Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uverse Gateway says way too many connections


  • This topic is locked This topic is locked
41 replies to this topic

#1 ron90069

ron90069

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 17 November 2013 - 05:59 AM

This past afternoon, my ATT Uverse Pace 3801-HGV Gateway interrupted every web browser to announce it detected too many simultaneous network connections and to check for an instance of "Blaster".  I ran netstat -a and found 104 entries; the output is attached to this message.

The ATT Uverse internet service is 24meg down, 3 meg up.  PC is a custom built desktop.  There are three external USB freestanding drives attached.  AVG Antivirus did not find anything wrong.

I appreciate any help!

                    -- Ron     

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Ron at 2:34:50 on 2013-11-17
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.6135.3792 [GMT -8:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG201~1\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\Windows\system32\dashost.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013-1\avgcsrva.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\4Team Corporation\Safe PST Backup\SafePSTBackup.exe
C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\explorer.exe
C:\Users\Ron\Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2013-1\avgcsrva.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll
uRun: [EPSON Stylus Photo R280 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_SA9DE.tmp" /EF "HKCU"
uRun: [startUpMode] runOnceForNewUser
uRun: [Safe PST Backup] "C:\Program Files\4Team Corporation\Safe PST Backup\SafePSTBackup.exe" /autostart
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013-1\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
StartupFolder: C:\Users\Ron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
IE: Download with &FileFactory Turbo - C:\Program Files (x86)\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
IE: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} - hxxp://192.168.1.240/UltraMJCamX.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1FADAC97-56A3-4E34-AD6F-37EC20E773F9} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {B17A6CEB-057D-47DE-9F7C-0BB3FDF30F4C} - C:\Windows\SysWOW64\msiexec.exe /fpu {CB28249A-1EB5-413B-A928-EB00F8D70E26} /q
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-5 45880]
R0 mv61xx;mv61xx;C:\Windows\System32\Drivers\mv61xx.sys [2011-2-9 181040]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013-1\avgfws.exe [2013-9-4 1432080]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013-1\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013-1\avgwdsvc.exe [2013-7-23 283136]
R2 CtHdaSvc;Sound Blaster Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2013-2-14 103424]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2013-7-18 762192]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-12 1734680]
R3 cthda;Sound Blaster HDAudio;C:\Windows\System32\Drivers\cthda.sys [2013-2-14 1044760]
R3 cthdb;SB Recon3D PCIe Audio Bus Filter;C:\Windows\System32\Drivers\cthdb.sys [2013-2-14 28440]
R3 synusb64;eLicenser;C:\Windows\System32\Drivers\synusb64.sys [2013-8-13 30352]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\Drivers\yk63x64.sys [2012-10-2 295792]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-8-20 103576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-8-31 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-8-31 12384]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-11-16 11:18:16 -------- d-----w- C:\Users\Ron\AppData\Local\IsolatedStorage
2013-11-16 11:16:50 -------- d-----w- C:\Users\Ron\AppData\Roaming\4Team
2013-11-16 11:16:50 -------- d-----w- C:\Program Files\Common Files\4Team
2013-11-16 11:16:48 -------- d-----w- C:\Program Files\4Team Corporation
2013-11-16 11:16:23 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-11-16 07:39:57 -------- d-----w- C:\Users\Ron\AppData\Local\Nero_AG
2013-11-16 00:50:48 -------- d-----w- C:\Program Files (x86)\Nero
2013-11-15 14:35:00 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 14:35:00 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-15 14:26:18 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-11-15 14:26:16 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2013-11-15 14:26:15 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-11-15 14:26:14 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2013-11-15 14:26:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-11-14 00:32:33 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-11-13 07:20:17 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-13 07:20:16 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-13 07:19:22 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 07:19:22 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 07:18:54 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 07:18:20 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-13 07:18:08 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-13 07:16:57 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-13 07:16:56 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-13 07:16:43 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-11-13 07:16:43 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-11-13 07:15:25 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-13 07:15:24 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-11-08 22:00:49 -------- d-----w- C:\Program Files (x86)\WinPcap
2013-10-29 01:53:19 -------- d-----w- C:\Users\Ron\AppData\Roaming\ClassicShell
2013-10-28 19:28:38 -------- d-----w- C:\Program Files\Classic Shell
2013-10-26 22:29:55 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information
2013-10-26 22:29:54 -------- d-----w- C:\Program Files\Canon
2013-10-23 10:58:53 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-10-22 09:26:46 -------- d-----w- C:\Windows\System32\appmgmt
2013-10-21 08:12:34 53248 ----a-r- C:\Users\Ron\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-10-21 00:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll
2013-10-21 00:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll
2013-10-18 17:53:55 -------- d-----w- C:\ProgramData\UDL
2013-10-18 17:50:47 -------- d-----w- C:\ProgramData\Sony Corporation
.
==================== Find3M  ====================
.
2013-11-13 00:44:35 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-09-19 10:38:40 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll
2013-09-12 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2013-09-12 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-09-05 08:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-30 05:43:40 61784 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-08-30 05:20:13 1173504 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2013-08-29 23:48:12 914432 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\Windows\System32\win32k.sys
2013-08-22 17:09:56 256088 ----a-w- C:\Windows\System32\unrar64.dll
2013-08-22 17:09:56 217176 ----a-w- C:\Windows\SysWow64\unrar.dll
2013-08-21 06:39:29 465240 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-08-20 14:02:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-08-20 14:02:12 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-08-19 12:22:00 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-08-19 12:22:00 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH:  2:35:11.72 ===============

 

Attached Files


Edited by Platypus, 17 November 2013 - 06:03 AM.
Deleted email address to avoid you being spammed


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:37 PM

Posted 22 November 2013 - 06:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514461 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ron90069

ron90069
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 22 November 2013 - 08:40 AM

No change; there have been over 200 entries in the netstat -a output.  Sites are randomly freezing, as are programs such as Word 2010, Outlook 2010, etc.  (I use only desktop apps, not the metro interface).

The Windows (boot) drive, C:, is a SSD that's been working fine up til a week or so ago.  Now, Task Manager and Resource Monitor are showing C: in use 100%.  I ran the "System File Checker /scannow".  The output was HUGE, with close to 600 instances of "This file has no owner" and almost 700 occurances of "Double ownership ignored".  That log is uploaded here as "CBS.zip".

 

