Brief Overview: I click " Geeks To Go ". I 404. " Firefox can't find the server " what ever. I've also got this .....
Try for a Restart? This:
It's also, randomly, said things like my Yahoo Mailer was the culprit. Either way, nothing gets rid of this programme in the background.
I inhabit a Slack chat room too. Or used to. Now, I spend my days and nights in an endless cycle of trying to sign in to anywhere.
I've Tried ..... DLing and running CCleaner. Malwarebytes. Avira. Avira found a trojan by the name of K and a number? I googled that and found it being discussed on a German forum. Sadly, in German.
Tried running the latter two in safe mode.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Ditch (administrator) on DITCH-PC (29-05-2016 21:18:31)
Running from C:\Users\Ditch\Downloads
Loaded Profiles: Ditch (Available Profiles: Ditch)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(SanDisk Corporation) C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM-x32\...\Run: [ClearLogicStartUp] => E:\programmes\Camera\ONE CHANNEL USB DVR\StartUp.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\APC PowerChute Personal Edition\DataCollectionLauncher.exe [271736 2010-09-14] (American Power Conversion Corporation)
HKLM-x32\...\Run: [zzzHPSETUP] => D:\Setup.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-05-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [SansaDispatch] => C:\Users\Ditch\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-09-09] (SanDisk Corporation)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8698584 2016-04-15] (Piriform Ltd)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: F - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {004bbd5c-f0a2-11e5-9405-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {004bbd71-f0a2-11e5-9405-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {01d3dc68-b330-11e2-88ad-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {089e80dc-8cdb-11e5-a0a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {089e80f0-8cdb-11e5-a0a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09d027dc-f098-11e5-b613-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09d027f0-f098-11e5-b613-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09f218e3-7cfc-11e2-9b7b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {09f218f7-7cfc-11e2-9b7b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0a82fde3-9f90-11e2-9a64-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0a82fdf6-9f90-11e2-9a64-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bd5365d-8c21-11e5-b26c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bd53670-8c21-11e5-b26c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bf6e5dc-4e14-11e4-a8fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0bf6e5ff-4e14-11e4-a8fc-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0c09a6e4-7cff-11e2-893c-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0c09a6f7-7cff-11e2-893c-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0ca5b0db-8c91-11e5-9567-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0ca5b0ef-8c91-11e5-9567-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0f0f5bdc-1c59-11e5-934d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {0f0f5bf0-1c59-11e5-934d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1017d15c-f0a3-11e5-8f53-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1017d170-f0a3-11e5-8f53-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {11f8e2f5-3716-11e5-9259-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {138907ec-fa51-11e4-97c3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {14838edb-8fca-11e5-93e4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {17f4cfdb-8bf0-11e5-a1a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {17f4cfef-8bf0-11e5-a1a5-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {19b986cd-3718-11e5-87d9-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {19b98704-3718-11e5-87d9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1b8f535c-8bfe-11e5-b11c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1b8f5371-8bfe-11e5-b11c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1c38e14d-8c20-11e5-b22a-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1c38e181-8c20-11e5-b22a-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1ef0595b-8fc7-11e5-9286-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {1ef0596f-8fc7-11e5-9286-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {213877f0-8c96-11e5-93ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2343ee5d-371a-11e5-a370-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2343ee70-371a-11e5-a370-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {243956db-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {243956f0-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {24395714-8c09-11e5-9623-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {269c9472-9fbc-11e2-9b61-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {27e329dc-8fcb-11e5-94e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {27e329f0-8fcb-11e5-94e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {291c6b5d-fd8a-11e4-8627-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {291c6b70-fd8a-11e4-8627-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2a17525c-8c72-11e5-94f4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2a175270-8c72-11e5-94f4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {2ac8cdec-8c0b-11e5-a453-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d35c-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d370-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3231d39e-fa3e-11e4-8970-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {32d62e14-e66c-11e3-a5af-d43d7e4d2a3e} - G:\setup.exe -a
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {33978fdc-9f7c-11e5-9fd2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {33978ff0-9f7c-11e5-9fd2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {366fa3bb-36b3-11e5-9464-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3be80860-eb41-11e2-a71a-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3d300163-8088-11e2-896b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {3d300177-8088-11e2-896b-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {409bc8db-8cc7-11e5-b2c6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {409bc8ef-8cc7-11e5-b2c6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {40f28ee9-8cdc-11e5-9436-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {414c15cd-9f7a-11e5-a010-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {414c1601-9f7a-11e5-a010-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {437b1bdd-1c49-11e5-9562-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {437b1bef-1c49-11e5-9562-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44444573-8cf1-11e5