" => not found.
"C:\Users\Ditch\AppData\Local\Avg" => not found.
"C:\ProgramData\MFAData" => not found.
"C:\Users\Ditch\AppData\Local\MFAData" => not found.
"C:\Users\Ditch\AppData\Local\Avg2015" => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01CC914B-F8E7-4F78-908C-746F32A9E35E} => key not found.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CA2BE5-F9EA-4A95-9E27-1F9EA0DAF73A} => key not found.
C:\Windows\System32\Tasks\{02B780C8-9B38-466A-8FF0-CAC15F59300A} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{02B780C8-9B38-466A-8FF0-CAC15F59300A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADF4CD1-885F-4AA3-AA3F-06EB50EF2226} => key not found.
C:\Windows\System32\Tasks\{44CBFDCD-23C5-41AA-83BD-C8C0A6E4E655} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44CBFDCD-23C5-41AA-83BD-C8C0A6E4E655} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73FE6C5C-17D7-48FE-BA33-5686C1B1A6F7} => key not found.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B9E3015-0A0D-4875-9FDA-A20672209D97} => key not found.
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5F29DC2-9B71-43CA-80B3-2733A92D0231} => key not found.
C:\Windows\System32\Tasks\{181E5F28-814F-4B6A-AC34-CC963D168CBA} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{181E5F28-814F-4B6A-AC34-CC963D168CBA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF87FCD5-A527-4C04-9679-1455313B8DED} => key not found.
C:\Windows\System32\Tasks\{A80C8E92-F0AE-4CD2-A775-30906D889584} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A80C8E92-F0AE-4CD2-A775-30906D889584} => key not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

==== End of Fixlog 22:06:45 ====


Edited by Ditch, 30 May 2016 - 03:18 PM.