Here's a fresh run of the DDS program:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Ron at 3:39:05 on 2013-11-22
Microsoft Windows 8 Pro  6.2.9200.0.1252.1.1033.18.6135.4114 [GMT -8:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\4Team Corporation\Safe PST Backup\SafePSTBackup.exe
C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgui.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\AVG\AVG2013-1\avgcfgex.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll
uRun: [EPSON Stylus Photo R280 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_SA9DE.tmp" /EF "HKCU"
uRun: [startUpMode] runOnceForNewUser
uRun: [Safe PST Backup] "C:\Program Files\4Team Corporation\Safe PST Backup\SafePSTBackup.exe" /autostart
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013-1\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PowerPanel Personal Edition User Interaction] C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
StartupFolder: C:\Users\Ron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
IE: Download with &FileFactory Turbo - C:\Program Files (x86)\FileFactory Turbo\Plugins\IE\FileFactoryIE.html
IE: Download with Mipony - C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} - hxxp://192.168.1.240/UltraMJCamX.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1FADAC97-56A3-4E34-AD6F-37EC20E773F9} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {B17A6CEB-057D-47DE-9F7C-0BB3FDF30F4C} - C:\Windows\SysWOW64\msiexec.exe /fpu {CB28249A-1EB5-413B-A928-EB00F8D70E26} /q
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\Drivers\avgrkx64.sys [2013-9-5 45880]
R0 mv61xx;mv61xx;C:\Windows\System32\Drivers\mv61xx.sys [2011-2-9 181040]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgwfpa;AVG Firewall Driver;C:\Windows\System32\Drivers\avgwfpa.sys [2013-7-18 248632]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013-1\avgwdsvc.exe [2013-7-23 283136]
R2 CtHdaSvc;Sound Blaster Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2013-2-14 103424]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [2013-11-21 1643696]
R3 cthda;Sound Blaster HDAudio;C:\Windows\System32\Drivers\cthda.sys [2013-2-14 1044760]
R3 cthdb;SB Recon3D PCIe Audio Bus Filter;C:\Windows\System32\Drivers\cthdb.sys [2013-2-14 28440]
R3 synusb64;eLicenser;C:\Windows\System32\Drivers\synusb64.sys [2013-8-13 30352]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
R3 yukonw8;NDIS6.3 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\Drivers\yk63x64.sys [2012-10-2 295792]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\Windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013-1\avgfws.exe [2013-9-4 1432080]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013-1\avgidsagent.exe [2013-7-4 4939312]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-8-20 103576]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-8-31 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-8-31 12384]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-8-20 204568]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-11-21 18:33:32 -------- d-----w- C:\Program Files (x86)\PasswordBox
2013-11-21 18:32:37 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-11-16 11:18:16 -------- d-----w- C:\Users\Ron\AppData\Local\IsolatedStorage
2013-11-16 11:16:50 -------- d-----w- C:\Users\Ron\AppData\Roaming\4Team
2013-11-16 11:16:50 -------- d-----w- C:\Program Files\Common Files\4Team
2013-11-16 11:16:48 -------- d-----w- C:\Program Files\4Team Corporation
2013-11-16 11:16:23 -------- d-----w- C:\ProgramData\Downloaded Installations
2013-11-16 07:39:57 -------- d-----w- C:\Users\Ron\AppData\Local\Nero_AG
2013-11-15 14:35:00 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-15 14:35:00 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-15 14:26:18 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-11-15 14:26:16 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2013-11-15 14:26:15 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2013-11-15 14:26:14 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2013-11-15 14:26:13 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-11-14 00:32:33 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-11-13 07:20:17 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-13 07:20:16 1022976 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-13 07:19:22 1890816 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-13 07:19:22 1569280 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-11-13 07:18:54 576512 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-11-13 07:18:20 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-13 07:18:08 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-13 07:16:57 2062848 ----a-w- C:\Windows\System32\d3d11.dll
2013-11-13 07:16:56 1711616 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-11-13 07:16:43 419328 ----a-w- C:\Windows\System32\schannel.dll
2013-11-13 07:16:43 323072 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-11-13 07:15:25 2035712 ----a-w- C:\Windows\SysWow64\authui.dll
2013-11-13 07:15:24 2304512 ----a-w- C:\Windows\System32\authui.dll
2013-11-08 22:00:49 -------- d-----w- C:\Program Files (x86)\WinPcap
2013-10-29 01:53:19 -------- d-----w- C:\Users\Ron\AppData\Roaming\ClassicShell
2013-10-28 19:28:38 -------- d-----w- C:\Program Files\Classic Shell
2013-10-26 22:29:55 -------- d--h--w- C:\Windows\System32\CanonMF Uninstaller Information
2013-10-26 22:29:54 -------- d-----w- C:\Program Files\Canon
.
==================== Find3M  ====================
.
2013-11-21 18:30:28 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-10-21 00:47:24 329216 ----a-w- C:\Windows\System32\StartMenuHelper64.dll
2013-10-21 00:46:56 268288 ----a-w- C:\Windows\SysWow64\StartMenuHelper32.dll
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-10 11:53:35 96600 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys
2013-10-10 09:21:20 1160192 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-10 09:20:43 723968 ----a-w- C:\Windows\System32\BFE.DLL
2013-09-19 10:38:40 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-09-13 22:36:37 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-09-13 22:36:23 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-09-13 22:36:23 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-09-13 22:36:14 247296 ----a-w- C:\Windows\SysWow64\ubpm.dll
2013-09-13 22:34:14 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-09-13 22:33:55 252928 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2013-09-13 22:33:55 142848 ----a-w- C:\Windows\System32\wuwebv.dll
2013-09-13 22:33:54 99328 ----a-w- C:\Windows\System32\wudriver.dll
2013-09-13 22:33:54 1622016 ----a-w- C:\Windows\System32\wucltux.dll
2013-09-13 22:33:42 328192 ----a-w- C:\Windows\System32\ubpm.dll
2013-09-13 22:33:39 175104 ----a-w- C:\Windows\System32\storewuauth.dll
2013-09-12 18:00:00 127488 ----a-w- C:\Windows\System32\ff_vfw.dll
2013-09-12 18:00:00 112640 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2013-09-05 08:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-30 05:43:40 61784 ----a-w- C:\Windows\System32\drivers\crashdmp.sys
2013-08-30 05:20:13 1173504 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2013-08-29 23:48:12 914432 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
.
============= FINISH:  3:39:31.79 ===============

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:37 PM

Posted 03 December 2013 - 09:41 AM

Greetings Ron and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please run this program for me so we can see a current snapshot of your computer.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ron90069