-b029-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44ee63e8-3ed8-11e5-934b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {44ee63fc-3ed8-11e5-934b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47f48beb-75dc-11e2-b29f-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47f48d3c-75dc-11e2-b29f-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47fb23ce-4b52-11e4-86c9-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {47fb2416-4b52-11e4-86c9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {49a3f069-51d6-11e5-9fc6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {49a3f07b-51d6-11e5-9fc6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4cf28ccd-1c25-11e5-940d-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4cf28d04-1c25-11e5-940d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {4eb1d1f2-9f73-11e5-a454-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {52b134ce-8bfd-11e5-b205-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {52b13501-8bfd-11e5-b205-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {53999d64-2da8-11e5-9305-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {53999d77-2da8-11e5-9305-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {598b77db-8bfc-11e5-9777-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {598b77ef-8bfc-11e5-9777-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5c19ca69-8ced-11e5-b271-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5ce8605e-1aaf-11e5-91c2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {5ce86071-1aaf-11e5-91c2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {60eb3ee2-9f86-11e2-88d5-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {60eb3ef6-9f86-11e2-88d5-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {618ecfe2-9f9c-11e2-873e-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {618ecff6-9f9c-11e2-873e-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {63441cdc-1c14-11e5-b39e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {63441cf0-1c14-11e5-b39e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {64b54f62-f097-11e5-b135-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {64b54f76-f097-11e5-b135-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {69601edd-f0fc-11e5-92f3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {69601ef2-f0fc-11e5-92f3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e06595c-8c6a-11e5-94e3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e06596f-8c6a-11e5-94e3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e820ce9-8cc9-11e5-953f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6e820d0a-8cc9-11e5-953f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6ec1de5d-8cb0-11e5-94ff-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6ec1de71-8cb0-11e5-94ff-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6fc4f354-9f70-11e5-bdb0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {6fc4f379-9f70-11e5-bdb0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {70e5aedc-8fc8-11e5-af77-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {74738777-f1ae-11e5-92f6-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {74ac41ef-4b4c-11e4-85b0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {774803e1-f624-11e2-94d9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {77dd6163-9f85-11e2-b2c9-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {7db6d25b-8fc9-11e5-a1bf-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {7db6d26f-8fc9-11e5-a1bf-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8044b0db-8bf2-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8044b0ef-8bf2-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {81c6a6e9-8bfb-11e5-a2c0-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {82edc9dc-3719-11e5-b382-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {82edc9f0-3719-11e5-b382-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {885800cd-9fb2-11e2-8605-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8858010a-9fb2-11e2-8605-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8858012e-9fb2-11e2-8605-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {88be326b-8fca-11e5-b25b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b1449f0-8cb5-11e5-94a3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b67795c-b098-11e5-b185-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8b677970-b098-11e5-b185-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8c79a2cd-1c3e-11e5-95e2-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8ddf2368-9f71-11e5-af29-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {8ddf237a-9f71-11e5-af29-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {946bd95b-8cea-11e5-946f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {946bd96f-8cea-11e5-946f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {971cbfce-9f72-11e5-b0a4-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {971cc002-9f72-11e5-b0a4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9805c4f2-b0cc-11e5-8feb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9ce1e85d-8bf4-11e5-a1bc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9ce1e870-8bf4-11e5-a1bc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9e5de14d-8bf1-11e5-954e-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9e5de181-8bf1-11e5-954e-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f87754e-1c34-11e5-90b8-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f877582-1c34-11e5-90b8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f877592-1c34-11e5-90b8-d43d7e4d2a3e} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f87759b-1c34-11e5-90b8-d43d7e4d2a3e} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f8775b6-1c34-11e5-90b8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f960adb-8bff-11e5-b21d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {9f960aef-8bff-11e5-b21d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a00f904d-9f76-11e5-afba-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a00f9083-9f76-11e5-afba-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a6513cdc-9f75-11e5-92ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {a6513cf0-9f75-11e5-92ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aa76615c-5953-11e4-a7d4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aa766171-5953-11e4-a7d4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aae438db-8bf5-11e5-a18c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {aae438ef-8bf5-11e5-a18c-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {abbc35dd-4bc0-11e4-9859-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {abbc35f1-4bc0-11e4-9859-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {adbdf0e4-3481-11e5-90a9-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ae099cdc-f09f-11e5-b0ae-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ae099cf0-f09f