  • 0

#6
Ditch
Posted 30 May 2016 - 03:22 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Ditch (administrator) on DITCH-PC (30-05-2016 22:19:18)
Running from C:\Users\Ditch\Desktop
Loaded Profiles: Ditch (Available Profiles: Ditch)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(SanDisk Corporation) C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [zzzHPSETUP] => D:\Setup.exe
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [SansaDispatch] => C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-09-09] (SanDisk Corporation)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-08-31]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{2C586D8C-2F76-49E5-A070-09039B4A14A7}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{33535650-5A6B-44CB-86B4-3821687D3F27}: [DhcpNameServer] 192.168.100.200
Tcpip\..\Interfaces\{C2E58559-B900-4F0C-847D-6513405E9190}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1600889185-3656679571-3126259524-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ditch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Extension: British English Dictionary (Marco Pinto) - C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294\Extensions\[email protected] [2016-05-30]
FF Extension: Adblock Plus - C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-29]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-12-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [216576 2009-09-04] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-24] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2013-04-18] (microOLAP Technologies LTD)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-24] (IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-24] (IBM Corp.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-30 22:19 - 2016-05-30 22:19 - 00011883 ____C C:\Users\Ditch\Desktop\FRST.txt
2016-05-30 20:59 - 2016-05-30 21:06 - 00000000 ___DC C:\AVG_Remover
2016-05-29 21:18 - 2016-05-30 22:19 - 00000000 ___DC C:\FRST
2016-05-29 21:16 - 2016-05-29 21:16 - 02383872 ____C (Farbar) C:\Users\Ditch\Desktop\FRST64.exe
2016-05-29 01:22 - 2016-05-30 21:23 - 00000000 ___DC C:\Users\Ditch\Desktop\Post Back Up
2016-05-28 19:30 - 2016-05-28 19:30 - 00122880 __SHC C:\Users\Ditch\Thumbs.db
2016-05-25 14:02 - 2016-05-25 14:33 - 00323406 ____C C:\Windows\ntbtlog.txt
2016-05-05 02:49 - 2016-05-05 02:49 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Avira
2016-05-05 02:47 - 2016-04-04 17:07 - 00154816 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00141920 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00079696 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00028600 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-05-05 02:14 - 2016-05-25 16:48 - 00000000 ___DC C:\ProgramData\Package Cache
2016-05-05 02:14 - 2016-05-25 16:47 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\ProgramData\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\Program Files (x86)\Avira
2016-05-04 14:39 - 2009-06-10 22:00 - 00000824 ____C C:\Windows\system32\Drivers\etc\hosts.20160504-143956.backup
2016-05-03 18:10 - 2016-05-04 00:21 - 00000000 ___DC C:\Program Files\CCleaner
2016-05-03 18:10 - 2016-05-03 18:10 - 00002790 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-30 21:24 - 2016-03-25 22:53 - 01840640 __SHC C:\Users\Ditch\Desktop\Thumbs.db
2016-05-30 21:17 - 2009-07-14 06:13 - 00782470 ____C C:\Windows\system32\PerfStringBackup.INI
2016-05-30 21:17 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-30 21:17 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-30 21:17 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\inf
2016-05-30 21:10 - 2009-07-14 06:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-05-30 17:54 - 2013-04-08 16:49 - 00000000 ___DC C:\Windows\system32\appmgmt
2016-05-29 18:47 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\NDF
2016-05-28 19:30 - 2013-02-05 19:48 - 00000000 ___DC C:\Users\Ditch
2016-05-28 03:21 - 2013-06-02 13:12 - 00000000 __RDC C:\Users\Ditch\Desktop\Desk Top
2016-05-25 14:24 - 2014-07-12 14:09 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 16:55 - 2015-06-08 13:31 - 00215560 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-05-24 16:55 - 2013-06-22 14:20 - 00470056 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-05-13 04:16 - 2013-02-13 15:27 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 04:16 - 2013-02-13 15:27 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 04:16 - 2013-02-13 15:27 - 00003768 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-10 22:36 - 2013-11-30 10:06 - 00003894 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 22:36 - 2013-11-30 10:06 - 00003642 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 17:44 - 2015-05-18 17:09 - 00001188 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-05-06 17:44 - 2015-05-18 17:09 - 00000000 ___DC C:\Program Files\paint.net
2016-05-06 17:34 - 2013-03-03 23:47 - 00766336 ____C C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-04 14:28 - 2015-05-22 03:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2016-05-04 14:23 - 2015-05-22 03:21 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-04 02:05 - 2015-05-17 21:01 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 00:38 - 2016-04-27 02:58 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-05-04 00:38 - 2015-05-17 21:01 - 00001163 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-04 00:36 - 2013-02-05 19:52 - 00000000 ___DC C:\Users\Ditch\AppData\Local\ElevatedDiagnostics
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Sidebar
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Photo Viewer
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Defender
2016-05-04 00:25 - 2013-02-21 23:17 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Easy Thumbnails
2016-05-04 00:24 - 2016-03-24 13:17 - 00000000 ___DC C:\ProgramData\MobileBrServ
2016-05-04 00:24 - 2014-11-17 20:19 - 00000000 ___DC C:\Program Files\File Association Helper
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\registration
2016-05-04 00:23 - 2013-02-13 15:27 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\WCN
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\slmgr
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\WCN
2016-05-04 00:23 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\system32\WinBioPlugIns
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Web
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Vss
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\MUI
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Msdtc
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\migwiz
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\InstallShield
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\IME
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Dism
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\com
2016-05-04 00:22 - 2016-01-21 14:53 - 00000000 ___DC C:\Users\Public\Foxit Software
2016-05-04 00:22 - 2015-05-17 18:23 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Chromium
2016-05-04 00:22 - 2015-05-17 18:08 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\RecLib
2016-05-04 00:22 - 2014-07-23 18:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ezr8
2016-05-04 00:22 - 2014-05-28 16:10 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Motorola
2016-05-04 00:22 - 2014-05-26 20:41 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Freelang
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\LocalLow\Unity
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Unity
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ancestry.com
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2016-05-04 00:22 - 2014-03-19 16:03 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Thunderbird
2016-05-04 00:22 - 2013-11-29 13:05 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\AnvSoft
2016-05-04 00:22 - 2013-09-09 16:39 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2016-05-04 00:22 - 2013-09-09 16:38 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\SanDisk
2016-05-04 00:22 - 2013-08-03 14:25 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Amazon
2016-05-04 00:22 - 2013-07-04 17:56 - 00000000 ___DC C:\Users\Ditch\Documents\Fax
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default User\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-23 18:46 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Dropbox
2016-05-04 00:22 - 2013-06-22 14:20 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-01 18:33 - 00000000 ___DC C:\programmes
2016-05-04 00:22 - 2013-04-04 19:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Downloaded Installations
2016-05-04 00:22 - 2013-03-30 20:40 - 00000000 ___DC C:\Users\Ditch\AppData\Local\PMH
2016-05-04 00:22 - 2013-03-30 20:37 - 00000000 __HDC C:\ProgramData\CanonBJ
2016-05-04 00:22 - 2013-03-18 23:44 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Foxit Software
2016-05-04 00:22 - 2013-02-13 15:26 - 00000000 ___DC C:\Windows\system32\Macromed
2016-05-04 00:22 - 2013-02-13 14:07 - 00000000 ___DC C:\ProgramData\Yahoo!
2016-05-04 00:22 - 2013-02-13 13:58 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Adobe
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Mozilla
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Mozilla
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\slmgr
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\Printing_Admin_Scripts
2016-05-04 00:22 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\Performance
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\Setup
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\ServiceProfiles
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 _RSDC C:\Windows\Media
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\sysprep
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\spool
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\SMI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\oobe
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\MUI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Msdtc
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\migwiz
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Dism
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\com
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\security
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\schemas
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Resources
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PLA
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Help
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Globalization
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Branding
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\AppCompat
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-05-04 00:21 - 2016-03-23 14:40 - 00000000 ___DC C:\Program Files (x86)\Huawei Modems
2016-05-04 00:21 - 2015-07-12 00:37 - 00000000 ___DC C:\Program Files (x86)\Amazon
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2016-05-04 00:21 - 2015-05-22 03:03 - 00000000 ___DC C:\AdwCleaner
2016-05-04 00:21 - 2014-04-17 15:31 - 00000000 ___DC C:\Program Files (x86)\Family Tree Maker 2011
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Windows Media Components
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Microsoft WSE
2016-05-04 00:21 - 2014-04-17 14:10 - 00000000 ___DC C:\Program Files (x86)\BCL Technologies
2016-05-04 00:21 - 2014-04-07 16:10 - 00000000 ___DC C:\Program Files (x86)\FOXIT SOFTWARE
2016-05-04 00:21 - 2014-03-20 14:33 - 00000000 ___DC C:\Program Files (x86)\APC
2016-05-04 00:21 - 2013-11-30 10:05 - 00000000 ___DC C:\Program Files (x86)\Google
2016-05-04 00:21 - 2013-07-10 12:47 - 00000000 ___DC C:\Program Files (x86)\Huawei technologies
2016-05-04 00:21 - 2013-06-22 14:19 - 00000000 ___DC C:\Program Files (x86)\Trusteer
2016-05-04 00:21 - 2013-03-05 04:17 - 00000000 ___DC C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Windows Live
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-05-04 00:21 - 2013-02-13 14:07 - 00000000 ___DC C:\Program Files (x86)\Yahoo!
2016-05-04 00:21 - 2013-02-05 19:58 - 00000000 ___DC C:\Program Files\Realtek
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 ___DC C:\Program Files (x86)\Realtek
2016-05-04 00:21 - 2013-02-05 19:55 - 00000000 ___DC C:\Program Files\Common Files\Intel
2016-05-04 00:21 - 2013-02-05 19:53 - 00000000 ___DC C:\Program Files (x86)\Intel
2016-05-04 00:21 - 2010-11-21 08:16 - 00000000 ___DC C:\Program Files\Windows Journal
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\MSBuild
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Microsoft Games
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\DVD Maker
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Sidebar
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Photo Viewer
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Windows NT
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\System
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\SpeechEngines
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files (x86)\Windows NT
2016-05-03 18:12 - 2015-06-14 00:33 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\MPC-HC
2016-05-03 18:12 - 2013-03-03 23:23 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Media Player Classic
2016-05-03 18:12 - 2013-02-06 03:43 - 00000000 ___DC C:\Windows\Panther
2016-05-03 18:12 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\ModemLogs