ron90069
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 06 December 2013 - 02:15 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by Ron (administrator) on RH2 on 05-12-2013 22:41:32
Running from C:\Users\Ron\Desktop
Windows 8 Pro (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgemca.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgcsrva.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Dropbox, Inc.) C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013-1\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [EPSON Stylus Photo R280 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE /FU "C:\Windows\TEMP\E_SA9DE.tmp" /EF "HKCU"
HKCU\...\Run: [Safe PST Backup] - "C:\Program Files\4Team Corporation\Safe PST Backup\SafePSTBackup.exe" /autostart
MountPoints2: {b38954a4-0286-11e3-be66-806e6f6e6963} - "explorer.exe" index.html
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013-1\avgui.exe [4411952 2013-09-23] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2334384 2013-11-21] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [350184 2012-08-03] (Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
Startup: C:\Users\Ron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} http://192.168.1.240/UltraMJCamX.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Chrome:
=======
CHR RestoreOnStartup:       "urls_to_restore_on_startup": null
CHR Extension: (Chrome Remote Desktop) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\30.0.1599.86_0
CHR Extension: (Freemake Video Converter) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_1
CHR Extension: (AVG SafeGuard) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.3.3_0
CHR Extension: (Google Wallet) - C:\Users\Ron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.1.3.3\avg.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013-1\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013-1\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013-1\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103424 2013-02-14] (Creative Technology Ltd)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [1643696 2013-11-21] (AVG Secure Search)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-14] (Western Digital)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-06-14] (Western Digital )
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-18] (AVG Technologies CZ, s.r.o.)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1044760 2013-02-14] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [28440 2013-02-14] (Creative Technology Ltd)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [181040 2011-02-09] (Marvell Semiconductor, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-08-20] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-08-20] ()
R3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295792 2012-10-02] (Marvell)
S3 SliceDisk5; \??\C:\Users\Ron\AppData\Local\Temp\HBCD\PartitionFindAndMount\slicedisk-x64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-05 22:41 - 2013-12-05 22:41 - 00013656 _____ C:\Users\Ron\Desktop\FRST.txt
2013-12-05 22:41 - 2013-12-05 22:41 - 00000000 ____D C:\FRST
2013-12-05 22:40 - 2013-12-05 22:40 - 01925140 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2013-12-05 19:24 - 2013-12-05 19:24 - 00000000 ____D C:\ProgramData\ClassicShell
2013-12-01 11:09 - 2013-12-01 11:09 - 00000436 __RSH C:\Users\Ron\ntuser.pol
2013-11-30 22:13 - 2013-11-30 22:13 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2013-11-30 22:13 - 2013-11-30 22:13 - 00003510 _____ C:\Windows\System32\Tasks\iolo System Checkup
2013-11-30 22:13 - 2013-11-30 22:13 - 00001186 _____ C:\Users\Ron\Desktop\System Checkup.lnk
2013-11-30 22:13 - 2013-11-30 22:13 - 00000000 ____D C:\ProgramData\iolo
2013-11-30 22:13 - 2013-11-30 22:13 - 00000000 ____D C:\Program Files (x86)\iolo
2013-11-30 22:12 - 2013-11-30 22:13 - 07252672 _____ C:\Users\Ron\Downloads\SCUDownloader.exe
2013-11-26 23:13 - 2013-11-28 01:04 - 00000445 _____ C:\Windows\LkmdfCoInst.log
2013-11-26 13:25 - 2013-11-26 13:26 - 00280712 _____ C:\Windows\Minidump\112613-111431-01.dmp
2013-11-22 19:20 - 2013-11-22 19:20 - 00000000 ____D C:\Users\Ron\AppData\Local\Western_Digital
2013-11-22 17:10 - 2013-11-22 17:10 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-22 17:10 - 2013-11-22 17:10 - 00000000 ____D C:\Program Files\Western Digital
2013-11-22 17:08 - 2013-11-22 17:15 - 00010862 _____ C:\Windows\DPINST.LOG
2013-11-22 17:08 - 2013-11-22 17:10 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-22 04:37 - 2013-11-22 04:37 - 00003304 _____ C:\Users\Ron\Desktop\attach.zip
2013-11-22 04:03 - 2013-11-22 04:04 - 00005772 _____ C:\Windows\system32\netstatThurs3.txt
2013-11-22 03:50 - 2013-11-22 03:57 - 00005959 _____ C:\Windows\system32\netstatThurs2.txt
2013-11-22 03:42 - 2013-11-22 03:42 - 00004011 _____ C:\Windows\system32\netstatThurs.txt
2013-11-22 01:05 - 2013-11-22 01:09 - 00000744 __RSH C:\ProgramData\ntuser.pol
2013-11-22 00:18 - 2013-11-22 00:18 - 00256302 _____ C:\Users\Ron\Downloads\GoogleUpdate.adm
2013-11-21 10:33 - 2013-12-05 14:24 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-11-21 10:32 - 2013-11-21 10:33 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-11-21 07:38 - 2013-11-21 07:43 - 00000000 ____D C:\Users\Administrator\Documents\Outlook Files
2013-11-21 07:35 - 2013-10-28 11:28 - 00002165 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2013-11-21 07:33 - 2013-11-21 07:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2013-11-21 07:32 - 2013-11-21 07:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2013-11-21 07:32 - 2013-11-21 07:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2013
2013-11-21 07:32 - 2013-11-21 07:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2013
2013-11-21 07:29 - 2013-11-21 07:29 - 00001437 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-21 07:29 - 2013-11-21 07:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 07:29 - 2013-11-21 07:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-21 07:29 - 2013-11-21 07:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-11-21 07:26 - 2013-11-21 07:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2013-11-21 07:26 - 2013-11-21 07:29 - 00000000 ____D C:\Users\Administrator
2013-11-21 07:26 - 2013-11-21 07:26 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-11-21 07:26 - 2013-08-27 07:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TuneUp Software
2013-11-21 07:26 - 2013-08-15 13:51 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-11-21 07:26 - 2013-08-12 11:50 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-11-21 07:26 - 2013-08-12 01:09 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-11-21 07:26 - 2012-07-26 00:13 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-21 07:26 - 2012-07-26 00:13 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-19 10:01 - 2013-11-19 10:18 - 00000000 _____ C:\Windows\system32\tues-test.txt
2013-11-18 10:41 - 2013-11-18 10:46 - 00013463 _____ C:\Windows\system32\netstatMon.txt
2013-11-17 02:46 - 2013-11-17 02:47 - 00006569 _____ C:\Windows\system32\netstat_output.txt
2013-11-17 02:35 - 2013-11-22 03:39 - 00018496 _____ C:\Users\Ron\Desktop\dds.txt
2013-11-17 02:35 - 2013-11-22 03:39 - 00012284 _____ C:\Users\Ron\Desktop\attach.txt
2013-11-17 02:34 - 2013-11-17 02:34 - 00688992 ____R (Swearware) C:\Users\Ron\Downloads\dds.com
2013-11-17 02:19 - 2013-11-17 02:22 - 00010849 _____ C:\Users\Ron\Downloads\hijackthis.log
2013-11-17 02:18 - 2013-11-17 02:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ron\Downloads\HijackThis.exe
2013-11-16 03:19 - 2013-11-17 08:57 - 00003898 _____ C:\Windows\System32\Tasks\4Team updater
2013-11-16 03:18 - 2013-11-16 03:18 - 00000000 ____D C:\Users\Ron\AppData\Local\IsolatedStorage
2013-11-16 03:16 - 2013-11-18 20:30 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-11-16 03:16 - 2013-11-16 03:17 - 00000000 ____D C:\Users\Ron\AppData\Roaming\4Team
2013-11-16 03:10 - 2013-11-16 03:10 - 06493649 _____ (4Team Corporation) C:\Users\Ron\Downloads\safepstbackup_setup.exe
2013-11-15 23:39 - 2013-11-18 20:26 - 00000000 ____D C:\Users\Ron\AppData\Local\Nero_AG
2013-11-15 06:35 - 2013-11-05 14:58 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-15 06:35 - 2013-11-05 14:58 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-15 06:26 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2013-11-15 06:26 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2013-11-15 06:26 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-11-15 06:26 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-11-15 06:26 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-11-15 05:48 - 2013-11-15 05:50 - 191168976 _____ (Nero AG) C:\Users\Ron\Downloads\Nero_MediaHome-15.0.00900_free.exe
2013-11-14 18:17 - 2013-11-14 18:17 - 00018608 _____ C:\Users\Ron\Downloads\B of A checking - Jan-Oct 2013.xlsx
2013-11-14 16:19 - 2013-11-20 21:36 - 00019039 _____ C:\Users\Ron\Downloads\stmt.csv
2013-11-12 23:20 - 2013-10-02 15:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 23:20 - 2013-10-01 14:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-12 23:19 - 2013-10-01 15:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-12 23:19 - 2013-10-01 15:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 23:18 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 23:18 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 23:18 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 23:18 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 23:18 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 23:18 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 23:18 - 2013-09-03 19:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 23:17 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 23:17 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 23:17 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 23:17 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 23:17 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 23:17 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 23:17 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 23:17 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 23:17 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 23:17 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 23:17 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 23:17 - 2013-10-10 03:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2013-11-12 23:17 - 2013-10-10 01:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 23:17 - 2013-10-10 01:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2013-11-12 23:16 - 2013-09-23 14:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 23:16 - 2013-09-23 14:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-12 23:16 - 2013-08-22 23:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-12 23:16 - 2013-08-22 17:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-12 23:15 - 2013-10-01 15:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-12 23:15 - 2013-10-01 15:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-08 19:46 - 2013-07-31 13:08 - 02799296 _____ (Sysinternals - www.sysinternals.com) C:\Users\Ron\Downloads\procexp.exe
2013-11-08 19:46 - 2012-10-15 14:23 - 00072154 _____ C:\Users\Ron\Downloads\procexp.chm
2013-11-08 19:46 - 2006-07-28 09:32 - 00007005 _____ C:\Users\Ron\Downloads\Eula.txt
2013-11-08 19:45 - 2013-11-08 19:45 - 01191834 _____ C:\Users\Ron\Downloads\ProcessExplorer.zip
2013-11-08 14:06 - 2013-11-08 14:06 - 00036721 _____ C:\Users\Ron\motorcyucles.avi
2013-11-08 14:00 - 2013-11-08 14:01 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-11-06 14:36 - 2013-11-06 14:36 - 01873344 _____ ( ) C:\Users\Ron\Downloads\AVG_Browser_configuration_tool.exe
2013-11-05 08:04 - 2013-11-24 03:05 - 00000000 ____D C:\Users\Ron\Desktop\Alexander Thomas's Projects