-11e5-b0ae-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b078bc5d-1c1d-11e5-8618-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b078bc70-1c1d-11e5-8618-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b55003cd-8bf0-11e5-b189-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b5500403-8bf0-11e5-b189-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b9650c5d-9f77-11e5-9f7f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {b9650c70-9f77-11e5-9f7f-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bba99715-a069-11e2-90e2-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bfa7e1ea-1f42-11e3-9195-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {bfa7e1fb-1f42-11e3-9195-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c0ba23db-8c1e-11e5-8272-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c0ba23f2-8c1e-11e5-8272-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c1dfb9dc-1c59-11e5-91d8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c1dfb9f1-1c59-11e5-91d8-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c5df21dc-f09b-11e5-9ef4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c5df21f0-f09b-11e5-9ef4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c7c530dd-3718-11e5-947b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c7c530f0-3718-11e5-947b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {c9c49f60-3520-11e5-92c6-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ca9ba85c-8fcb-11e5-9473-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ca9ba870-8fcb-11e5-9473-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ce2d305d-8fc7-11e5-8ebe-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ce2d3070-8fc7-11e5-8ebe-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d0f169dd-b0cb-11e5-9c84-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d0f169f0-b0cb-11e5-9c84-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3679866-1c3e-11e5-87fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3679877-1c3e-11e5-87fc-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3b363f2-1c3d-11e5-94e4-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d3ea9a18-b327-11e2-860d-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d479df5c-dd4b-11e4-94ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d479df70-dd4b-11e4-94ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d79fcf4d-6037-11e4-9887-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {d79fcf84-6037-11e4-9887-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {db49d6ec-8cca-11e5-9430-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba116dd-f09c-11e5-a008-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba116f0-f09c-11e5-a008-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dba5966b-eb41-11e2-a6b3-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dfe1a15c-8c70-11e5-ae99-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {dfe1a171-8c70-11e5-ae99-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e069c8dd-f0a4-11e5-a40b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e069c8f0-f0a4-11e5-a40b-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e341424d-8c08-11e5-bf12-806e6f6e6963} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e3ef256b-8fc8-11e5-b028-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e4b1da64-7cfc-11e2-9739-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e4b1da77-7cfc-11e2-9739-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e7f3e362-9f95-11e2-8814-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e7f3e376-9f95-11e2-8814-d43d7e4d2a3e} - F:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e8bd065d-f09a-11e5-a150-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e8bd0670-f09a-11e5-a150-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e9c8bd5b-8bfa-11e5-95fb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {e9c8bd6f-8bfa-11e5-95fb-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eb0efd5c-b05e-11e4-9925-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eb0efd71-b05e-11e4-9925-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {ec3f012b-a06c-11e2-8821-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eceb22dc-f09e-11e5-b260-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eceb22f1-f09e-11e5-b260-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {eeeb426a-8cb6-11e5-b251-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f64392dd-cffc-11e5-a2ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f64392f0-cffc-11e5-a2ed-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f7acfc52-9f74-11e5-a341-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f7acfc70-9f74-11e5-a341-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {f9c28b73-9f73-11e5-b177-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {fc6fb16a-9f70-11e5-8c00-d43d7e4d2a3e} - E:\AutoRun.exe
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\MountPoints2: {feef804d-1c48-11e5-94db-806e6f6e6963} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2014-08-31]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{2C586D8C-2F76-49E5-A070-09039B4A14A7}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{33535650-5A6B-44CB-86B4-3821687D3F27}: [DhcpNameServer] 192.168.100.200
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> G:\programmes\VLC Media Player\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-1600889185-3656679571-3126259524-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ditch\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Ditch\AppData\Roaming\Mozilla\Firefox\Profiles\utuj6chq.default-1464490179294\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-29]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 APC Data Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [21880 2010-09-14] (American Power Conversion Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [705912 2010-09-14] (American Power Conversion Corporation)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [276424 2016-05-04] (Avira Operations GmbH & Co. KG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-24] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-12-26] (Microsoft Corporation)
S2 tbbLoaderService; "E:\Programmes\Bamdwidth Meter\tbbLoaderService.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [154816 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141920 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [216576 2009-09-04] (Huawei Technologies Co., Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-08-24] ()
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2009-07-24] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2013-04-18] (microOLAP Technologies LTD)
R1 RapportCerberus_1609040; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609040.sys [1157160 2016-05-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-24] (IBM Corp.)