==================== Files in the root of some directories =======

2015-07-06 16:09 - 2015-07-06 16:09 - 0006144 ____C () C:\Users\Ditch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Ditch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 13:57

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Ditch (2016-05-30 22:19:39)
Running from C:\Users\Ditch\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-02-05 18:48:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1600889185-3656679571-3126259524-500 - Administrator - Disabled)
Ditch (S-1-5-21-1600889185-3656679571-3126259524-1000 - Administrator - Enabled) => C:\Users\Ditch
Guest (S-1-5-21-1600889185-3656679571-3126259524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1600889185-3656679571-3126259524-1003 - Limited - Enabled)
New account (S-1-5-21-1600889185-3656679571-3126259524-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
APC PowerChute Personal Edition 3.0 (HKLM-x32\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Awesomium.NET Redistribution Module (x32 Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Family Tree Maker 2010 (HKLM-x32\...\Family Tree Maker 2010) (Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.376 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.376 - Ancestry.com) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.00.21 - Huawei Technologies Co.,Ltd)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-GB)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
tbbMeter Loader Service (HKLM-x32\...\{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}) (Version: 1.0.0 - thinkbroadband.com)
Unity Web Player (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B932F7-D744-463E-B9C7-C7FF88A0F9CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {280BD6CF-1463-4664-81A1-4FCFA91AB7D8} - System32\Tasks\{5A87B4E4-0B17-49E5-ABD4-C378584203C2} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {5494BE96-C865-4307-AC83-58C47F22DE36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {65763892-931D-4A8D-B9DE-C1B349B464AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9C2FA8EE-38C3-4874-B888-C776849C40B6} - System32\Tasks\{92941F7C-D841-4778-9D5F-D9BBE72180CB} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {B16BDE49-E6DB-4FD3-9EA2-7041CF35E511} - System32\Tasks\{9DCFE29F-6BA5-40E0-82EB-0B686B1532F3} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe"
Task: {F8BA87EF-9EC6-4386-A01C-09862C1A5D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-24 13:17 - 2014-11-20 09:48 - 00242264 ____C () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-05-04 14:01 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.

IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-05-04 14:39 - 00452288 ____C C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15518 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86472CA0-D35C-47A6-AB62-EF3B97AB307D}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{22520538-16FD-43CC-BDBB-9B854D3FE174}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{3EBECDEB-2097-4112-9004-0C3E30740819}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{61B43AC4-1F3C-465F-9928-947BD744D168}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{00063C30-0ACE-4AA3-BB8E-594F5F332533}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{3DE09D31-BDD1-4E5F-8C18-D5D05573B5FE}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{7314E4FA-9BA9-45BF-B7A1-6465DFB07357}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{2943861C-19FE-4041-BD0C-CAA271A4DE90}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{86417CB2-3D69-47CC-A157-2E40E38BF140}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB68F1AA-E74B-4560-9B19-A2090638664A}] => (Allow) LPort=2869
FirewallRules: [{92520CCC-DE9F-4138-99AC-4950A7041764}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2666C8BD-B917-4FCA-8E5F-C024D8FAD4BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{38E72EB0-B5F3-45D5-924E-47D9CD112CEE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B251A538-60C0-4303-895A-3D533F67E8F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A58AA8E-FFB0-45DD-A1EF-5E2FE8DE4794}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC923D67-5DEB-4A45-B0AF-5C4FE97FB1E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{169D3FC1-981D-4AC0-A728-6391AD008250}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F44E50A1-73D7-4A11-8BA8-CF03586F0756}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6E905761-8540-494B-856F-243F4143067C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-05-2016 18:54:24 Installed Rapport
30-05-2016 17:54:08 Removed tbbMeter Loader Service
30-05-2016 17:57:08 Removed tbbMeter Loader Service
30-05-2016 17:57:41 Removed tbbMeter Loader Service
30-05-2016 18:06:57 Removed Rapport

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2016 09:23:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 46.0.1.5966, time stamp: 0x572818c9
Faulting module name: mozglue.dll, version: 46.0.1.5966, time stamp: 0x572808c3
Exception code: 0x80000003
Fault offset: 0x0000efdc
Faulting process id: 0x1200
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============

CodeIntegrity:
===================================
  Date: 2016-02-02 12:11:19.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:19.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:15.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:15.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 38%
Total physical RAM: 3982.2 MB
Available physical RAM: 2464.12 MB
Total Virtual: 7962.58 MB
Available Virtual: 6199.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:20.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: FC375C36)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#7
Ditch
Posted 30 May 2016 - 03:25 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/05/2016 22:24:54

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/05/2016 20:31:38
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name apis.google.com timed out after none of the configured DNS servers


  • 0

#8
Ditch
Posted 30 May 2016 - 03:27 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 30/05/2016 22:27:24

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/05/2016 20:23:33
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: plugin-container.exe, version: 46.0.1.5966, time stamp: 0x572818c9 Faulting module name: mozglue.dll, version: 46.0.1.5966, time stamp: 0x572808c3 Exception code: 0x80000003 Fault offset: 0x0000efdc Faulting process id: 0x1200 Faulting application start time: 0x01d1bab0deaf0c5e Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll Report Id: 612ebe3f-26a4-11e6-8c86-0c5b8f279a64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#9
RKinner
Posted 30 May 2016 - 05:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Let's try another fixlist as before:

 

Download, save and run Speedy Fox.

http://www.crystalidea.com/speedyfox.  Close Chrome/Firefox/Skpe. Hit Optimize.  
 
Run FRST SCAN with Addition.txt checked and post both logs.

 


  • 0

#10
Ditch
Posted 30 May 2016 - 05:25 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