==================== One Month Modified Files and Folders =======

2013-12-05 22:41 - 2013-12-05 22:41 - 00013656 _____ C:\Users\Ron\Desktop\FRST.txt
2013-12-05 22:41 - 2013-12-05 22:41 - 00000000 ____D C:\FRST
2013-12-05 22:41 - 2013-10-28 17:53 - 00000000 ____D C:\Users\Ron\AppData\Roaming\ClassicShell
2013-12-05 22:40 - 2013-12-05 22:40 - 01925140 _____ (Farbar) C:\Users\Ron\Desktop\FRST64.exe
2013-12-05 22:37 - 2013-08-12 11:30 - 00000000 ____D C:\Users\Ron\Documents\Outlook Files
2013-12-05 22:02 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\system32\sru
2013-12-05 22:01 - 2013-08-13 04:50 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 21:38 - 2013-08-16 07:35 - 00000000 ____D C:\ProgramData\MFAData
2013-12-05 21:03 - 2013-08-11 05:10 - 01192627 _____ C:\Windows\WindowsUpdate.log
2013-12-05 19:24 - 2013-12-05 19:24 - 00000000 ____D C:\ProgramData\ClassicShell
2013-12-05 17:01 - 2013-08-13 04:50 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-05 16:48 - 2013-08-21 03:12 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{FBD5AAA8-CF2C-42AE-BAF1-AB3192AE8A2B}
2013-12-05 15:31 - 2013-10-02 06:53 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2013-12-05 15:31 - 2013-08-11 05:18 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3703292402-2291444640-1778923077-1001
2013-12-05 15:03 - 2013-08-13 01:04 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Dropbox
2013-12-05 14:48 - 2013-08-13 01:06 - 00000000 ___RD C:\Users\Ron\Dropbox
2013-12-05 14:45 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2013-12-05 14:24 - 2013-11-21 10:33 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-12-05 14:22 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 18:17 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-12-01 15:38 - 2013-08-11 05:10 - 00000000 ____D C:\Users\Ron
2013-12-01 15:34 - 2013-08-11 14:04 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Skype
2013-12-01 11:09 - 2013-12-01 11:09 - 00000436 __RSH C:\Users\Ron\ntuser.pol
2013-11-30 22:13 - 2013-11-30 22:13 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2013-11-30 22:13 - 2013-11-30 22:13 - 00003510 _____ C:\Windows\System32\Tasks\iolo System Checkup
2013-11-30 22:13 - 2013-11-30 22:13 - 00001186 _____ C:\Users\Ron\Desktop\System Checkup.lnk
2013-11-30 22:13 - 2013-11-30 22:13 - 00000000 ____D C:\ProgramData\iolo
2013-11-30 22:13 - 2013-11-30 22:13 - 00000000 ____D C:\Program Files (x86)\iolo
2013-11-30 22:13 - 2013-11-30 22:12 - 07252672 _____ C:\Users\Ron\Downloads\SCUDownloader.exe
2013-11-29 11:33 - 2013-08-11 14:03 - 00000000 ____D C:\ProgramData\Skype
2013-11-29 11:32 - 2013-08-11 14:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-28 20:40 - 2013-10-13 19:34 - 00000000 ____D C:\Users\Ron\AppData\Roaming\Mipony
2013-11-28 01:04 - 2013-11-26 23:13 - 00000445 _____ C:\Windows\LkmdfCoInst.log
2013-11-27 14:26 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-26 23:13 - 2013-08-13 14:37 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-11-26 13:31 - 2013-08-11 22:42 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-11-26 13:26 - 2013-11-26 13:25 - 00280712 _____ C:\Windows\Minidump\112613-111431-01.dmp
2013-11-26 13:25 - 2013-08-27 19:15 - 00000000 ____D C:\Windows\Minidump
2013-11-26 08:57 - 2013-10-29 02:47 - 00087552 ___SH C:\Users\Ron\Desktop\Thumbs.db
2013-11-24 10:49 - 2013-09-30 13:52 - 00000000 ____D C:\Program Files (x86)\NirSoft
2013-11-24 03:05 - 2013-11-05 08:04 - 00000000 ____D C:\Users\Ron\Desktop\Alexander Thomas's Projects
2013-11-23 09:15 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\LiveKernelReports
2013-11-22 19:20 - 2013-11-22 19:20 - 00000000 ____D C:\Users\Ron\AppData\Local\Western_Digital
2013-11-22 17:15 - 2013-11-22 17:08 - 00010862 _____ C:\Windows\DPINST.LOG
2013-11-22 17:10 - 2013-11-22 17:10 - 00000000 ____D C:\ProgramData\Western Digital
2013-11-22 17:10 - 2013-11-22 17:10 - 00000000 ____D C:\Program Files\Western Digital
2013-11-22 17:10 - 2013-11-22 17:08 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-11-22 17:02 - 2012-07-25 23:28 - 00852234 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 04:37 - 2013-11-22 04:37 - 00003304 _____ C:\Users\Ron\Desktop\attach.zip
2013-11-22 04:04 - 2013-11-22 04:03 - 00005772 _____ C:\Windows\system32\netstatThurs3.txt
2013-11-22 03:57 - 2013-11-22 03:50 - 00005959 _____ C:\Windows\system32\netstatThurs2.txt
2013-11-22 03:42 - 2013-11-22 03:42 - 00004011 _____ C:\Windows\system32\netstatThurs.txt
2013-11-22 03:39 - 2013-11-17 02:35 - 00018496 _____ C:\Users\Ron\Desktop\dds.txt
2013-11-22 03:39 - 2013-11-17 02:35 - 00012284 _____ C:\Users\Ron\Desktop\attach.txt
2013-11-22 01:09 - 2013-11-22 01:05 - 00000744 __RSH C:\ProgramData\ntuser.pol
2013-11-22 00:20 - 2012-07-26 00:12 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2013-11-22 00:18 - 2013-11-22 00:18 - 00256302 _____ C:\Users\Ron\Downloads\GoogleUpdate.adm
2013-11-21 10:33 - 2013-11-21 10:32 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-11-21 10:32 - 2013-08-16 15:47 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-11-21 10:30 - 2013-08-16 15:47 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-21 10:17 - 2013-09-04 07:02 - 00007639 _____ C:\Users\Ron\AppData\Local\resmon.resmoncfg
2013-11-21 07:43 - 2013-11-21 07:38 - 00000000 ____D C:\Users\Administrator\Documents\Outlook Files
2013-11-21 07:37 - 2013-11-21 07:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell
2013-11-21 07:32 - 2013-11-21 07:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Logitech
2013-11-21 07:32 - 2013-11-21 07:32 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\AVG2013
2013-11-21 07:32 - 2013-11-21 07:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\Avg2013
2013-11-21 07:31 - 2013-08-11 05:11 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-11-21 07:29 - 2013-11-21 07:29 - 00001437 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-21 07:29 - 2013-11-21 07:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-21 07:29 - 2013-11-21 07:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-21 07:29 - 2013-11-21 07:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-11-21 07:29 - 2013-11-21 07:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2013-11-21 07:29 - 2013-11-21 07:26 - 00000000 ____D C:\Users\Administrator
2013-11-21 07:26 - 2013-11-21 07:26 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-11-21 03:19 - 2013-08-19 05:59 - 00224768 ___SH C:\Users\Ron\Downloads\Thumbs.db
2013-11-21 02:25 - 2013-10-22 19:44 - 00002786 _____ C:\Windows\setupact.log
2013-11-20 21:36 - 2013-11-14 16:19 - 00019039 _____ C:\Users\Ron\Downloads\stmt.csv
2013-11-19 10:18 - 2013-11-19 10:01 - 00000000 _____ C:\Windows\system32\tues-test.txt
2013-11-18 20:31 - 2013-10-28 11:28 - 00000000 ____D C:\Program Files\Classic Shell
2013-11-18 20:31 - 2013-08-15 02:29 - 00000000 ____D C:\Program Files\7-Zip
2013-11-18 20:31 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-18 20:31 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2013-11-18 20:30 - 2013-11-16 03:16 - 00000000 ____D C:\ProgramData\Downloaded Installations
2013-11-18 20:30 - 2013-08-26 05:57 - 00000000 ____D C:\Program Files\WinRAR
2013-11-18 20:30 - 2013-08-12 00:27 - 00000000 ____D C:\Users\Ron\AppData\Local\Microsoft Help
2013-11-18 20:30 - 2012-07-26 00:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-18 20:26 - 2013-11-15 23:39 - 00000000 ____D C:\Users\Ron\AppData\Local\Nero_AG
2013-11-18 20:26 - 2013-09-09 15:05 - 00000000 ____D C:\Users\Ron\AppData\Local\Nero
2013-11-18 20:25 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\system32\Macromed
2013-11-18 20:25 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache
2013-11-18 20:25 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\Cursors
2013-11-18 20:25 - 2012-07-25 21:38 - 00000000 ____D C:\Windows\system32\Sysprep
2013-11-18 20:24 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-18 20:24 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-11-18 20:22 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\registration
2013-11-18 10:46 - 2013-11-18 10:41 - 00013463 _____ C:\Windows\system32\netstatMon.txt
2013-11-18 04:29 - 2013-10-22 01:26 - 00000000 ____D C:\Windows\system32\appmgmt
2013-11-18 04:26 - 2013-09-09 07:23 - 00000000 ____D C:\ProgramData\Nero
2013-11-17 09:59 - 2013-10-23 02:55 - 00008308 _____ C:\Windows\PFRO.log
2013-11-17 09:45 - 2013-08-12 00:27 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-17 08:57 - 2013-11-16 03:19 - 00003898 _____ C:\Windows\System32\Tasks\4Team updater
2013-11-17 02:47 - 2013-11-17 02:46 - 00006569 _____ C:\Windows\system32\netstat_output.txt
2013-11-17 02:34 - 2013-11-17 02:34 - 00688992 ____R (Swearware) C:\Users\Ron\Downloads\dds.com
2013-11-17 02:22 - 2013-11-17 02:19 - 00010849 _____ C:\Users\Ron\Downloads\hijackthis.log
2013-11-17 02:18 - 2013-11-17 02:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Ron\Downloads\HijackThis.exe
2013-11-16 03:18 - 2013-11-16 03:18 - 00000000 ____D C:\Users\Ron\AppData\Local\IsolatedStorage
2013-11-16 03:17 - 2013-11-16 03:16 - 00000000 ____D C:\Users\Ron\AppData\Roaming\4Team
2013-11-16 03:10 - 2013-11-16 03:10 - 06493649 _____ (4Team Corporation) C:\Users\Ron\Downloads\safepstbackup_setup.exe
2013-11-15 05:50 - 2013-11-15 05:48 - 191168976 _____ (Nero AG) C:\Users\Ron\Downloads\Nero_MediaHome-15.0.00900_free.exe
2013-11-14 18:17 - 2013-11-14 18:17 - 00018608 _____ C:\Users\Ron\Downloads\B of A checking - Jan-Oct 2013.xlsx
2013-11-14 16:05 - 2013-08-13 04:50 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 12:10 - 2013-08-12 01:25 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 12:05 - 2013-08-12 01:00 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-08 19:45 - 2013-11-08 19:45 - 01191834 _____ C:\Users\Ron\Downloads\ProcessExplorer.zip
2013-11-08 14:06 - 2013-11-08 14:06 - 00036721 _____ C:\Users\Ron\motorcyucles.avi
2013-11-08 14:01 - 2013-11-08 14:00 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-11-08 13:42 - 2013-09-05 01:49 - 00000000 ____D C:\Program Files (x86)\FVD Suite
2013-11-06 14:36 - 2013-11-06 14:36 - 01873344 _____ ( ) C:\Users\Ron\Downloads\AVG_Browser_configuration_tool.exe
2013-11-05 14:58 - 2013-11-15 06:35 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-05 14:58 - 2013-11-15 06:35 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 09:00 - 2013-08-22 00:18 - 00000000 ____D C:\Users\Ron\.VirtualBox