S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-24] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-24] (IBM Corp.)
R3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-24] (IBM Corp.)
S3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1917576 2010-06-07] (Syntek)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-29 21:18 - 2016-05-29 21:18 - 00043383 ____C C:\Users\Ditch\Downloads\FRST.txt
2016-05-29 21:18 - 2016-05-29 21:18 - 00000000 ___DC C:\FRST
2016-05-29 21:16 - 2016-05-29 21:16 - 02383872 ____C (Farbar) C:\Users\Ditch\Downloads\FRST64.exe
2016-05-29 18:55 - 2016-05-29 18:55 - 00000028 ____C C:\Users\Ditch\Desktop\3.txt
2016-05-29 01:22 - 2016-05-29 01:22 - 00000000 ___DC C:\Users\Ditch\Desktop\Post Back Up
2016-05-28 19:30 - 2016-05-28 19:30 - 00122880 __SHC C:\Users\Ditch\Thumbs.db
2016-05-25 14:02 - 2016-05-25 14:33 - 00323406 ____C C:\Windows\ntbtlog.txt
2016-05-05 02:49 - 2016-05-05 02:49 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Avira
2016-05-05 02:47 - 2016-04-04 17:07 - 00154816 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00141920 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00079696 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-05-05 02:47 - 2016-04-04 17:07 - 00028600 ____C (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-05-05 02:14 - 2016-05-25 16:48 - 00000000 ___DC C:\ProgramData\Package Cache
2016-05-05 02:14 - 2016-05-25 16:47 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\ProgramData\Avira
2016-05-05 02:14 - 2016-05-05 02:47 - 00000000 ___DC C:\Program Files (x86)\Avira
2016-05-04 14:39 - 2009-06-10 22:00 - 00000824 ____C C:\Windows\system32\Drivers\etc\hosts.20160504-143956.backup
2016-05-04 14:01 - 2016-05-04 14:01 - 00001395 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-05-04 14:01 - 2016-05-04 14:01 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-05-04 14:01 - 2013-09-20 10:49 - 00021040 ____C (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-05-04 00:36 - 2016-05-04 00:36 - 00242200 ____C C:\Users\Ditch\Downloads\Firefox Setup Stub 46.0.1.exe
2016-05-03 19:06 - 2016-05-04 14:06 - 00000000 ___DC C:\Program Files\Common Files\AV
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\TuneUp Software
2016-05-03 19:06 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\AVG
2016-05-03 19:05 - 2016-05-03 19:05 - 00000000 __HDC C:\$AVG
2016-05-03 18:49 - 2016-05-04 19:33 - 00000000 ___DC C:\ProgramData\Avg
2016-05-03 18:49 - 2016-05-04 19:33 - 00000000 ___DC C:\Program Files (x86)\AVG
2016-05-03 18:46 - 2016-05-03 18:50 - 00000000 ___DC C:\Users\Ditch\AppData\Local\AvgSetupLog
2016-05-03 18:45 - 2016-05-03 19:06 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Avg
2016-05-03 18:44 - 2016-05-04 00:22 - 00000000 ___DC C:\ProgramData\MFAData
2016-05-03 18:44 - 2016-05-03 18:44 - 00000000 ___DC C:\Users\Ditch\AppData\Local\MFAData
2016-05-03 18:44 - 2016-05-03 18:44 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Avg2015
2016-05-03 18:10 - 2016-05-04 00:21 - 00000000 ___DC C:\Program Files\CCleaner
2016-05-03 18:10 - 2016-05-03 18:10 - 00002790 ____C C:\Windows\System32\Tasks\CCleanerSkipUAC
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-29 21:16 - 2013-02-13 15:27 - 00000830 ____C C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-29 20:41 - 2013-11-30 10:06 - 00000898 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-29 19:01 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-29 19:01 - 2009-07-14 05:45 - 00021472 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-29 18:58 - 2009-07-14 06:13 - 00782470 ____C C:\Windows\system32\PerfStringBackup.INI
2016-05-29 18:58 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\inf
2016-05-29 18:54 - 2013-11-30 10:06 - 00000894 ____C C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-29 18:54 - 2013-09-16 13:04 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-05-29 18:53 - 2009-07-14 06:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
2016-05-29 18:47 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\NDF
2016-05-29 04:17 - 2016-03-25 22:53 - 01783296 __SHC C:\Users\Ditch\Desktop\Thumbs.db
2016-05-28 19:30 - 2013-02-05 19:48 - 00000000 ___DC C:\Users\Ditch
2016-05-28 03:21 - 2013-06-02 13:12 - 00000000 __RDC C:\Users\Ditch\Desktop\Desk Top
2016-05-25 14:24 - 2014-07-12 14:09 - 00192216 ____C (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-24 16:55 - 2015-06-08 13:31 - 00215560 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-05-24 16:55 - 2013-06-22 14:20 - 00470056 ____C (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-05-13 04:16 - 2013-02-13 15:27 - 00797376 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-13 04:16 - 2013-02-13 15:27 - 00142528 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-13 04:16 - 2013-02-13 15:27 - 00003768 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-10 22:36 - 2013-11-30 10:06 - 00003894 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 22:36 - 2013-11-30 10:06 - 00003642 ____C C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-06 17:44 - 2015-05-18 17:09 - 00001188 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-05-06 17:44 - 2015-05-18 17:09 - 00000000 ___DC C:\Program Files\paint.net