00:20:00    Starting optimization
00:20:00    Optimizing 'default-1464490179294'
00:20:00    Path: C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294\
00:20:00    content-prefs.sqlite...
00:20:00    cookies.sqlite...
00:20:00    formhistory.sqlite...
00:20:00    permissions.sqlite...
00:20:00    places.sqlite...
00:20:00    signons.sqlite...
00:20:00    webappsstore.sqlite...
00:20:00    Optimized 7 files, new size: 7.00 MB (was 12.5 MB)
00:20:00    Optimizing 'Default'
00:20:00    Path: C:\Users\Ditch\AppData\Local\Chromium\User Data
00:20:00    Cookies...
00:20:00    Favicons...
00:20:00    History...
00:20:00    Login Data...
00:20:00    Shortcuts...
00:20:00    Web Data...
00:20:00    Optimized 6 files, new size: 205 KB (was 205 KB)
00:20:00    Optimizing 'default'
00:20:00    Path: C:\Users\Ditch\AppData\Roaming\Thunderbird\Profiles\ofk6v13y.default\
00:20:00    addons.sqlite...
00:20:00    blist.sqlite...
00:20:00    content-prefs.sqlite...
00:20:00    cookies.sqlite...
00:20:00    extensions.sqlite...
00:20:00    formhistory.sqlite...
00:20:00    global-messages-db.sqlite...
00:20:01    permissions.sqlite...
00:20:01    places.sqlite...
00:20:01    signons.sqlite...
00:20:01    webappsstore.sqlite...
00:20:01    Optimized 11 files, new size: 7.65 MB (was 7.65 MB)
00:20:01    Total: optimized 24 files, new size: 14.8 MB (was 20.3 MB)
00:20:01    Completed in 0.90 seconds
 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Ditch (administrator) on DITCH-PC (31-05-2016 00:20:24)
Running from C:\Users\Ditch\Desktop
Loaded Profiles: Ditch (Available Profiles: Ditch)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(SanDisk Corporation) C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [zzzHPSETUP] => D:\Setup.exe
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [SansaDispatch] => C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-09-09] (SanDisk Corporation)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-08-31]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{2C586D8C-2F76-49E5-A070-09039B4A14A7}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{33535650-5A6B-44CB-86B4-3821687D3F27}: [DhcpNameServer] 192.168.100.200
Tcpip\..\Interfaces\{C2E58559-B900-4F0C-847D-6513405E9190}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-1600889185-3656679571-3126259524-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ditch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Extension: British English Dictionary (Marco Pinto) - C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294\Extensions\[email protected] [2016-05-30]
FF Extension: Adblock Plus - C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-29]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-12-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [216576 2009-09-04] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-24] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2013-04-18] (microOLAP Technologies LTD)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-24] (IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-24] (IBM Corp.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 00:20 - 2016-05-31 00:20 - 00011866 ____C C:\Users\Ditch\Desktop\FRST.txt
2016-05-31 00:20 - 2016-05-31 00:20 - 00001328 ____C C:\Users\Ditch\Desktop\SpeedyFox_Log.txt
2016-05-31 00:19 - 2016-05-31 00:19 - 00004710 ____C C:\Users\Ditch\Desktop\fixlist.txt
2016-05-31 00:10 - 2016-05-31 00:10 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\CrystalIdea Software
2016-05-30 22:24 - 2016-05-30 22:27 - 00001099 ____C C:\VEW.txt
2016-05-30 20:59 - 2016-05-30 21:06 - 00000000 ___DC C:\AVG_Remover
2016-05-29 21:18 - 2016-05-31 00:20 - 00000000 ___DC C:\FRST
2016-05-29 21:16 - 2016-05-29 21:16 - 02383872 ____C (Farbar) C:\Users\Ditch\Desktop\FRST64.exe
2016-05-29 01:22 - 2016-05-31 00:14 - 00000000 ___DC C:\Users\Ditch\Desktop\Post Back Up
2016-05-28 19:30 - 2016-05-28 19:30 - 00122880 __SHC C:\Users\Ditch\Thumbs.db
2016-05-25 14:02 - 2016-05-25 14:33 - 00323406 ____C C:\Windows\ntbtlog.txt
2016-05-05 02:49 - 2016-05-05 02:49 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Avira
2016-05-05 02:47 - 2016-04-04 17:07 - 00154816 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00141920 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00079696 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00028600 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-05-05 02:14 - 2016-05-25 16:48 - 00000000 ___DC C:\ProgramData\Package Cache
2016-05-05 02:14 - 2016-05-25 16:47 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\ProgramData\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\Program Files (x86)\Avira
2016-05-04 14:39 - 2009-06-10 22:00 - 00000824 ____C C:\Windows\system32\Drivers\etc\hosts.20160504-143956.backup
2016-05-03 18:10 - 2016-05-04 00:21 - 00000000 ___DC C:\Program Files\CCleaner
2016-05-03 18:10 - 2016-05-03 18:10 - 00002790 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-30 21:24 - 2016-03-25 22:53 - 01840640 __SHC C:\Users\Ditch\Desktop\Thumbs.db
2016-05-30 21:17 - 2009-07-14 06:13 - 00782470 ____C C:\Windows\system32\PerfStringBackup.INI
2016-05-30 21:17 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-30 21:17 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-30 21:17 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\inf
2016-05-30 21:10 - 2009-07-14 06:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-05-30 17:54 - 2013-04-08 16:49 - 00000000 ___DC C:\Windows\system32\appmgmt
2016-05-29 18:47 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\NDF
2016-05-28 19:30 - 2013-02-05 19:48 - 00000000 ___DC C:\Users\Ditch
2016-05-28 03:21 - 2013-06-02 13:12 - 00000000 __RDC C:\Users\Ditch\Desktop\Desk Top
2016-05-25 14:24 - 2014-07-12 14:09 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 16:55 - 2015-06-08 13:31 - 00215560 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-05-24 16:55 - 2013-06-22 14:20 - 00470056 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-05-13 04:16 - 2013-02-13 15:27 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 04:16 - 2013-02-13 15:27 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 04:16 - 2013-02-13 15:27 - 00003768 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-10 22:36 - 2013-11-30 10:06 - 00003894 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 22:36 - 2013-11-30 10:06 - 00003642 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 17:44 - 2015-05-18 17:09 - 00001188 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-05-06 17:44 - 2015-05-18 17:09 - 00000000 ___DC C:\Program Files\paint.net
2016-05-06 17:34 - 2013-03-03 23:47 - 00766336 ____C C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-04 14:28 - 2015-05-22 03:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2016-05-04 14:23 - 2015-05-22 03:21 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-04 02:05 - 2015-05-17 21:01 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 00:38 - 2016-04-27 02:58 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-05-04 00:38 - 2015-05-17 21:01 - 00001163 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-04 00:36 - 2013-02-05 19:52 - 00000000 ___DC C:\Users\Ditch\AppData\Local\ElevatedDiagnostics
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Sidebar
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Photo Viewer
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Defender
2016-05-04 00:25 - 2013-02-21 23:17 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Easy Thumbnails
2016-05-04 00:24 - 2016-03-24 13:17 - 00000000 ___DC C:\ProgramData\MobileBrServ