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-28 03:55

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2013
Ran by Ron at 2013-12-05 22:42:11
Running from C:\Users\Ron\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Airlink101 SkyIPCam Utility (x32 Version: 1.0.4)
Airlink101 SkyIPCam View ver.1.2.0.3 (x32 Version: 1.2.3)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
AVG 2013 (Version: 13.0.3426)
AVG 2013 (Version: 13.0.3658)
AVG 2013 (Version: 2013.0.3426)
Bonjour (Version: 2.0.4.0)
Canon MF Toolbox 4.9.1.1.mf15 (x32 Version: 4.9.1.1.mf15)
Canon MF4100 Series
Classic Shell (Version: 4.0.2)
Coupon Printer for Windows (x32 Version: 5.0.0.3)
CyberPower PowerPanel Personal Edition 1.3.4 (x32 Version: 1.3.4)
Data Lifeguard Diagnostic for Windows 1.24 (x32)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dropbox (HKCU Version: 2.0.26)
EaseUS Data Recovery Wizard 6.1 (x32)
eLicenser Control (x32)
Epson Easy Photo Print 2 (x32 Version: 2.4.1.0)
Epson Print CD (x32 Version: 2.00.00)
EPSON Printer Software
eReg (x32 Version: 1.20.138.34)
Freemake Video Converter version 4.0.4 (x32 Version: 4.0.4)
FVD Suite 3.0.0 (x32)
GOM Player (x32 Version: 2.2.53.5169)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.21.165)
Ipswitch WS_FTP Pro Uninstall (x32)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
K-Lite Mega Codec Pack 10.0.9 (x32 Version: 10.0.9)
Logitech SetPoint 6.61 (Version: 6.61.15)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MiPony 2.1.0 (x32 Version: 2.1.0)
Oracle VM VirtualBox 4.2.16 (Version: 4.2.16)
PDFCreator (x32 Version: 1.7.1)
Plex Media Server (x32 Version: 0.9.804)
QuickTime (x32 Version: 7.74.80.86)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.11 (x32 Version: 6.11.102)
System Checkup 3.5 (x32 Version: 3.5.0.23)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WD SES Driver Setup (x32 Version: 1.0.2.3)
WD SmartWare (Version: 1.6.2.6)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
WinRAR 5.00 beta 8 (64-bit) (Version: 5.00.8)
Yahoo! Messenger (x32)

==================== Restore Points  =========================

19-11-2013 03:45:01 Restore Operation
23-11-2013 01:08:22 Installed WD SES Driver Setup
26-11-2013 17:05:20 Generic backup 11-26-13
01-12-2013 12:12:00 Removed 4Team Safe PST Backup Free Edition.

==================== Hosts content: ==========================

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {6AFEA5A0-C578-4681-A439-1EF04B9BD8F4} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
Task: {7A079B4C-A141-47D0-BD3B-087DDBB48F7A} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2013-11-30] ()
Task: {8E7428E2-0CEC-4CD4-A40D-DC60BEE8EA2B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {9E07BDA5-EA3A-417B-A2AD-82CB3F24C695} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CCEF1F8F-C8E2-4BCD-8B8D-5678F6C796FC} - System32\Tasks\4Team updater => C:\Program Files\4Team Corporation\4Team-Updater\4Team-Updater.exe
Task: {E9E2F8B4-33B5-4A6D-BC43-2462B75F29A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-13] (Google Inc.)
Task: {FFD139DD-420F-4735-96CC-29AF785CF7C6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-13] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-07-25 23:58 - 2012-07-25 23:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-11-01 12:11 - 2013-11-01 12:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-11-21 10:32 - 2013-11-21 10:30 - 00521904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\log4cplusU.dll
2013-03-13 12:48 - 2013-03-13 12:48 - 24978944 _____ () C:\Users\Ron\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Ron\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Ron\Documents\.DS_Store:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2013 05:16:36 PM) (Source: Microsoft-Windows-Defrag) (User: )
Description: The volume P - Seagate Expansion Drive (P:) was not optimized because an error was encountered: The system cannot find the file specified. (0x80070002)

Error: (12/05/2013 03:29:58 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1696.  Message ID: [0x2509].

Error: (12/05/2013 03:29:00 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 860.  Message ID: [0x2509].

Error: (12/05/2013 03:25:43 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6176.  Message ID: [0x2509].

Error: (12/05/2013 03:23:16 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 7136.  Message ID: [0x2509].

Error: (12/05/2013 03:19:25 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5388.  Message ID: [0x2509].

Error: (12/05/2013 03:16:51 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3892.  Message ID: [0x2509].

Error: (12/05/2013 03:15:30 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6936.  Message ID: [0x2509].

Error: (12/05/2013 03:08:12 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 732.  Message ID: [0x2509].

Error: (12/05/2013 03:04:02 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2584.  Message ID: [0x2509].

System errors:
=============
Error: (12/01/2013 06:17:12 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the msiserver service.

Error: (12/01/2013 06:16:42 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Error: (12/01/2013 06:16:39 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/01/2013 03:39:29 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WDBackup service.

Error: (12/01/2013 03:38:52 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

Error: (12/01/2013 03:38:45 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (12/01/2013 09:37:02 AM) (Source: Virtual Disk Service) (User: )
Description: Unexpected failure. Error code: C000000E@020A0007

Error: (12/01/2013 09:37:02 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 2@01010013

Error: (12/01/2013 09:37:02 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 2@01010013

Error: (12/01/2013 09:37:02 AM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: 2@01010013

Microsoft Office Sessions:
=========================
Error: (12/05/2013 05:16:36 PM) (Source: Microsoft-Windows-Defrag)(User: )
Description: P - Seagate Expansion Drive (P:)The system cannot find the file specified. (0x80070002)

Error: (12/05/2013 03:29:58 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1696.  Message ID: [0x2509].

Error: (12/05/2013 03:29:00 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 860.  Message ID: [0x2509].

Error: (12/05/2013 03:25:43 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6176.  Message ID: [0x2509].

Error: (12/05/2013 03:23:16 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 7136.  Message ID: [0x2509].

Error: (12/05/2013 03:19:25 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5388.  Message ID: [0x2509].

Error: (12/05/2013 03:16:51 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3892.  Message ID: [0x2509].

Error: (12/05/2013 03:15:30 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6936.  Message ID: [0x2509].

Error: (12/05/2013 03:08:12 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 732.  Message ID: [0x2509].

Error: (12/05/2013 03:04:02 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18051 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2584.  Message ID: [0x2509].

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 6135.1 MB
Available physical RAM: 3944.11 MB
Total Pagefile: 7159.1 MB
Available Pagefile: 4900.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (C - SSD) (Fixed) (Total:119.24 GB) (Free:68.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (D - Seagate 400gig) (Fixed) (Total:372.61 GB) (Free:14.77 GB) NTFS
Drive e: (E - SSD Corsair 60gig) (Fixed) (Total:55.9 GB) (Free:46.65 GB) NTFS
Drive f: (F - 500gig WW1) (Fixed) (Total:26.33 GB) (Free:26.18 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (G - 400gig partition 1) (Fixed) (Total:128 GB) (Free:26.11 GB) NTFS
Drive h: (H - Partition 2 of G) (Fixed) (Total:244.61 GB) (Free:13.49 GB) NTFS
Drive i: (I - Sea 2gig part 1) (Fixed) (Total:488.28 GB) (Free:31.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive j: (J - part 2 of F) (Fixed) (Total:439.42 GB) (Free:251.99 GB) NTFS
Drive l: (L - USB My Book) (Fixed) (Total:2794.49 GB) (Free:86.96 GB) NTFS
Drive m: (M - Sea 2gig part 2 of I) (Fixed) (Total:1374.73 GB) (Free:15.43 GB) NTFS
Drive n: (N - Sea new 2TB) (Fixed) (Total:1863.01 GB) (Free:165.22 GB) NTFS
Drive o: (O - VERBATM) (Fixed) (Total:1862.56 GB) (Free:581.92 GB) FAT32
Drive p: (P - Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:42.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 1A8C1A8B)
Partition 1: (Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-722914506752) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 85F9FB2D)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AF8F9DE4)
Partition 1: (Active) - (Size=26 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=439 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 373 GB) (Disk ID: 00000001)
Partition 1: (Active) - (Size=128 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=245 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 373 GB) (Disk ID: BAC7473A)
Partition 1: (Not Active) - (Size=373 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 480A480A)
Partition 1: (Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows 7 or Vista) (Size: 56 GB) (Disk ID: 36E6A109)
Partition 1: (Not Active) - (Size=56 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 7.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 8.

========================================================
Disk: 9 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: E2F3A821)
Partition 1: (Active) - (Size=-198626966528) - (Type=0C)

==================== End Of Log ============================

 

 

 

 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:37 PM

Posted 06 December 2013 - 11:10 AM

Hi Ron,

Are these entries familiar to you? The are related to Apple Filing Protocol.

AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Ron\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Ron\Documents\.DS_Store:AFP_AfpInfo


Please do these for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • When you run the tool this is what you will see

MiniReg.gif

  • Copy and paste the following into the edit box:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize entries?
  • Fixlog
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:37 PM

Posted 09 December 2013 - 11:11 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 ron90069

ron90069
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 09 December 2013 - 10:37 PM

Here are the results.