2016-05-06 17:34 - 2013-03-03 23:47 - 00766336 ____C C:\Windows\SysWOW64\PerfStringBackup.INI
2016-05-04 14:28 - 2015-05-22 03:22 - 00000000 ___DC C:\ProgramData\Spybot - Search & Destroy
2016-05-04 14:23 - 2015-05-22 03:21 - 00000000 ___DC C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-05-04 02:05 - 2015-05-17 21:01 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-04 00:38 - 2016-04-27 02:58 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2016-05-04 00:38 - 2015-05-17 21:01 - 00001163 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-04 00:36 - 2013-02-05 19:52 - 00000000 ___DC C:\Users\Ditch\AppData\Local\ElevatedDiagnostics
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Sidebar
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Photo Viewer
2016-05-04 00:27 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Windows Defender
2016-05-04 00:25 - 2013-02-21 23:17 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Easy Thumbnails
2016-05-04 00:24 - 2016-03-24 13:17 - 00000000 ___DC C:\ProgramData\MobileBrServ
2016-05-04 00:24 - 2014-11-17 20:19 - 00000000 ___DC C:\Program Files\File Association Helper
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2014-07-12 14:08 - 00000000 ___DC C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-04 00:24 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\registration
2016-05-04 00:23 - 2013-02-13 15:27 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\WCN
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\slmgr
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\winrm
2016-05-04 00:23 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\WCN
2016-05-04 00:23 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\system32\WinBioPlugIns
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Web
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Vss
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\MUI
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Msdtc
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\migwiz
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\InstallShield
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\IME
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\Dism
2016-05-04 00:23 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\SysWOW64\com
2016-05-04 00:22 - 2016-01-21 14:53 - 00000000 ___DC C:\Users\Public\Foxit Software
2016-05-04 00:22 - 2015-05-17 18:23 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Chromium
2016-05-04 00:22 - 2015-05-17 18:08 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\RecLib
2016-05-04 00:22 - 2014-07-23 18:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ezr8
2016-05-04 00:22 - 2014-05-28 16:10 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Motorola
2016-05-04 00:22 - 2014-05-26 20:41 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Freelang
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\LocalLow\Unity
2016-05-04 00:22 - 2014-05-16 15:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Unity
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Ancestry.com
2016-05-04 00:22 - 2014-04-17 14:11 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2016-05-04 00:22 - 2014-03-19 16:03 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Thunderbird
2016-05-04 00:22 - 2013-11-29 13:05 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\AnvSoft
2016-05-04 00:22 - 2013-09-09 16:39 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2016-05-04 00:22 - 2013-09-09 16:38 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\SanDisk
2016-05-04 00:22 - 2013-08-03 14:25 - 00000000 ___DC C:\ProgramData\Malwarebytes
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-05-04 00:22 - 2013-07-12 16:11 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Amazon
2016-05-04 00:22 - 2013-07-04 17:56 - 00000000 ___DC C:\Users\Ditch\Documents\Fax
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-24 13:12 - 00000000 ___DC C:\Users\Default User\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-23 18:46 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Dropbox
2016-05-04 00:22 - 2013-06-22 14:20 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Trusteer
2016-05-04 00:22 - 2013-06-22 14:17 - 00000000 ___DC C:\ProgramData\Trusteer
2016-05-04 00:22 - 2013-06-01 18:33 - 00000000 ___DC C:\programmes
2016-05-04 00:22 - 2013-04-04 19:35 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Downloaded Installations
2016-05-04 00:22 - 2013-03-30 20:40 - 00000000 ___DC C:\Users\Ditch\AppData\Local\PMH
2016-05-04 00:22 - 2013-03-30 20:37 - 00000000 __HDC C:\ProgramData\CanonBJ
2016-05-04 00:22 - 2013-03-18 23:44 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Foxit Software
2016-05-04 00:22 - 2013-02-13 15:26 - 00000000 ___DC C:\Windows\system32\Macromed
2016-05-04 00:22 - 2013-02-13 14:07 - 00000000 ___DC C:\ProgramData\Yahoo!