2016-05-04 00:24 - 2014-11-17 20:19 - 00000000 ___DC C:\Program Files\File Association Helper
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\registration
2016-05-04 00:23 - 2013-02-13 15:27 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\WCN
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\slmgr
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\WCN
2016-05-04 00:23 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\system32\WinBioPlugIns
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Web
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Vss
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\MUI
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Msdtc
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\migwiz
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\InstallShield
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\IME
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Dism
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\com
2016-05-04 00:22 - 2016-01-21 14:53 - 00000000 ___DC C:\Users\Public\Foxit Software
2016-05-04 00:22 - 2015-05-17 18:23 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Chromium
2016-05-04 00:22 - 2015-05-17 18:08 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\RecLib
2016-05-04 00:22 - 2014-07-23 18:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ezr8
2016-05-04 00:22 - 2014-05-28 16:10 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Motorola
2016-05-04 00:22 - 2014-05-26 20:41 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Freelang
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\LocalLow\Unity
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Unity
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ancestry.com
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2016-05-04 00:22 - 2014-03-19 16:03 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Thunderbird
2016-05-04 00:22 - 2013-11-29 13:05 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\AnvSoft
2016-05-04 00:22 - 2013-09-09 16:39 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2016-05-04 00:22 - 2013-09-09 16:38 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\SanDisk
2016-05-04 00:22 - 2013-08-03 14:25 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Amazon
2016-05-04 00:22 - 2013-07-04 17:56 - 00000000 ___DC C:\Users\Ditch\Documents\Fax
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default User\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-23 18:46 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Dropbox
2016-05-04 00:22 - 2013-06-22 14:20 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-01 18:33 - 00000000 ___DC C:\programmes
2016-05-04 00:22 - 2013-04-04 19:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Downloaded Installations
2016-05-04 00:22 - 2013-03-30 20:40 - 00000000 ___DC C:\Users\Ditch\AppData\Local\PMH
2016-05-04 00:22 - 2013-03-30 20:37 - 00000000 __HDC C:\ProgramData\CanonBJ
2016-05-04 00:22 - 2013-03-18 23:44 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Foxit Software
2016-05-04 00:22 - 2013-02-13 15:26 - 00000000 ___DC C:\Windows\system32\Macromed
2016-05-04 00:22 - 2013-02-13 14:07 - 00000000 ___DC C:\ProgramData\Yahoo!
2016-05-04 00:22 - 2013-02-13 13:58 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Adobe
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Mozilla
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Mozilla
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\slmgr
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\Printing_Admin_Scripts
2016-05-04 00:22 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\Performance
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\Setup
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\ServiceProfiles
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 _RSDC C:\Windows\Media
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\sysprep
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\spool
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\SMI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\oobe
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\MUI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Msdtc
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\migwiz
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Dism
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\com
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\security
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\schemas
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Resources
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PLA
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Help
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Globalization
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Branding
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\AppCompat
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-05-04 00:21 - 2016-03-23 14:40 - 00000000 ___DC C:\Program Files (x86)\Huawei Modems
2016-05-04 00:21 - 2015-07-12 00:37 - 00000000 ___DC C:\Program Files (x86)\Amazon
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2016-05-04 00:21 - 2015-05-22 03:03 - 00000000 ___DC C:\AdwCleaner
2016-05-04 00:21 - 2014-04-17 15:31 - 00000000 ___DC C:\Program Files (x86)\Family Tree Maker 2011
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Windows Media Components
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Microsoft WSE
2016-05-04 00:21 - 2014-04-17 14:10 - 00000000 ___DC C:\Program Files (x86)\BCL Technologies
2016-05-04 00:21 - 2014-04-07 16:10 - 00000000 ___DC C:\Program Files (x86)\FOXIT SOFTWARE
2016-05-04 00:21 - 2014-03-20 14:33 - 00000000 ___DC C:\Program Files (x86)\APC
2016-05-04 00:21 - 2013-11-30 10:05 - 00000000 ___DC C:\Program Files (x86)\Google
2016-05-04 00:21 - 2013-07-10 12:47 - 00000000 ___DC C:\Program Files (x86)\Huawei technologies
2016-05-04 00:21 - 2013-06-22 14:19 - 00000000 ___DC C:\Program Files (x86)\Trusteer
2016-05-04 00:21 - 2013-03-05 04:17 - 00000000 ___DC C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Windows Live
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-05-04 00:21 - 2013-02-13 14:07 - 00000000 ___DC C:\Program Files (x86)\Yahoo!
2016-05-04 00:21 - 2013-02-05 19:58 - 00000000 ___DC C:\Program Files\Realtek
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 ___DC C:\Program Files (x86)\Realtek
2016-05-04 00:21 - 2013-02-05 19:55 - 00000000 ___DC C:\Program Files\Common Files\Intel
2016-05-04 00:21 - 2013-02-05 19:53 - 00000000 ___DC C:\Program Files (x86)\Intel
2016-05-04 00:21 - 2010-11-21 08:16 - 00000000 ___DC C:\Program Files\Windows Journal
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\MSBuild
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Microsoft Games
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\DVD Maker
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Sidebar
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Photo Viewer
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Windows NT
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\System
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\SpeechEngines
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files (x86)\Windows NT
2016-05-03 18:12 - 2015-06-14 00:33 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\MPC-HC
2016-05-03 18:12 - 2013-03-03 23:23 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Media Player Classic
2016-05-03 18:12 - 2013-02-06 03:43 - 00000000 ___DC C:\Windows\Panther
2016-05-03 18:12 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\ModemLogs