1. Not familiar with those three keys, but at one point iTunes was installed.

 

2. Done.  Output appears below.

 

3. You asked me to paste "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" into MiniRegTool64.  That returned no content.

I tried this instead, which did work.  The output appears below.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2

 

And yes, the problem is ongoing.

                                                                      -- Ron

 

--------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2013
Ran by Ron at 2013-12-06 13:14:48 Run:1
Running from C:\Users\Ron\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

 

--------------------------------------

 

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{42662991-20dd-11e3-be84-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,20,00,\
  00,4f,3e,53,9e,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,38,00,35,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,31,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  32,00,36,00,36,00,32,00,39,00,39,00,31,00,2d,00,32,00,30,00,64,00,64,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,45,00,20,00,2d,00,20,00,53,00,53,00,44,00,20,00,43,00,6f,00,72,00,73,00,\
  61,00,69,00,72,00,20,00,36,00,30,00,67,00,69,00,67,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{42662995-20dd-11e3-be84-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,10,00,00,00,ff,03,00,84,bd,ad,\
  db,ba,00,00,00,00,00,00,00,00,00,00,00,00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,\
  ba,bd,ad,db,ba,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,43,\
  00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,48,00,4c,00,2d,00,\
  44,00,54,00,2d,00,53,00,54,00,26,00,50,00,72,00,6f,00,64,00,5f,00,44,00,56,\
  00,44,00,52,00,41,00,4d,00,5f,00,47,00,48,00,32,00,34,00,4e,00,53,00,39,00,\
  30,00,23,00,34,00,26,00,35,00,65,00,63,00,66,00,34,00,66,00,26,00,30,00,26,\
  00,30,00,35,00,30,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,\
  36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,\
  00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,\
  39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  32,00,36,00,36,00,32,00,39,00,39,00,35,00,2d,00,32,00,30,00,64,00,64,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4266299e-20dd-11e3-be84-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,01,01,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,b8,db,57,a0,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,39,00,39,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,38,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  32,00,36,00,36,00,32,00,39,00,39,00,65,00,2d,00,32,00,30,00,64,00,64,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,50,00,20,00,2d,00,20,00,53,00,65,00,61,00,67,00,61,00,74,00,65,00,20,00,\
  45,00,78,00,70,00,61,00,6e,00,73,00,69,00,6f,00,6e,00,20,00,44,00,72,00,69,\
  00,76,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,5c,00,53,00,65,00,61,00,\
  67,00,61,00,74,00,65,00,45,00,78,00,70,00,61,00,6e,00,73,00,69,00,6f,00,6e,\
  00,2e,00,69,00,63,00,6f,00,00,00,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{464cbcf0-06a2-11e3-be71-0026182335f5}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,36,00,00,\
  00,9d,f7,fc,70,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,64,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,36,00,39,00,35,00,37,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  36,00,34,00,63,00,62,00,63,00,66,00,30,00,2d,00,30,00,36,00,61,00,32,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,37,00,31,00,2d,00,30,00,30,00,\
  32,00,36,00,31,00,38,00,32,00,33,00,33,00,35,00,66,00,35,00,7d,00,5c,00,00,\
  00,4a,00,20,00,2d,00,20,00,70,00,61,00,72,00,74,00,20,00,32,00,20,00,6f,00,\
  66,00,20,00,46,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{680b15e6-032f-11e3-be6a-0026182335f5}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,10,00,00,00,ff,03,00,80,bd,ad,\
  db,ba,00,00,00,00,00,00,00,00,00,00,00,00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,\
  ba,bd,ad,db,ba,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,43,\
  00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,54,00,41,00,\
  50,00,49,00,26,00,50,00,72,00,6f,00,64,00,5f,00,69,00,48,00,41,00,50,00,34,\
  00,32,00,32,00,5f,00,5f,00,5f,00,39,00,26,00,52,00,65,00,76,00,5f,00,57,00,\
  4c,00,31,00,4e,00,23,00,35,00,26,00,33,00,33,00,36,00,63,00,31,00,62,00,35,\
  00,39,00,26,00,30,00,26,00,30,00,30,00,30,00,30,00,30,00,30,00,23,00,7b,00,\
  35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,\
  00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,\
  30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,36,00,\
  38,00,30,00,62,00,31,00,35,00,65,00,36,00,2d,00,30,00,33,00,32,00,66,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,61,00,2d,00,30,00,30,00,\
  32,00,36,00,31,00,38,00,32,00,33,00,33,00,35,00,66,00,35,00,7d,00,5c,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b389548d-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,4e,d3,21,40,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,64,00,35,00,\
  34,00,33,00,64,00,31,00,39,00,35,00,2d,00,31,00,38,00,36,00,32,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,32,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,38,00,64,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,49,00,20,00,2d,00,20,00,53,00,65,00,61,00,20,00,32,00,67,00,69,00,67,00,\
  20,00,70,00,61,00,72,00,74,00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895490-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,c4,83,f2,b4,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,64,00,35,00,\
  34,00,33,00,64,00,31,00,39,00,35,00,2d,00,31,00,38,00,36,00,32,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,32,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,37,00,41,00,31,00,31,00,46,00,39,00,37,00,41,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,30,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,4d,00,20,00,2d,00,20,00,53,00,65,00,61,00,20,00,32,00,67,00,69,00,67,00,\
  20,00,70,00,61,00,72,00,74,00,20,00,32,00,20,00,6f,00,66,00,20,00,49,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895491-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,d0,ae,e7,03,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,64,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,31,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,46,00,20,00,2d,00,20,00,35,00,30,00,30,00,67,00,69,00,67,00,20,00,57,00,\
  57,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895492-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,36,00,00,\
  00,79,f7,98,5e,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,38,00,31,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,32,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,44,00,20,00,2d,00,20,00,53,00,65,00,61,00,67,00,61,00,74,00,65,00,20,00,\
  34,00,30,00,30,00,67,00,69,00,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895493-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,36,00,00,\
  00,f2,df,32,90,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,66,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,36,00,36,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,33,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,47,00,20,00,2d,00,20,00,34,00,30,00,30,00,67,00,69,00,67,00,20,00,70,00,\
  61,00,72,00,74,00,69,00,74,00,69,00,6f,00,6e,00,20,00,31,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895494-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,1d,d8,a0,58,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,66,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,31,00,46,00,46,00,46,00,43,00,38,00,45,00,34,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,34,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,48,00,20,00,2d,00,20,00,50,00,61,00,72,00,74,00,69,00,74,00,69,00,6f,00,\
  6e,00,20,00,32,00,20,00,6f,00,66,00,20,00,47,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895495-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,41,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,20,00,\
  00,d3,fb,13,8e,0e,00,00,00,04,40,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,38,00,33,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,31,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,35,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,43,00,20,00,2d,00,20,00,53,00,53,00,44,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b389549c-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,20,00,\
  00,8d,9b,9c,b8,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,62,00,33,00,\
  38,00,39,00,35,00,34,00,39,00,36,00,2d,00,30,00,32,00,38,00,36,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,31,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,63,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,4c,00,20,00,2d,00,20,00,55,00,53,00,42,00,20,00,4d,00,79,00,20,00,42,00,\
  6f,00,6f,00,6b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b389549d-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,06,00,00,00,ff,00,00,00,10,00,00,\
  00,20,0d,00,10,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,62,00,33,00,\
  38,00,39,00,35,00,34,00,39,00,38,00,2d,00,30,00,32,00,38,00,36,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,64,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,4f,00,20,00,2d,00,20,00,56,00,45,00,52,00,42,00,41,00,54,00,4d,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,46,00,41,00,54,00,33,00,\
  32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\_Autorun\DefaultIcon]
@="\"P:\\\\SeagateExpansion.ico\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222b3-41eb-11e3-be98-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42418869-110b-11e3-be7a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42662991-20dd-11e3-be84-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42662995-20dd-11e3-be84-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\_Autorun\DefaultIcon]
@="\"P:\\\\SeagateExpansion.ico\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520357a6-0878-11e3-be72-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520357a7-0878-11e3-be72-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}\_Autorun\DefaultIcon]
@="\"T:\\HBCD\\HBCDMenu.exe\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}\_Autorun\DefaultLabel]
@="Hiren's BootCD"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895492-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895495-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\AutoRun]
@="Install or run program from your media"
"SetWorkingDirectoryFromTarget"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\AutoRun\command]
@="\"explorer.exe\" index.html"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\_Autorun\DefaultIcon]
@="\"V:\\LG.ICO\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d12753-0bdc-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1275e-0bdc-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\_Autorun\DefaultIcon]
@="\"O:\\.\\FreeAgentDesktop.ico\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e85dd-0286-11e3-be67-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:37 PM

Posted 10 December 2013 - 09:06 AM

Greetings,

Did you copy and paste this without the quotation marks?

You asked me to paste "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2" into MiniRegTool64.


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Public\.DS_Store
C:\Users\Ron\.DS_Store
C:\Users\Ron\Documents\.DS_Store
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================.


TCPView

--------------
  • Please download TCPView and save it to your desktop
  • Unzip the contents
  • Double click Tcpview.exe (not Tcpvcon.exe), select Run, then Agree
  • A report will open
  • Click File, Save As..., then select Desktop on the left side
  • Type TCPView in the File name: box then click Save
  • Please attach this report to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • TCPView report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 ron90069

ron90069
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 10 December 2013 - 08:08 PM

I attached TWO TDPView.txt files, one from when it first finished and one about two minutes later, just for reference.

 

 

Here is the output from the MiniReg64:

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{42662991-20dd-11e3-be84-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,20,00,\
  00,4f,3e,53,9e,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,38,00,35,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,31,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  32,00,36,00,36,00,32,00,39,00,39,00,31,00,2d,00,32,00,30,00,64,00,64,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,45,00,20,00,2d,00,20,00,53,00,53,00,44,00,20,00,43,00,6f,00,72,00,73,00,\
  61,00,69,00,72,00,20,00,36,00,30,00,67,00,69,00,67,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{42662995-20dd-11e3-be84-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,10,00,00,00,ff,03,00,84,bd,ad,\
  db,ba,00,00,00,00,00,00,00,00,00,00,00,00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,\
  ba,bd,ad,db,ba,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,43,\
  00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,48,00,4c,00,2d,00,\
  44,00,54,00,2d,00,53,00,54,00,26,00,50,00,72,00,6f,00,64,00,5f,00,44,00,56,\
  00,44,00,52,00,41,00,4d,00,5f,00,47,00,48,00,32,00,34,00,4e,00,53,00,39,00,\788
  30,00,23,00,34,00,26,00,35,00,65,00,63,00,66,00,34,00,66,00,26,00,30,00,26,\
  00,30,00,35,00,30,00,30,00,30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,\
  36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,\
  00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,\
  39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  32,00,36,00,36,00,32,00,39,00,39,00,35,00,2d,00,32,00,30,00,64,00,64,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{4266299e-20dd-11e3-be84-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,01,01,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,b8,db,57,a0,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,39,00,39,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,38,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  32,00,36,00,36,00,32,00,39,00,39,00,65,00,2d,00,32,00,30,00,64,00,64,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,50,00,20,00,2d,00,20,00,53,00,65,00,61,00,67,00,61,00,74,00,65,00,20,00,\
  45,00,78,00,70,00,61,00,6e,00,73,00,69,00,6f,00,6e,00,20,00,44,00,72,00,69,\
  00,76,00,65,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,5c,00,53,00,65,00,61,00,\
  67,00,61,00,74,00,65,00,45,00,78,00,70,00,61,00,6e,00,73,00,69,00,6f,00,6e,\
  00,2e,00,69,00,63,00,6f,00,00,00,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{464cbcf0-06a2-11e3-be71-0026182335f5}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,36,00,00,\
  00,9d,f7,fc,70,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,64,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,36,00,39,00,35,00,37,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,34,00,\
  36,00,34,00,63,00,62,00,63,00,66,00,30,00,2d,00,30,00,36,00,61,00,32,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,37,00,31,00,2d,00,30,00,30,00,\
  32,00,36,00,31,00,38,00,32,00,33,00,33,00,35,00,66,00,35,00,7d,00,5c,00,00,\
  00,4a,00,20,00,2d,00,20,00,70,00,61,00,72,00,74,00,20,00,32,00,20,00,6f,00,\
  66,00,20,00,46,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{680b15e6-032f-11e3-be6a-0026182335f5}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,10,00,00,00,ff,03,00,80,bd,ad,\
  db,ba,00,00,00,00,00,00,00,00,00,00,00,00,bd,ad,db,ba,bd,ad,db,ba,bd,ad,db,\
  ba,bd,ad,db,ba,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,43,00,53,00,49,00,23,00,43,\
  00,64,00,52,00,6f,00,6d,00,26,00,56,00,65,00,6e,00,5f,00,41,00,54,00,41,00,\
  50,00,49,00,26,00,50,00,72,00,6f,00,64,00,5f,00,69,00,48,00,41,00,50,00,34,\
  00,32,00,32,00,5f,00,5f,00,5f,00,39,00,26,00,52,00,65,00,76,00,5f,00,57,00,\
  4c,00,31,00,4e,00,23,00,35,00,26,00,33,00,33,00,36,00,63,00,31,00,62,00,35,\
  00,39,00,26,00,30,00,26,00,30,00,30,00,30,00,30,00,30,00,30,00,23,00,7b,00,\
  35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,00,62,00,36,00,62,00,66,\
  00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,66,00,32,00,2d,00,30,00,\
  30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,00,38,00,62,00,7d,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,36,00,\
  38,00,30,00,62,00,31,00,35,00,65,00,36,00,2d,00,30,00,33,00,32,00,66,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,61,00,2d,00,30,00,30,00,\
  32,00,36,00,31,00,38,00,32,00,33,00,33,00,35,00,66,00,35,00,7d,00,5c,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b389548d-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,4e,d3,21,40,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,64,00,35,00,\
  34,00,33,00,64,00,31,00,39,00,35,00,2d,00,31,00,38,00,36,00,32,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,32,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,38,00,64,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,49,00,20,00,2d,00,20,00,53,00,65,00,61,00,20,00,32,00,67,00,69,00,67,00,\
  20,00,70,00,61,00,72,00,74,00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895490-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,c4,83,f2,b4,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,64,00,35,00,\
  34,00,33,00,64,00,31,00,39,00,35,00,2d,00,31,00,38,00,36,00,32,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,32,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,37,00,41,00,31,00,31,00,46,00,39,00,37,00,41,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,30,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,4d,00,20,00,2d,00,20,00,53,00,65,00,61,00,20,00,32,00,67,00,69,00,67,00,\
  20,00,70,00,61,00,72,00,74,00,20,00,32,00,20,00,6f,00,66,00,20,00,49,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895491-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,d0,ae,e7,03,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,64,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,31,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,46,00,20,00,2d,00,20,00,35,00,30,00,30,00,67,00,69,00,67,00,20,00,57,00,\
  57,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895492-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,36,00,00,\
  00,79,f7,98,5e,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,38,00,31,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,32,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,44,00,20,00,2d,00,20,00,53,00,65,00,61,00,67,00,61,00,74,00,65,00,20,00,\
  34,00,30,00,30,00,67,00,69,00,67,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895493-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,36,00,00,\
  00,f2,df,32,90,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,66,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,36,00,36,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,33,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,47,00,20,00,2d,00,20,00,34,00,30,00,30,00,67,00,69,00,67,00,20,00,70,00,\
  61,00,72,00,74,00,69,00,74,00,69,00,6f,00,6e,00,20,00,31,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895494-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,00,00,\
  00,1d,d8,a0,58,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,37,00,66,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,31,00,46,00,46,00,46,00,43,00,38,00,45,00,34,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,34,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,48,00,20,00,2d,00,20,00,50,00,61,00,72,00,74,00,69,00,74,00,69,00,6f,00,\
  6e,00,20,00,32,00,20,00,6f,00,66,00,20,00,47,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b3895495-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,41,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,20,00,\
  00,d3,fb,13,8e,0e,00,00,00,04,40,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,34,00,32,00,\
  36,00,36,00,32,00,39,00,38,00,33,00,2d,00,32,00,30,00,64,00,64,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,38,00,34,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,31,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,35,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,43,00,20,00,2d,00,20,00,53,00,53,00,44,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b389549c-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,ff,00,e7,03,ff,00,00,00,16,20,00,\
  00,8d,9b,9c,b8,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,62,00,33,00,\
  38,00,39,00,35,00,34,00,39,00,36,00,2d,00,30,00,32,00,38,00,36,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,31,00,30,00,30,00,30,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,63,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,4c,00,20,00,2d,00,20,00,55,00,53,00,42,00,20,00,4d,00,79,00,20,00,42,00,\
  6f,00,6f,00,6b,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4e,00,54,00,46,00,53,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{b389549d-0286-11e3-be66-806e6f6e6963}]
"Data"=hex:00,00,00,00,0d,f0,ad,ba,01,00,00,00,08,00,00,00,00,00,00,84,00,00,\
  00,00,00,00,00,30,00,00,00,00,00,00,00,00,06,00,00,00,ff,00,00,00,10,00,00,\
  00,20,0d,00,10,0f,00,00,00,04,00,40,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,5c,00,5c,00,3f,00,5c,00,53,00,54,00,4f,00,52,00,41,00,47,\
  00,45,00,23,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,23,00,7b,00,62,00,33,00,\
  38,00,39,00,35,00,34,00,39,00,38,00,2d,00,30,00,32,00,38,00,36,00,2d,00,31,\
  00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,36,00,\
  65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,23,00,30,00,30,\
  00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,30,00,37,00,45,00,\
  30,00,30,00,23,00,7b,00,35,00,33,00,66,00,35,00,36,00,33,00,30,00,64,00,2d,\
  00,62,00,36,00,62,00,66,00,2d,00,31,00,31,00,64,00,30,00,2d,00,39,00,34,00,\
  66,00,32,00,2d,00,30,00,30,00,61,00,30,00,63,00,39,00,31,00,65,00,66,00,62,\
  00,38,00,62,00,7d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,5c,00,5c,00,3f,00,5c,00,56,00,6f,00,6c,00,75,00,6d,00,65,00,7b,00,62,00,\
  33,00,38,00,39,00,35,00,34,00,39,00,64,00,2d,00,30,00,32,00,38,00,36,00,2d,\
  00,31,00,31,00,65,00,33,00,2d,00,62,00,65,00,36,00,36,00,2d,00,38,00,30,00,\
  36,00,65,00,36,00,66,00,36,00,65,00,36,00,39,00,36,00,33,00,7d,00,5c,00,00,\
  00,4f,00,20,00,2d,00,20,00,56,00,45,00,52,00,42,00,41,00,54,00,4d,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,46,00,41,00,54,00,33,00,\
  32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,\
  ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,00,00
"Generation"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\_Autorun\DefaultIcon]
@="\"P:\\\\SeagateExpansion.ico\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b1d0d02-2bb7-11e3-be8a-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3072227d-41eb-11e3-be98-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222b3-41eb-11e3-be98-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{307222cc-41eb-11e3-be98-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42418869-110b-11e3-be7a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42662991-20dd-11e3-be84-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42662995-20dd-11e3-be84-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4266299e-20dd-11e3-be84-806e6f6e6963}\_Autorun\DefaultIcon]
@="\"P:\\\\SeagateExpansion.ico\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{464cbcf0-06a2-11e3-be71-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50d1e53d-2117-11e3-be85-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52034b79-0878-11e3-be72-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520357a6-0878-11e3-be72-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520357a7-0878-11e3-be72-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}\_Autorun\DefaultIcon]
@="\"T:\\HBCD\\HBCDMenu.exe\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{680b15e6-032f-11e3-be6a-0026182335f5}\_Autorun\DefaultLabel]
@="Hiren's BootCD"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{762e9778-185b-11e3-be81-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d0-0ae2-11e3-be75-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9680b2d1-0ae2-11e3-be75-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389548d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895490-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895491-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895492-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895493-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895494-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3895495-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549c-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b389549d-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a3-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell]
@="AutoRun"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\AutoRun]
@="Install or run program from your media"
"SetWorkingDirectoryFromTarget"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\shell\AutoRun\command]
@="\"explorer.exe\" index.html"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b38954a4-0286-11e3-be66-806e6f6e6963}\_Autorun\DefaultIcon]
@="\"V:\\LG.ICO\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d12753-0bdc-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1275e-0bdc-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9d1282c-0bdc-11e3-be75-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dab29a84-2179-11e3-be86-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e83d6d1e-9089-42bb-a3d2-5081fdd60242}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\_Autorun]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0395ad6-2db8-11e3-be8a-0026182335f5}\_Autorun\DefaultIcon]
@="\"O:\\.\\FreeAgentDesktop.ico\" "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e85dd-0286-11e3-be67-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}\shell]
@="None"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}\shell\Autoplay]
"MUIVerb"="@shell32.dll,-8507"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd9e8bef-0286-11e3-be67-0026182335f5}\shell\Autoplay\DropTarget]
"CLSID"="{F26A669A-BCBB-4E37-ABF9-7325DA15F931}"

 

--------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-12-2013 01
Ran by Ron at 2013-12-10 16:34:18 Run:2
Running from C:\Users\Ron\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Public\.DS_Store
C:\Users\Ron\.DS_Store
C:\Users\Ron\Documents\.DS_Store

*****************

C:\Users\Public\.DS_Store => Moved successfully.
C:\Users\Ron\.DS_Store => Moved successfully.
C:\Users\Ron\Documents\.DS_Store => Moved successfully.

==== End of Fixlog ====

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:37 PM

Posted 10 December 2013 - 09:19 PM

Greetings,

I do not see any obvious entries of concern but I am not specifically trained in networking issues. At this point I want to focus on addressing any malware concerns. If the networking issue is not resolved by our efforts I will most likely be referring you to our Networking Forum.
 

I ran the "System File Checker /scannow". The output was HUGE, with close to 600 instances of "This file has no owner" and almost 700 occurances of "Double ownership ignored". That log is uploaded here as "CBS.zip".

There are no entries of either type in the CBS log you attached.

Could you please restate the symptoms you are experiencing right now.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 ron90069

ron90069
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 11 December 2013 - 01:55 AM

Mea culpa.  I badly misquoted the warnings in the cbs.log. 

The correct phrases are:

 

DIRSD OWNER WARNING (appears 582 times, starting at the text line that begins with "2013-11-21 13:24:19") and

Ignoring duplicate ownership (appears 669 times, starting at the text line that begins with "2013-11-21 13:24:29").

 

I apologize for the confusion.

 

ORIGINAL SITUATION: My ATT Uverse Gateway interrupted every instance of web browsers to warn that there were too many simultaneous network coinnections, and suggested checking for a "Blaster" infection.  When I ran the command NETSTAT -A the output listed 104 connections of varying types.

After a cold reboot, the multiple connections returned.  After a day or two, random NETSTAT -A runs produced similar results, with the number of simultaneous connections reaching over 250 at times.  That's when I originally posted here.

 

NEW INFO: For the past three or four days, at seemingly random times, my web browsers screech to a halt.  I use both IE 10 (v10.0.9200.16736 Update version 10.0.11) and Chrome (v31.0.1650.63 m).  IE's screen will often "washout" and the title bar will have the words "(not responding)" after the page name.  This can last anywhere from a few seconds to over three minutes. 

 

In the Event Viewer/Applications, I will see entries such as:

 

Warning    12/10/2013    8:01:14 PM    ESENT   510   Performance

svchost (1776) SRUJet: A request to write to the file "C:\Windows\system32\SRU\SRUDB.dat" at offset 7405568 (0x0000000000710000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (35 seconds) to be serviced by the OS. In addition, 50 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 12 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

 

(I'm going to upload this post now as the PC is again freezing.)



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:37 PM

Posted 11 December 2013 - 01:17 PM

Greetings,

Please do this.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 ron90069

ron90069
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 12 December 2013 - 03:10 PM

I could use a little clarification at this point.  My system has a total of eight fixed disks (including two SATA-2 SSDs).  The (ASUS P6T Deluxe V2) motherboard has six SATA-1/2 ports, and I have an add-in card with two SATA-3 ports.  Additionally, I have three external drives, of which one is USB-2 and the other two USB-3.  Those latter two go to an add-in USB-3 card.

The boot drive C: is one of the SSDs, and it's on the fifth motherboard port.

Do you want results from all the physical drives (external ones also), or just from the boot [SSD] drive?

 

I will paste the test results from the boot drive here.

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Model Family:     Indilinx Barefoot based SSDs
Device Model:     Patriot Torqx 2 128GB SSD
Serial Number:    07C10724030700018516
Firmware Version: S5FAM014
User Capacity:    128,035,676,160 bytes [128 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Thu Dec 12 12:06:43 2013 PST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
     was never started.
     Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
     without error or no self-test has ever
     been run.
Total time to complete Offline
data collection:   (  255) seconds.
Offline data collection
capabilities:     (0x1b) SMART execute Offline immediate.
     Auto Offline data collection on/off support.
     Suspend Offline collection upon new
     command.
     Offline surface scan supported.
     Self-test supported.
     No Conveyance Self-test supported.
     No Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
     power-saving mode.
     Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
     General Purpose Logging supported.
Short self-test routine
recommended polling time:   (   1) minutes.
Extended self-test routine
recommended polling time:   (   2) minutes.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   ---   ---   ---    Pre-fail  Always       -       25700
  9 Power_On_Hours          0x0012   ---   ---   ---    Old_age   Always       -       157443172
 12 Power_Cycle_Count       0x0012   ---   ---   ---    Old_age   Always       -       9593956
168 Unknown_Attribute       0x0012   100   100   000    Old_age   Always       -       36
170 Unknown_Attribute       0x0003   100   100   010    Pre-fail  Always       -       8589934743
173 Unknown_Attribute       0x0012   100   100   000    Old_age   Always       -       250682987
192 Power-Off_Retract_Count 0x0012   100   100   000    Old_age   Always       -       16
218 Unknown_Attribute       0x000b   100   100   050    Pre-fail  Always       -       35

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%        99         -
# 2  Short offline       Completed without error       00%        96         -
# 3  Short offline       Completed without error       00%        79         -
# 4  Short offline       Completed without error       00%         3         -

Device does not support Selective Self Tests/Logging



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,686 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:37 PM

Posted 12 December 2013 - 03:41 PM

Hi Ron,

That one Gsmart is all I needed. I want to run a couple more programs to attempt to rule out malware being the cause of your issues. Your situation is a bit more complex because of your setup and I am starting to think this is a Networking issue. Let's confirm your system is clean then we can discuss opening a Topic in the Networking Forum.

Please do this.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7/8 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller report
  • OTL reports (2)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users