2016-05-04 00:22 - 2013-02-13 13:58 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Adobe
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Mozilla
2016-05-04 00:22 - 2013-02-05 20:25 - 00000000 ___DC C:\Users\Ditch\AppData\Local\Mozilla
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\slmgr
2016-05-04 00:22 - 2010-11-21 08:06 - 00000000 ___DC C:\Windows\system32\Printing_Admin_Scripts
2016-05-04 00:22 - 2009-07-14 06:32 - 00000000 ___DC C:\Windows\Performance
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\Setup
2016-05-04 00:22 - 2009-07-14 05:45 - 00000000 ___DC C:\Windows\ServiceProfiles
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 _RSDC C:\Windows\Media
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\sysprep
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\spool
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\SMI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\oobe
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\MUI
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Msdtc
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\migwiz
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\Dism
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\system32\com
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\security
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\schemas
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Resources
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PolicyDefinitions
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\PLA
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\IME
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Help
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Globalization
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\Branding
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\AppCompat
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\servicing
2016-05-04 00:22 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-05-04 00:21 - 2016-03-23 14:40 - 00000000 ___DC C:\Program Files (x86)\Huawei Modems
2016-05-04 00:21 - 2015-07-12 00:37 - 00000000 ___DC C:\Program Files (x86)\Amazon
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files\Microsoft Silverlight
2016-05-04 00:21 - 2015-06-06 23:18 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2016-05-04 00:21 - 2015-05-22 03:03 - 00000000 ___DC C:\AdwCleaner
2016-05-04 00:21 - 2014-04-17 15:31 - 00000000 ___DC C:\Program Files (x86)\Family Tree Maker 2011
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Windows Media Components
2016-05-04 00:21 - 2014-04-17 14:11 - 00000000 ___DC C:\Program Files (x86)\Microsoft WSE
2016-05-04 00:21 - 2014-04-17 14:10 - 00000000 ___DC C:\Program Files (x86)\BCL Technologies
2016-05-04 00:21 - 2014-04-07 16:10 - 00000000 ___DC C:\Program Files (x86)\FOXIT SOFTWARE
2016-05-04 00:21 - 2014-03-20 14:33 - 00000000 ___DC C:\Program Files (x86)\APC
2016-05-04 00:21 - 2013-11-30 10:05 - 00000000 ___DC C:\Program Files (x86)\Google
2016-05-04 00:21 - 2013-07-10 12:47 - 00000000 ___DC C:\Program Files (x86)\Huawei technologies
2016-05-04 00:21 - 2013-06-22 14:19 - 00000000 ___DC C:\Program Files (x86)\Trusteer
2016-05-04 00:21 - 2013-03-05 04:17 - 00000000 ___DC C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Windows Live
2016-05-04 00:21 - 2013-03-03 23:48 - 00000000 ___DC C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-05-04 00:21 - 2013-02-13 14:07 - 00000000 ___DC C:\Program Files (x86)\Yahoo!
2016-05-04 00:21 - 2013-02-05 19:58 - 00000000 ___DC C:\Program Files\Realtek
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2016-05-04 00:21 - 2013-02-05 19:56 - 00000000 ___DC C:\Program Files (x86)\Realtek
2016-05-04 00:21 - 2013-02-05 19:55 - 00000000 ___DC C:\Program Files\Common Files\Intel
2016-05-04 00:21 - 2013-02-05 19:53 - 00000000 ___DC C:\Program Files (x86)\Intel
2016-05-04 00:21 - 2010-11-21 08:16 - 00000000 ___DC C:\Program Files\Windows Journal
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\MSBuild
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\Microsoft Games
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files\DVD Maker
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Sidebar
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Photo Viewer
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Windows Defender
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\Reference Assemblies
2016-05-04 00:21 - 2009-07-14 06:32 - 00000000 ___DC C:\Program Files (x86)\MSBuild
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Windows NT
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\System
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\SpeechEngines
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files\Common Files\Microsoft Shared
2016-05-04 00:21 - 2009-07-14 04:20 - 00000000 ___DC C:\Program Files (x86)\Windows NT
2016-05-03 18:12 - 2015-06-14 00:33 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\MPC-HC
2016-05-03 18:12 - 2013-03-03 23:23 - 00000000 ___DC C:\Users\Ditch\AppData\Roaming\Media Player Classic
2016-05-03 18:12 - 2013-02-06 03:43 - 00000000 ___DC C:\Windows\Panther
2016-05-03 18:12 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\ModemLogs
2016-04-29 14:01 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
==================== Files in the root of some directories =======
2015-07-06 16:09 - 2015-07-06 16:09 - 0006144 ____C () C:\Users\Ditch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some files in TEMP:
====================
C:\Users\Ditch\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-28 13:57
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Ditch (2016-05-29 21:18:56)
Running from C:\Users\Ditch\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2013-02-05 18:48:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1600889185-3656679571-3126259524-500 - Administrator - Disabled)
Ditch (S-1-5-21-1600889185-3656679571-3126259524-1000 - Administrator - Enabled) => C:\Users\Ditch
Guest (S-1-5-21-1600889185-3656679571-3126259524-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1600889185-3656679571-3126259524-1003 - Limited - Enabled)
New account (S-1-5-21-1600889185-3656679571-3126259524-1001 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.15.0.43061 - Amazon)
APC PowerChute Personal Edition 3.0 (HKLM-x32\...\{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}) (Version: 3.0 - American Power Conversion)
AVG 2016 (Version: 16.0.4565 - AVG Technologies) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.17.273 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{28d41884-9b36-4f54-bed2-92863f08e65d}) (Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.62.21333 - Avira Operations GmbH & Co. KG) Hidden
Awesomium.NET Redistribution Module (x32 Version: 1.7.4.2 - ©2014 Awesomium Technologies LLC) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Family Tree Maker 2010 (HKLM-x32\...\Family Tree Maker 2010) (Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) Hidden
Family Tree Maker 2011 (HKLM-x32\...\Family Tree Maker 2011) (Version: 20.0.376 - Ancestry.com)
Family Tree Maker 2011 (x32 Version: 20.0.376 - Ancestry.com) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 (HKLM-x32\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.00.21 - Huawei Technologies Co.,Ltd)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 46.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-GB)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Rapport (x32 Version: 3.5.1609.63 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Sansa Updater (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation)
tbbMeter Loader Service (HKLM-x32\...\{FDC85EE3-EDAA-47C9-9885-2A26FC41DC22}) (Version: 1.0.0 - thinkbroadband.com)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.63 - Trusteer)
Unity Web Player (HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
USB2.0 Grabber (HKLM-x32\...\{45518B6D-9DDF-4144-83E4-A56762524F35}) (Version: 7.12.000.003 - Youyan)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01CC914B-F8E7-4F78-908C-746F32A9E35E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {02B932F7-D744-463E-B9C7-C7FF88A0F9CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-13] (Adobe Systems Incorporated)
Task: {04CA2BE5-F9EA-4A95-9E27-1F9EA0DAF73A} - System32\Tasks\{02B780C8-9B38-466A-8FF0-CAC15F59300A} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A899DA1F-D626-401C-8651-F2921E3B4CB3}\setup.exe" -c -runfromtemp -l0x0009 -removeonly /z"Uninstall"
Task: {280BD6CF-1463-4664-81A1-4FCFA91AB7D8} - System32\Tasks\{5A87B4E4-0B17-49E5-ABD4-C378584203C2} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {4ADF4CD1-885F-4AA3-AA3F-06EB50EF2226} - System32\Tasks\{44CBFDCD-23C5-41AA-83BD-C8C0A6E4E655} => pcalua.exe -a C:\Users\Ditch\AppData\Local\Temp\Temp1_7659(1).zip\setup.exe
Task: {5494BE96-C865-4307-AC83-58C47F22DE36} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd)
Task: {65763892-931D-4A8D-B9DE-C1B349B464AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {73FE6C5C-17D7-48FE-BA33-5686C1B1A6F7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8B9E3015-0A0D-4875-9FDA-A20672209D97} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {9C2FA8EE-38C3-4874-B888-C776849C40B6} - System32\Tasks\{92941F7C-D841-4778-9D5F-D9BBE72180CB} => C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe
Task: {A5F29DC2-9B71-43CA-80B3-2733A92D0231} - System32\Tasks\{181E5F28-814F-4B6A-AC34-CC963D168CBA} => pcalua.exe -a D:\setup.exe -d D:\
Task: {AF87FCD5-A527-4C04-9679-1455313B8DED} - System32\Tasks\{A80C8E92-F0AE-4CD2-A775-30906D889584} => pcalua.exe -a D:\Reg\setup.exe -d D:\
Task: {B16BDE49-E6DB-4FD3-9EA2-7041CF35E511} - System32\Tasks\{9DCFE29F-6BA5-40E0-82EB-0B686B1532F3} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Family Tree Maker 2010\FTM.exe"
Task: {F8BA87EF-9EC6-4386-A01C-09862C1A5D37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-03-24 13:17 - 2014-11-20 09:48 - 00242264 ____C () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-05-04 14:01 - 2014-05-13 12:04 - 00109400 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00416600 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-05-04 14:01 - 2014-05-13 12:04 - 00167768 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-05-04 14:01 - 2012-08-23 10:38 - 00574840 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-05-04 14:01 - 2012-04-03 17:06 - 00565640 ____C () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 ____C () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7896 more sites.
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\...\123simsen.com -> www.123simsen.com
There are 7896 more sites.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2016-05-04 14:39 - 00452288 ___RC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
There are 15518 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1600889185-3656679571-3126259524-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ditch\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{86472CA0-D35C-47A6-AB62-EF3B97AB307D}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{22520538-16FD-43CC-BDBB-9B854D3FE174}] => (Allow) E:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{3EBECDEB-2097-4112-9004-0C3E30740819}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{61B43AC4-1F3C-465F-9928-947BD744D168}E:\programmes\messenger\yahoomessenger.exe] => (Allow) E:\programmes\messenger\yahoomessenger.exe
FirewallRules: [TCP Query User{00063C30-0ACE-4AA3-BB8E-594F5F332533}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{3DE09D31-BDD1-4E5F-8C18-D5D05573B5FE}G:\program files\yahoo!\messenger\yahoomessenger.exe] => (Allow) G:\program files\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{7314E4FA-9BA9-45BF-B7A1-6465DFB07357}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{2943861C-19FE-4041-BD0C-CAA271A4DE90}] => (Allow) G:\programmes\Messenger\YahooMessenger.exe
FirewallRules: [{86417CB2-3D69-47CC-A157-2E40E38BF140}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BB68F1AA-E74B-4560-9B19-A2090638664A}] => (Allow) LPort=2869
FirewallRules: [{92520CCC-DE9F-4138-99AC-4950A7041764}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{2666C8BD-B917-4FCA-8E5F-C024D8FAD4BA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{38E72EB0-B5F3-45D5-924E-47D9CD112CEE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B251A538-60C0-4303-895A-3D533F67E8F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A58AA8E-FFB0-45DD-A1EF-5E2FE8DE4794}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC923D67-5DEB-4A45-B0AF-5C4FE97FB1E1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{169D3FC1-981D-4AC0-A728-6391AD008250}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F44E50A1-73D7-4A11-8BA8-CF03586F0756}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6E905761-8540-494B-856F-243F4143067C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
29-05-2016 18:54:24 Installed Rapport
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/29/2016 06:54:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2016 02:38:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2016 04:18:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/28/2016 01:32:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/27/2016 01:17:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/26/2016 01:06:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2016 03:53:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2016 02:35:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2016 02:29:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/25/2016 02:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/29/2016 06:53:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2
Error: (05/29/2016 02:38:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2
Error: (05/29/2016 04:18:30 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2
Error: (05/28/2016 01:32:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2
Error: (05/27/2016 08:19:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (05/27/2016 08:19:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (05/27/2016 08:19:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (05/27/2016 08:19:14 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
Error: (05/27/2016 01:17:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2
Error: (05/26/2016 01:06:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tbbLoaderService service failed to start due to the following error:
%%2
CodeIntegrity:
===================================
Date: 2016-02-02 12:11:19.488
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:19.391
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:18.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:18.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:18.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:18.522
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:18.306
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:18.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:15.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
Date: 2016-02-02 12:11:15.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Celeron® CPU G530 @ 2.40GHz
Percentage of memory in use: 47%
Total physical RAM: 3982.2 MB
Available physical RAM: 2087.7 MB
Total Virtual: 7962.58 MB
Available Virtual: 5749.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:55.8 GB) (Free:21.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: FC375C36)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Thankyou.