==================== Files in the root of some directories =======

2015-07-06 16:09 - 2015-07-06 16:09 - 0006144 ____C () C:\Users\Ditch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Ditch\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-28 13:57

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Ditch (2016-05-31 00:20:45)
Running from C:\Users\Ditch\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-02-05 18:48:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1600889185-3656679571-3126259524-500 - Administrator - Disabled)
Ditch (S-1-5-21-1600889185-3656679571-3126259524-1000 - Administrator - Enabled) => C:\Users\Ditch
Guest (S-1-5-21-1600889185-3656679571-3126259524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1600889185-3656679571-3126259524-1003 - Limited - Enabled)
New account (S-1-5-21-1600889185-3656679571-3126259524-1001 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
APC PowerChute Personal Edition 3.0 (HKLM-x32\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Awesomium.NET Redistribution Module (x32 Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Family Tree Maker 2010 (HKLM-x32\...\Family Tree Maker 2010) (Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.376 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.376 - Ancestry.com) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Huawei modem (HKLM-x32\...\Huawei Modems) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.00.21 - Huawei Technologies Co.,Ltd)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-GB)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
tbbMeter Loader Service (HKLM-x32\...\{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}) (Version: 1.0.0 - thinkbroadband.com)
Unity Web Player (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02B932F7-D744-463E-B9C7-C7FF88A0F9CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {280BD6CF-1463-4664-81A1-4FCFA91AB7D8} - System32\Tasks\{5A87B4E4-0B17-49E5-ABD4-C378584203C2} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {5494BE96-C865-4307-AC83-58C47F22DE36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {65763892-931D-4A8D-B9DE-C1B349B464AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9C2FA8EE-38C3-4874-B888-C776849C40B6} - System32\Tasks\{92941F7C-D841-4778-9D5F-D9BBE72180CB} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {B16BDE49-E6DB-4FD3-9EA2-7041CF35E511} - System32\Tasks\{9DCFE29F-6BA5-40E0-82EB-0B686B1532F3} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe"
Task: {F8BA87EF-9EC6-4386-A01C-09862C1A5D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-24 13:17 - 2014-11-20 09:48 - 00242264 ____C () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-05-04 14:01 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.

IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123simsen.com -> www.123simsen.com

There are 7896 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-05-04 14:39 - 00452288 ____C C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15518 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{86472CA0-D35C-47A6-AB62-EF3B97AB307D}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{22520538-16FD-43CC-BDBB-9B854D3FE174}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{3EBECDEB-2097-4112-9004-0C3E30740819}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{61B43AC4-1F3C-465F-9928-947BD744D168}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{00063C30-0ACE-4AA3-BB8E-594F5F332533}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{3DE09D31-BDD1-4E5F-8C18-D5D05573B5FE}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{7314E4FA-9BA9-45BF-B7A1-6465DFB07357}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{2943861C-19FE-4041-BD0C-CAA271A4DE90}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{86417CB2-3D69-47CC-A157-2E40E38BF140}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB68F1AA-E74B-4560-9B19-A2090638664A}] => (Allow) LPort=2869
FirewallRules: [{92520CCC-DE9F-4138-99AC-4950A7041764}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2666C8BD-B917-4FCA-8E5F-C024D8FAD4BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{38E72EB0-B5F3-45D5-924E-47D9CD112CEE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B251A538-60C0-4303-895A-3D533F67E8F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A58AA8E-FFB0-45DD-A1EF-5E2FE8DE4794}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC923D67-5DEB-4A45-B0AF-5C4FE97FB1E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{169D3FC1-981D-4AC0-A728-6391AD008250}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F44E50A1-73D7-4A11-8BA8-CF03586F0756}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6E905761-8540-494B-856F-243F4143067C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

29-05-2016 18:54:24 Installed Rapport
30-05-2016 17:54:08 Removed tbbMeter Loader Service
30-05-2016 17:57:08 Removed tbbMeter Loader Service
30-05-2016 17:57:41 Removed tbbMeter Loader Service
30-05-2016 18:06:57 Removed Rapport

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2016 09:23:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 46.0.1.5966, time stamp: 0x572818c9
Faulting module name: mozglue.dll, version: 46.0.1.5966, time stamp: 0x572808c3
Exception code: 0x80000003
Fault offset: 0x0000efdc
Faulting process id: 0x1200
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============

CodeIntegrity:
===================================
  Date: 2016-02-02 12:11:19.488
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:19.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.879
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.787
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.522
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.306
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:18.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:15.444
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-02 12:11:15.315
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 29%
Total physical RAM: 3982.2 MB
Available physical RAM: 2815.93 MB
Total Virtual: 7962.58 MB
Available Virtual: 6542.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.8 GB) (Free:20.55 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: FC375C36)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

  Is that right?


  • 0

Advertisements

#11
RKinner
Posted 30 May 2016 - 05:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I don't see any changes.

 

Could you try the last fixlist again.  

 

Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 

  • 0

#12
Ditch
Posted 30 May 2016 - 06:02 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Okay. I do as ye saying and I get this:

 

 

Untitled_zpst1df5ejd.jpg

 

 

  That Fixlog says the following. I wouldn't know if it's different from before, or Swahili. Sorry.

 

I'm sticking with this like a blanket. Appreciate ye time and patience.


  • 0

#13
Ditch
Posted 30 May 2016 - 06:07 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

How to I PASTE here?  I keep losing the ability.

 

I have the log on Note. I just can't get it on here ~ despite having done so multiple time ....?


  • 0

#14
Ditch
Posted 30 May 2016 - 06:38 PM

Ditch

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts 
Fix result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Ditch (2016-05-31 00:53:49) Run:4
Running from C:\Users\Ditch\Desktop
Loaded Profiles: Ditch (Available Profiles: Ditch)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2016-05-04 14:01 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-24] (IBM Corp.)
S3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-24] (IBM Corp.)
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
2016-05-04 14:28 - 2015-05-22 03:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2016-05-04 14:23 - 2015-05-22 03:21 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2016-05-24 16:55 - 2015-06-08 13:31 - 00215560 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-05-24 16:55 - 2013-06-22 14:20 - 00470056 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default User\AppData\Local\Trusteer
2016-05-04 00:21 - 2013-06-22 14:19 - 00000000 ___DC C:\Program Files (x86)\Trusteer
Task: {65763892-931D-4A8D-B9DE-C1B349B464AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F8BA87EF-9EC6-4386-A01C-09862C1A5D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\Program Files\File Association Helper
CMD: sc stop RapportHades64
CMD: sc stop RapportPG64
CMD: sc delete RapportHades64
CMD: sc delete RapportPG64
Hosts:

*****************

"C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl" => not found.
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => No running process found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf => key not found. 
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf => key not found. 
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => key not found. 
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => key not found. 
C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll => not found.
RapportHades64 => service not found.
RapportPG64 => service not found.
C:\Program Files\File Association Helper\FAHWindow.exe => No running process found
"C:\ProgramData\Spybot - Search & Destroy" => not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2" => not found.
C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe => No running process found
C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe => No running process found
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found. 
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found. 
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => not found.
HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => key not found. 
"C:\Windows\system32\Drivers\RapportHades64.sys" => not found.
"C:\Windows\system32\Drivers\RapportKE64.sys" => not found.
"C:\Users\Default\AppData\Local\Trusteer" => not found.
"C:\Users\Default User\AppData\Local\Trusteer" => not found.
"C:\Program Files (x86)\Trusteer" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65763892-931D-4A8D-B9DE-C1B349B464AE} => key not found. 
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8BA87EF-9EC6-4386-A01C-09862C1A5D37} => key not found. 
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key not found. 
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2" => not found.
"C:\Program Files\File Association Helper" => not found.

=========  sc stop RapportHades64 =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  sc stop RapportPG64 =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  sc delete RapportHades64 =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========


=========  sc delete RapportPG64 =========

[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.


========= End of CMD: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

==== End of Fixlog 00:53:49 ====

  • 0

#15
RKinner
Posted 30 May 2016 - 07:35 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

OK.  That's better.  Spybot is no longer recommended.  They put a few thousand entries in the Hosts file and it slows your networking down.  This hasn't been a good idea since Windows 2000.

 

I see Avira is not letting me clean up the hosts file.  

 

See if you reset it this way.

 

Download HostsXpert from http://www.funkytoad.../HostsXpert.zip.  Save the file then right click and Extract All.  It will create a new folder in the same place.  In the folder find HostsXpert.exe and right click on it and Run As Administrator.
 
It will take a few seconds to appear.  If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only?  If it already says Make Read Only? that's OK just go on to the next step.
Now click on the left column entry that says: Restore MSHosts file.  Click on the Make Read Only? entry then close HostsXpert.  
 
If you get a popup from Avira to allow the change to the hosts file or maybe you can pause Avira while you run HostsXpert.
 
Is Firefox working any better now?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP