Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP PLEASE!COMPUTER BEING ATTACKED THROUGH IP

hacked rootkits.hijack software malware viruses

  • Please log in to reply

#1
angel959

angel959

    Member

  • Member
  • PipPip
  • 38 posts

HI GUYS

 

:wave: First of all I want to say Thankyou for being here for people like myself!!!

 

I have come here because on Friday I went to Rollitup.org and joined the forums there , As soon as I signed up I was pounced on ad asked for pics etc , after a few petty discussions someone posted what turned out to actually be our gateway number on the forums.  They said it was our IP but I have spoken with the provider and they say it is the gateway address?! In saying that it doesn't mean that they didn't have our IP...After a few minutes I was sent Hijack software that was caught by my security software (comodo security suite free version) then after that every few minutes was attack after attack , after about 30 hours of that they changed it up and started sending viruses to me as well as DDOSing me ,after that they started to try Malware and then rootkits.I look through our programmes and found a registry item that I did not DL and it was causing all sorts of errors I removed that but am really frightened that something may have slipped past because my registry is continually having issues and i keep finding doubles of thing in the computer system...PLease can someone help me I have malware bytes which claims we are clean my security software says clean but clearly some damage has been done somewhere I am of limited means and have just finished paying for a full reboot and a new version of windows 7 after an incompetant repair man destroyed my hard drive

 

If someone could please take the time to help me sort this out I would really appreciate it

 

Angel959 :help: :kiss:


  • 0

Advertisements


#2
angel959

angel959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

HI GUYS

 

:wave: First of all I want to say Thankyou for being here for people like myself!!!

 

I have come here because on Friday I went to Rollitup.org and joined the forums there , As soon as I signed up I was pounced on ad asked for pics etc , after a few petty discussions someone posted what turned out to actually be our gateway number on the forums.  They said it was our IP but I have spoken with the provider and they say it is the gateway address?! In saying that it doesn't mean that they didn't have our IP...After a few minutes I was sent Hijack software that was caught by my security software (comodo security suite free version) then after that every few minutes was attack after attack , after about 30 hours of that they changed it up and started sending viruses to me as well as DDOSing me ,after that they started to try Malware and then rootkits.I look through our programmes and found a registry item that I did not DL and it was causing all sorts of errors I removed that but am really frightened that something may have slipped past because my registry is continually having issues and i keep finding doubles of thing in the computer system...PLease can someone help me I have malware bytes which claims we are clean my security software says clean but clearly some damage has been done somewhere I am of limited means and have just finished paying for a full reboot and a new version of windows 7 after an incompetant repair man destroyed my hard drive

 

If someone could please take the time to help me sort this out I would really appreciate it

 

Angel959 :help: :kiss:    root kit results

 

RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Julie-Anne [Administrator]
Mode : Scan -- Date : 12/02/2014  03:31:29
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1508351825-2038946537-1176088434-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=u159  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1508351825-2038946537-1176088434-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/?pc=u159  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] hyouixo8.default : user_pref("network.proxy.type", 2); -> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPKX-00HPJT0 ATA Device +++++
--- User ---
[MBR] 296a91b76faa5c6a06ff6beb447077d5
[BSP] 2a44cc6dba04ea8230a9d0e654ada494 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_12022014_021318.log - RKreport_DEL_12022014_021328.log - RKreport_DEL_12022014_021334.log - RKreport_DEL_12022014_021658.log
RKreport_DEL_12022014_023609.log - RKreport_SCN_12022014_021250.log - RKreport_SCN_12022014_021649.log - RKreport_SCN_12022014_023505.log

  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
    Download OTL from
    and Save it to your desktop.
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     
    Ron

    • 0

    #4
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    Hi and thanks I just want to ask a question before I go and do this stuff I ran rogue killer again after I rolled the comp back a few days and it has found some svc host files that I can't remove and a thing called driver store it is written in blue has thousands of files and has downloaded weird drivers that make the computer think it has things like devices that aren't there and they are confusing the ipod etc I tried to reset the permissions but it is set uo so I cant ...it has trusted installer settings and no virus stuff I have run can detect it..not even windows own one I watched go straight past it API is a common theme and I am sure it is stopping the computer setting restore points I watched 4 driver things install earlier but can not find them ...rogue killer cant remove either because of the settings..the day I did roll back the restore operation took 45 minutes..I tried using the cmd prompt to allow me access to the file path??? I could of course be writing the file name wrong...anyway I will go run this stuff and be back I just thought I would tell you what I have found


    Edited by angel959, 03 December 2014 - 08:09 PM.

    • 0

    #5
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
    # Database : 2014-12-03.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Julie-Anne - TOSHIBA
    # Running from : C:\Users\Julie-Anne\J&N (3)\adwcleaner_4.103.exe
    # Option : Scan
     
    ***** [ Services ] *****
     
     
    ***** [ Files / Folders ] *****
     
    File Found : C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\searchplugins\bingp.xml
    Folder Found : C:\Program Files (x86)\ASP
    Folder Found : C:\ProgramData\baidu
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
    Folder Found : C:\ProgramData\Systweak
    Folder Found : C:\Users\Julie-Anne\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
    Folder Found : C:\Users\Julie-Anne\AppData\Roaming\baidu
     
    ***** [ Scheduled Tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Found : HKCU\Software\Brothersoft
    Key Found : [x64] HKCU\Software\Brothersoft
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
     
    ***** [ Browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17420
     
     
    -\\ Mozilla Firefox v33.1 (x86 en-US)
     
     
    -\\ Comodo Dragon v36.1.1.21
     
    [C:\Users\Julie-Anne\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja
     
    -\\ Opera v0.0.0.0
     
     
    *************************
     
    AdwCleaner[R0].txt - [1818 octets] - [04/12/2014 19:25:49]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1878 octets] ##########

    • 0

    #6
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
     
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Julie-Anne on Thu 04/12/2014 at 19:51:00.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
    Successfully stopped: [Service] hshld 
    Successfully deleted: [Service] hshld 
    Successfully stopped: [Service] hsstrayservice 
    Successfully deleted: [Service] hsstrayservice 
    Successfully stopped: [Service] hsswd 
    Successfully deleted: [Service] hsswd 
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\baidu"
    Successfully deleted: [Folder] "C:\ProgramData\baidu security"
    Failed to delete: [Folder] "C:\ProgramData\hotspot shield"
    Failed to delete: [Folder] "C:\ProgramData\systweak"
    Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\asp"
    Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\baidu"
    Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\baidu security"
    Failed to delete: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\hotspot shield"
    Successfully deleted: [Folder] "C:\Users\Julie-Anne\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Program Files (x86)\asp"
    Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
    Failed to delete: [Folder] "C:\Program Files (x86)\hotspot shield"
     
     
     
    ~~~ FireFox
     
    Successfully deleted: [File] C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\searchplugins\bingp.xml
    Emptied folder: C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\minidumps [8 files]
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 04/12/2014 at 20:55:53.17
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    • 0

    #7
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    Hi and thanks I just want to ask a question before I go and do this stuff I ran rogue killer again after I rolled the comp back a few days and it has found some svc host files that I can't remove and a thing called driver store it is written in blue has thousands of files and has downloaded weird drivers that make the computer think it has things like devices that aren't there and they are confusing the ipod etc I tried to reset the permissions but it is set uo so I cant ...it has trusted installer settings and no virus stuff I have run can detect it..not even windows own one I watched go straight past it API is a common theme and I am sure it is stopping the computer setting restore points I watched 4 driver things install earlier but can not find them ...rogue killer cant remove either because of the settings..the day I did roll back the restore operation took 45 minutes..I tried using the cmd prompt to allow me access to the file path??? I could of course be writing the file name wrong...anyway I will go run this stuff and be back I just thought I would tell you what I have found

     

    Thought I should tell you the junk remover was getting blocked from some registry keys I don't know if that is meant to happen so thought I would point it out

     


    • 0

    #8
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
    L logfile created on: 4/12/2014 9:03:04 p.m. - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julie-Anne\J&N (3)
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17420)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
     
    3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.04% Memory free
    7.60 Gb Paging File | 5.41 Gb Available in Paging File | 71.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 420.82 Gb Free Space | 90.37% Space Free | Partition Type: NTFS
     
    Computer Name: TOSHIBA | User Name: Julie-Anne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/12/04 21:01:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie-Anne\J&N (3)\OTL.exe
    PRC - [2014/11/28 15:18:33 | 000,725,696 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    PRC - [2014/11/28 15:18:31 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2014/11/17 06:42:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    PRC - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/11/28 02:42:36 | 000,879,808 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libGLESv2.dll
    MOD - [2014/11/28 02:34:18 | 000,956,608 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
    MOD - [2014/11/28 02:33:18 | 000,134,848 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libEGL.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2014/11/13 10:52:58 | 007,615,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
    SRV:64bit: - [2014/11/13 10:52:22 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2014/12/03 00:56:33 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/11/28 15:18:31 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2014/11/27 05:24:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/03/21 11:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2013/10/02 15:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/07/19 00:54:52 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2013/02/07 00:24:06 | 000,469,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2013/02/07 00:24:04 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/24 03:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/24 03:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/04 19:27:34 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2011/03/11 19:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 19:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/29 10:10:41 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/30 23:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/02/27 12:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/14 20:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/15 18:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2009/06/11 10:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/11 10:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/11 10:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=u159
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.order.3: "Bing "
    FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...com/?ocid=iehp"
    FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
    FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U159&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2014/10/29 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Extensions
    [2014/11/19 23:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions
    [2014/11/09 12:05:50 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
    [2014/11/18 23:14:10 | 000,000,000 | ---D | M] (Pinterest Pin Button) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}
    [2014/10/30 05:15:13 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\[email protected]
    [2014/11/27 01:18:35 | 000,014,177 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\bookmarkbackups\bookmarks-2014-11-27_110_i+XpIq03NUG9QGp2E+pWBw==.jsonlz4
    [2014/11/19 23:14:11 | 000,644,339 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
    [2014/11/03 13:27:26 | 000,024,427 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
    [2014/11/13 22:40:40 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/11/20 04:51:00 | 000,006,057 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\searchplugins\bingp.xml
    [2014/12/02 12:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/12/02 12:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012A706E-5880-47D1-976B-B125E8710881}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: NameServer = 156.154.70.22,156.154.71.22
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/12/04 19:30:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/12/04 19:25:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/12/04 19:00:55 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/12/04 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/12/04 18:58:35 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/12/04 18:58:35 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/12/04 18:58:35 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/12/04 14:51:12 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Baidu
    [2014/12/04 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82805
    [2014/12/04 14:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
    [2014/12/04 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2014/12/04 14:13:16 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Baidu Security
    [2014/12/04 14:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2014/12/04 14:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2014/12/04 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2014/12/04 14:05:02 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\TestApp
    [2014/12/04 14:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
    [2014/12/04 14:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
    [2014/12/03 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Comodo
    [2014/12/03 01:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    [2014/12/03 01:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
    [2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
    [2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
    [2014/12/03 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASP
    [2014/12/02 02:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
    [2014/12/01 12:09:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\COMODO REDUNDANT DETECTIONS
    [2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Deployment
    [2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apps
    [2014/12/01 05:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tap0901
    [2014/11/30 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Diagnostics
    [2014/11/29 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/11/29 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/11/28 15:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
    [2014/11/28 15:11:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2014/11/28 15:11:31 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2014/11/28 03:47:27 | 000,000,000 | -H-D | C] -- C:\VTRoot
    [2014/11/28 03:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2014/11/28 02:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space
    [2014/11/28 02:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2014/11/28 02:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2014/11/28 02:54:13 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Comodo
    [2014/11/28 02:54:07 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2014/11/28 02:54:07 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2014/11/28 02:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2014/11/28 02:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/11/27 17:17:22 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\vlc
    [2014/11/27 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2014/11/27 17:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2014/11/27 05:24:10 | 004,443,312 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2014/11/26 12:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2014/11/26 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/11/26 12:46:17 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/11/26 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/11/26 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/11/26 12:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2014/11/23 09:54:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Various_Artists_-_Death_Row_Greatest_Hits_Disc_2_(1996)_320_-_HIPHOPISDREAM.COM
    [2014/11/20 03:30:59 | 000,000,000 | -HSD | C] -- C:\Users\Julie-Anne\AppData\Local\EmieBrowserModeList
    [2014/11/19 18:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2014/11/19 18:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2014/11/19 18:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Apple Computer
    [2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple Computer
    [2014/11/19 16:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2014/11/19 16:24:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2014/11/19 16:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2014/11/19 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple
    [2014/11/19 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2014/11/19 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2014/11/17 08:33:56 | 000,000,000 | ---D | C] -- C:\NPE
    [2014/11/17 08:30:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\NPE
    [2014/11/17 06:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2014/11/17 06:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2014/11/17 06:42:17 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Google
    [2014/11/14 07:03:40 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Programs
    [2014/11/13 10:53:14 | 000,021,304 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
    [2014/11/13 10:52:58 | 000,041,856 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
    [2014/11/13 10:52:56 | 000,438,912 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
    [2014/11/13 10:52:56 | 000,353,392 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
    [2014/11/13 10:52:48 | 000,354,520 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
    [2014/11/13 10:52:44 | 000,045,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
    [2014/11/13 10:52:36 | 000,286,424 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
    [2014/11/13 10:52:32 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
    [2014/11/12 15:32:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/11/12 15:32:59 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
    [2014/11/12 15:32:59 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
    [2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
    [2014/11/12 15:32:56 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
    [2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
    [2014/11/12 15:32:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/11/12 15:32:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/11/12 15:32:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/11/12 15:32:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/11/12 15:32:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/11/12 15:32:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/11/12 15:32:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/11/12 15:32:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/11/12 15:32:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/11/12 15:32:50 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/11/12 15:32:50 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/11/12 15:32:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/11/12 15:32:49 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2014/11/12 15:32:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/11/12 15:32:49 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/11/12 15:32:49 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/11/12 15:32:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/11/12 15:32:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/11/12 15:32:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/11/12 15:32:48 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/11/12 15:32:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/11/12 15:32:47 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/11/12 15:32:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2014/11/12 15:32:46 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/11/12 15:32:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/11/12 15:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/11/12 15:32:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2014/11/12 15:32:45 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/11/12 15:32:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/11/12 15:32:44 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/11/12 15:32:44 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2014/11/12 15:32:44 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/11/12 15:32:44 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/11/12 15:32:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/11/12 15:32:43 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2014/11/12 15:30:59 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
    [2014/11/12 15:30:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
    [2014/11/12 15:30:57 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
    [2014/11/12 15:30:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
    [2014/11/12 15:30:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
    [2014/11/12 15:30:57 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
    [2014/11/12 15:30:57 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
    [2014/11/12 15:30:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2014/11/12 15:30:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2014/11/12 15:30:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2014/11/12 15:30:45 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
    [2014/11/12 15:30:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
    [2014/11/11 13:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/11/11 06:30:51 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Tenancy Docs
    [2014/11/08 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\ElevatedDiagnostics
    [2014/11/08 08:05:09 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Spotify
    [2014/11/08 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Spotify
    [2014/11/07 14:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
    [2014/11/07 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
    [2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
    [2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
    [2014/11/07 14:22:08 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\InstallShield
    [2014/11/07 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Downloaded Installations
    [2014/11/07 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\WinBatch
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/12/04 21:01:26 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/12/04 20:55:05 | 003,703,048 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/12/04 20:47:31 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/12/04 20:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/12/04 19:03:23 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/12/04 18:58:40 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/12/04 18:58:35 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/12/04 18:58:35 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/12/04 18:58:35 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/12/04 18:48:45 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/12/04 18:48:45 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/12/04 18:41:58 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/12/04 18:41:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/12/04 18:41:28 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2014/12/04 15:25:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2014/12/03 01:34:50 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
    [2014/12/03 01:28:49 | 000,918,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/12/03 01:28:49 | 000,753,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/12/03 01:28:49 | 000,173,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/12/03 01:26:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
    [2014/11/30 19:19:50 | 000,007,618 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
    [2014/11/28 15:18:36 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2014/11/28 15:18:32 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2014/11/28 15:18:32 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2014/11/28 15:11:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2014/11/28 15:11:31 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2014/11/28 02:57:51 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2014/11/27 17:45:37 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/11/27 05:24:16 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/11/27 05:24:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/11/27 05:24:10 | 004,443,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2014/11/26 12:45:45 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/11/19 18:20:58 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2014/11/19 16:24:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/11/17 06:44:09 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
    [2014/11/13 10:52:58 | 000,041,856 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
    [2014/11/13 10:52:56 | 000,438,912 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
    [2014/11/13 10:52:56 | 000,353,392 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
    [2014/11/13 10:52:48 | 000,354,520 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
    [2014/11/13 10:52:44 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
    [2014/11/13 10:52:36 | 000,286,424 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
    [2014/11/13 10:52:32 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
    [2014/11/13 03:23:47 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/11/08 14:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2014/11/08 08:05:08 | 000,001,829 | ---- | M] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
    [2014/11/06 17:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/11/06 16:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/11/06 16:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/11/06 16:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/11/06 16:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2014/11/06 16:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/11/06 16:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/11/06 16:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/11/06 16:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/11/06 16:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/11/06 16:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2014/11/06 16:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/11/06 16:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/11/06 16:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/11/06 16:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2014/11/06 16:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/11/06 16:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/11/06 16:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/11/06 16:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/11/06 16:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/11/06 15:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/11/06 15:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/11/06 15:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/11/06 15:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/11/06 15:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/11/06 15:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/11/06 15:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2014/11/06 15:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/11/06 15:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/11/06 15:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/11/06 15:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/11/06 15:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2014/11/06 14:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/11/06 14:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/11/06 06:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
    [2014/11/06 06:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/11/06 06:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
     
    ========== Files Created - No Company Name ==========
     
    [2014/12/04 18:58:40 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/12/04 15:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2014/12/03 01:34:50 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
    [2014/12/03 01:26:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/11/29 15:04:16 | 000,007,618 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
    [2014/11/28 03:42:21 | 003,703,048 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/11/28 02:57:51 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2014/11/28 02:57:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/11/28 02:54:15 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2014/11/27 17:15:50 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/11/19 18:20:58 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2014/11/19 16:24:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/11/19 16:22:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2014/11/17 06:44:08 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2014/11/17 06:42:29 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/11/17 06:42:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/11/08 14:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2014/11/08 08:05:08 | 000,001,829 | ---- | C] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
    [2014/11/08 08:05:08 | 000,001,815 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    [2014/09/29 18:14:43 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/09/29 16:25:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2014/09/29 16:04:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2014/09/29 16:04:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2014/09/29 16:04:13 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2014/09/29 16:04:13 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2014/09/29 16:04:13 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2014/09/29 15:52:26 | 000,000,030 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\fixcfg.ini
     
    ========== ZeroAccess Check ==========
     
    [2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 15:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 14:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
     
    < End of report >

    • 0

    #9
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
    L logfile created on: 4/12/2014 9:03:04 p.m. - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julie-Anne\J&N (3)
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17420)
    Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
     
    3.80 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 57.04% Memory free
    7.60 Gb Paging File | 5.41 Gb Available in Paging File | 71.09% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 420.82 Gb Free Space | 90.37% Space Free | Partition Type: NTFS
     
    Computer Name: TOSHIBA | User Name: Julie-Anne | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - [2014/12/04 21:01:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie-Anne\J&N (3)\OTL.exe
    PRC - [2014/11/28 15:18:33 | 000,725,696 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    PRC - [2014/11/28 15:18:31 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2014/11/17 06:42:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    PRC - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - [2014/11/28 02:42:36 | 000,879,808 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libGLESv2.dll
    MOD - [2014/11/28 02:34:18 | 000,956,608 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
    MOD - [2014/11/28 02:33:18 | 000,134,848 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libEGL.dll
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - [2014/11/13 10:52:58 | 007,615,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
    SRV:64bit: - [2014/11/13 10:52:22 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
    SRV:64bit: - [2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2014/12/03 00:56:33 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/11/28 15:18:31 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2014/11/27 05:24:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/03/21 11:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - [2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2013/10/02 15:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/07/19 00:54:52 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2013/02/07 00:24:06 | 000,469,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2013/02/07 00:24:04 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
    DRV:64bit: - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/24 03:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/24 03:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/04 19:27:34 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2011/03/11 19:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 19:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/29 10:10:41 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/30 23:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/02/27 12:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/14 20:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/15 18:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2009/06/11 10:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/11 10:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/11 10:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=u159
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
     
    ========== FireFox ==========
     
    FF - prefs.js..browser.search.order.3: "Bing "
    FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...com/?ocid=iehp"
    FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
    FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U159&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
     
    [2014/10/29 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Extensions
    [2014/11/19 23:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions
    [2014/11/09 12:05:50 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
    [2014/11/18 23:14:10 | 000,000,000 | ---D | M] (Pinterest Pin Button) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}
    [2014/10/30 05:15:13 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\[email protected]
    [2014/11/27 01:18:35 | 000,014,177 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\bookmarkbackups\bookmarks-2014-11-27_110_i+XpIq03NUG9QGp2E+pWBw==.jsonlz4
    [2014/11/19 23:14:11 | 000,644,339 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
    [2014/11/03 13:27:26 | 000,024,427 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
    [2014/11/13 22:40:40 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/11/20 04:51:00 | 000,006,057 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\searchplugins\bingp.xml
    [2014/12/02 12:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/12/02 12:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012A706E-5880-47D1-976B-B125E8710881}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: NameServer = 156.154.70.22,156.154.71.22
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2014/12/04 19:30:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/12/04 19:25:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/12/04 19:00:55 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/12/04 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/12/04 18:58:35 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/12/04 18:58:35 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/12/04 18:58:35 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/12/04 14:51:12 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Baidu
    [2014/12/04 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82805
    [2014/12/04 14:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
    [2014/12/04 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2014/12/04 14:13:16 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Baidu Security
    [2014/12/04 14:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2014/12/04 14:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2014/12/04 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2014/12/04 14:05:02 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\TestApp
    [2014/12/04 14:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu Security
    [2014/12/04 14:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu Security
    [2014/12/03 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Comodo
    [2014/12/03 01:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    [2014/12/03 01:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
    [2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
    [2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
    [2014/12/03 00:27:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASP
    [2014/12/02 02:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
    [2014/12/01 12:09:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\COMODO REDUNDANT DETECTIONS
    [2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Deployment
    [2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apps
    [2014/12/01 05:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tap0901
    [2014/11/30 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Diagnostics
    [2014/11/29 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/11/29 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/11/28 15:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
    [2014/11/28 15:11:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2014/11/28 15:11:31 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2014/11/28 03:47:27 | 000,000,000 | -H-D | C] -- C:\VTRoot
    [2014/11/28 03:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2014/11/28 02:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space
    [2014/11/28 02:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2014/11/28 02:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2014/11/28 02:54:13 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Comodo
    [2014/11/28 02:54:07 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2014/11/28 02:54:07 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2014/11/28 02:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
    [2014/11/28 02:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/11/27 17:17:22 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\vlc
    [2014/11/27 17:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2014/11/27 17:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
    [2014/11/27 05:24:10 | 004,443,312 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2014/11/26 12:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2014/11/26 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/11/26 12:46:17 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/11/26 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2014/11/26 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2014/11/26 12:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2014/11/23 09:54:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Various_Artists_-_Death_Row_Greatest_Hits_Disc_2_(1996)_320_-_HIPHOPISDREAM.COM
    [2014/11/20 03:30:59 | 000,000,000 | -HSD | C] -- C:\Users\Julie-Anne\AppData\Local\EmieBrowserModeList
    [2014/11/19 18:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2014/11/19 18:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2014/11/19 18:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Apple Computer
    [2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple Computer
    [2014/11/19 16:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2014/11/19 16:24:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2014/11/19 16:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    [2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2014/11/19 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple
    [2014/11/19 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2014/11/19 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2014/11/17 08:33:56 | 000,000,000 | ---D | C] -- C:\NPE
    [2014/11/17 08:30:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\NPE
    [2014/11/17 06:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2014/11/17 06:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2014/11/17 06:42:17 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Google
    [2014/11/14 07:03:40 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Programs
    [2014/11/13 10:53:14 | 000,021,304 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
    [2014/11/13 10:52:58 | 000,041,856 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
    [2014/11/13 10:52:56 | 000,438,912 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
    [2014/11/13 10:52:56 | 000,353,392 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
    [2014/11/13 10:52:48 | 000,354,520 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
    [2014/11/13 10:52:44 | 000,045,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
    [2014/11/13 10:52:36 | 000,286,424 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
    [2014/11/13 10:52:32 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
    [2014/11/12 15:32:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
    [2014/11/12 15:32:59 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
    [2014/11/12 15:32:59 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
    [2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
    [2014/11/12 15:32:56 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
    [2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
    [2014/11/12 15:32:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/11/12 15:32:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/11/12 15:32:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/11/12 15:32:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/11/12 15:32:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/11/12 15:32:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/11/12 15:32:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/11/12 15:32:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/11/12 15:32:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/11/12 15:32:50 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/11/12 15:32:50 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/11/12 15:32:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/11/12 15:32:49 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2014/11/12 15:32:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/11/12 15:32:49 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/11/12 15:32:49 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/11/12 15:32:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/11/12 15:32:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/11/12 15:32:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/11/12 15:32:48 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/11/12 15:32:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/11/12 15:32:47 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/11/12 15:32:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2014/11/12 15:32:46 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/11/12 15:32:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/11/12 15:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/11/12 15:32:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2014/11/12 15:32:45 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/11/12 15:32:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/11/12 15:32:44 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/11/12 15:32:44 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2014/11/12 15:32:44 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/11/12 15:32:44 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/11/12 15:32:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/11/12 15:32:43 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2014/11/12 15:30:59 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
    [2014/11/12 15:30:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
    [2014/11/12 15:30:57 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
    [2014/11/12 15:30:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
    [2014/11/12 15:30:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
    [2014/11/12 15:30:57 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
    [2014/11/12 15:30:57 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
    [2014/11/12 15:30:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2014/11/12 15:30:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
    [2014/11/12 15:30:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
    [2014/11/12 15:30:45 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
    [2014/11/12 15:30:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
    [2014/11/11 13:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2014/11/11 06:30:51 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Tenancy Docs
    [2014/11/08 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\ElevatedDiagnostics
    [2014/11/08 08:05:09 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Spotify
    [2014/11/08 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Spotify
    [2014/11/07 14:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
    [2014/11/07 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
    [2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
    [2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
    [2014/11/07 14:22:08 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\InstallShield
    [2014/11/07 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Downloaded Installations
    [2014/11/07 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\WinBatch
     
    ========== Files - Modified Within 30 Days ==========
     
    [2014/12/04 21:01:26 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/12/04 20:55:05 | 003,703,048 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/12/04 20:47:31 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/12/04 20:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2014/12/04 19:03:23 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/12/04 18:58:40 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/12/04 18:58:35 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/12/04 18:58:35 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
    [2014/12/04 18:58:35 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/12/04 18:48:45 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/12/04 18:48:45 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/12/04 18:41:58 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/12/04 18:41:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/12/04 18:41:28 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2014/12/04 15:25:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2014/12/03 01:34:50 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
    [2014/12/03 01:28:49 | 000,918,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/12/03 01:28:49 | 000,753,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/12/03 01:28:49 | 000,173,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/12/03 01:26:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
    [2014/11/30 19:19:50 | 000,007,618 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
    [2014/11/28 15:18:36 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2014/11/28 15:18:32 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2014/11/28 15:18:32 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2014/11/28 15:11:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
    [2014/11/28 15:11:31 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
    [2014/11/28 02:57:51 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2014/11/27 17:45:37 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/11/27 05:24:16 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/11/27 05:24:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/11/27 05:24:10 | 004,443,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2014/11/26 12:45:45 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2014/11/19 18:20:58 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2014/11/19 16:24:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/11/17 06:44:09 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
    [2014/11/13 10:52:58 | 000,041,856 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
    [2014/11/13 10:52:56 | 000,438,912 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
    [2014/11/13 10:52:56 | 000,353,392 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
    [2014/11/13 10:52:48 | 000,354,520 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
    [2014/11/13 10:52:44 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
    [2014/11/13 10:52:36 | 000,286,424 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
    [2014/11/13 10:52:32 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
    [2014/11/13 03:23:47 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/11/08 14:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2014/11/08 08:05:08 | 000,001,829 | ---- | M] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
    [2014/11/06 17:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
    [2014/11/06 16:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2014/11/06 16:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2014/11/06 16:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
    [2014/11/06 16:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
    [2014/11/06 16:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2014/11/06 16:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2014/11/06 16:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
    [2014/11/06 16:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
    [2014/11/06 16:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2014/11/06 16:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
    [2014/11/06 16:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
    [2014/11/06 16:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2014/11/06 16:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
    [2014/11/06 16:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
    [2014/11/06 16:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
    [2014/11/06 16:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2014/11/06 16:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
    [2014/11/06 16:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2014/11/06 16:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2014/11/06 15:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2014/11/06 15:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
    [2014/11/06 15:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
    [2014/11/06 15:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    [2014/11/06 15:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2014/11/06 15:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2014/11/06 15:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
    [2014/11/06 15:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2014/11/06 15:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
    [2014/11/06 15:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2014/11/06 15:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2014/11/06 15:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
    [2014/11/06 14:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
    [2014/11/06 14:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
    [2014/11/06 06:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
    [2014/11/06 06:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
    [2014/11/06 06:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
     
    ========== Files Created - No Company Name ==========
     
    [2014/12/04 18:58:40 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/12/04 15:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2014/12/03 01:34:50 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
    [2014/12/03 01:26:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2014/11/29 15:04:16 | 000,007,618 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
    [2014/11/28 03:42:21 | 003,703,048 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
    [2014/11/28 02:57:51 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2014/11/28 02:57:44 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2014/11/28 02:54:15 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2014/11/27 17:15:50 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2014/11/19 18:20:58 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2014/11/19 16:24:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2014/11/19 16:22:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2014/11/17 06:44:08 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2014/11/17 06:42:29 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/11/17 06:42:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/11/08 14:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
    [2014/11/08 08:05:08 | 000,001,829 | ---- | C] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
    [2014/11/08 08:05:08 | 000,001,815 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    [2014/09/29 18:14:43 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2014/09/29 16:25:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
    [2014/09/29 16:04:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2014/09/29 16:04:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2014/09/29 16:04:13 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2014/09/29 16:04:13 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2014/09/29 16:04:13 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2014/09/29 15:52:26 | 000,000,030 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\fixcfg.ini
     
    ========== ZeroAccess Check ==========
     
    [2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 15:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 14:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== Alternate Data Streams ==========
     
    @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
     
    < End of report >

    • 0

    #10
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
    Ran by Julie-Anne (administrator) on TOSHIBA on 04-12-2014 21:16:17
    Running from C:\Users\Julie-Anne\J&N (3)
    Loaded Profile: Julie-Anne (Available profiles: Julie-Anne)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\find.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
    (Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon.exe
    (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
    (OldTimer Tools) C:\Users\Julie-Anne\J&N (3)\OTL.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.)
    HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3014384 2013-02-07] (Synaptics Incorporated)
    HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-11-13] (COMODO)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1508351825-2038946537-1176088434-1000\...\MountPoints2: {d27d13cc-4830-11e4-a974-806e6f6e6963} - D:\setup.exe
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKU\S-1-5-21-1508351825-2038946537-1176088434-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=u159
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{012A706E-5880-47D1-976B-B125E8710881}: [NameServer] 156.154.70.22,156.154.71.22
    Tcpip\..\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: [NameServer] 156.154.70.22,156.154.71.22
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default
    FF SearchEngineOrder.3: Bing 
    FF Homepage: hxxp://www.bing.com/?pc=U159|hxxp://www.msn.com/?ocid=iehp
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U159DF&PC=U159&q=
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
    FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\searchplugins\bingp.xml
    FF Extension: Better Battlelog (BBLog) - C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\Extensions\[email protected] [2014-10-30]
    FF Extension: AddThis - C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} [2014-11-09]
    FF Extension: Pinterest Pin Button - C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17} [2014-11-18]
    FF Extension: ZenMate Security &amp; Privacy VPN - C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\Extensions\[email protected] [2014-11-15]
    FF Extension: Translate This! - C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\Extensions\[email protected] [2014-11-03]
    FF Extension: Adblock Plus - C:\Users\Julie-Anne\AppData\Roaming\Mozilla\Firefox\Profiles\hyouixo8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-29]
     
    Chrome: 
    =======
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7615952 2014-11-13] (COMODO)
    R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-11-13] (COMODO)
    R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2370240 2014-11-28] (Comodo Security Solutions, Inc.)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21304 2014-11-13] (COMODO)
    R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [793768 2014-11-13] (COMODO)
    R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [47000 2014-11-13] (COMODO)
    R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105728 2014-11-13] (COMODO)
    R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [129224 2013-07-19] (Qualcomm Atheros Co., Ltd.)
    R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-02-07] (Synaptics Incorporated)
    S1 ccHP; \SystemRoot\system32\drivers\N360x64\0401000.020\ccHPx64.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-04 21:16 - 2014-12-04 21:16 - 00000000 ____D () C:\FRST
    2014-12-04 19:30 - 2014-12-04 19:30 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-04 19:25 - 2014-12-04 19:34 - 00000000 ____D () C:\AdwCleaner
    2014-12-04 19:00 - 2014-12-04 19:03 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-04 18:58 - 2014-12-04 18:58 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-04 18:58 - 2014-12-04 18:58 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-04 18:58 - 2014-12-04 18:58 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-04 18:58 - 2014-12-04 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-04 16:53 - 2014-12-04 18:41 - 00001760 _____ () C:\Windows\setupact.log
    2014-12-04 16:53 - 2014-12-04 16:53 - 00000580 _____ () C:\Windows\PFRO.log
    2014-12-04 16:53 - 2014-12-04 16:53 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-04 16:05 - 2014-12-04 16:05 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
    2014-12-04 16:00 - 2014-12-04 16:02 - 00001776 _____ () C:\Windows\DPINST.LOG
    2014-12-04 15:25 - 2014-12-04 15:25 - 00000000 _____ () C:\Windows\system32\Drivers\Cat.DB
    2014-12-04 14:51 - 2014-12-04 14:51 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\Baidu
    2014-12-04 14:46 - 2014-12-04 14:46 - 00000000 ____D () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82805
    2014-12-04 14:39 - 2014-12-04 14:47 - 00000000 ____D () C:\ProgramData\Baidu
    2014-12-04 14:30 - 2014-12-04 14:30 - 00000000 ____D () C:\Program Files (x86)\PC Tools
    2014-12-04 14:13 - 2014-12-04 14:13 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\Baidu Security
    2014-12-04 14:05 - 2014-12-04 15:06 - 00000000 ____D () C:\ProgramData\TEMP
    2014-12-04 14:05 - 2014-12-04 14:31 - 00000000 ____D () C:\ProgramData\PC Tools
    2014-12-04 14:05 - 2014-12-04 14:05 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\TestApp
    2014-12-04 14:04 - 2014-12-04 15:23 - 00000000 ____D () C:\ProgramData\Baidu Security
    2014-12-04 14:04 - 2014-12-04 14:04 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
    2014-12-03 05:11 - 2014-12-03 05:22 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\Comodo
    2014-12-03 01:34 - 2014-12-04 16:15 - 00000000 ____D () C:\Program Files\Recuva
    2014-12-03 01:34 - 2014-12-03 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2014-12-03 01:26 - 2014-12-03 01:26 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-12-03 00:27 - 2014-12-03 02:28 - 00000000 ____D () C:\ProgramData\Systweak
    2014-12-03 00:27 - 2014-12-03 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
    2014-12-03 00:27 - 2014-12-03 01:17 - 00000000 ____D () C:\Program Files (x86)\ASP
    2014-12-02 03:43 - 2014-12-02 03:43 - 00002773 _____ () C:\Users\Julie-Anne\J&N (6)\RKreport_SCN_12022014_033128.log
    2014-12-02 02:05 - 2014-12-03 04:43 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-12-01 12:09 - 2014-12-02 14:47 - 00000000 ____D () C:\Users\Julie-Anne\J&N (6)\COMODO REDUNDANT DETECTIONS
    2014-12-01 05:35 - 2014-12-01 07:03 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Deployment
    2014-12-01 05:35 - 2014-12-01 05:35 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Apps\2.0
    2014-12-01 05:34 - 2014-12-03 01:17 - 00000000 ____D () C:\Program Files (x86)\Tap0901
    2014-11-29 15:04 - 2014-11-30 19:19 - 00007618 _____ () C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
    2014-11-29 14:48 - 2014-12-03 01:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-11-29 14:48 - 2014-12-03 01:26 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-28 15:18 - 2014-12-03 00:55 - 00000000 ____D () C:\Program Files (x86)\Comodo
    2014-11-28 15:11 - 2014-11-28 15:11 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
    2014-11-28 15:11 - 2014-11-28 15:11 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2014-11-28 15:11 - 2014-11-28 15:11 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2014-11-28 03:47 - 2014-12-01 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-11-28 03:47 - 2014-11-28 03:47 - 00000000 ___HD () C:\VTRoot
    2014-11-28 03:46 - 2014-12-03 01:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-11-28 03:46 - 2014-12-03 01:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-11-28 03:42 - 2014-12-04 21:10 - 03701358 _____ () C:\Windows\system32\Drivers\fvstore.dat
    2014-11-28 02:57 - 2014-12-04 21:11 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat
    2014-11-28 02:57 - 2014-12-04 15:24 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
    2014-11-28 02:56 - 2014-12-01 13:40 - 00000000 ____D () C:\ProgramData\Shared Space
    2014-11-28 02:54 - 2014-12-03 00:57 - 00000000 ____D () C:\Program Files\COMODO
    2014-11-28 02:54 - 2014-11-28 15:18 - 00057096 _____ (COMODO CA Limited) C:\Windows\system32\certsentry.dll
    2014-11-28 02:54 - 2014-11-28 15:18 - 00048392 _____ (COMODO CA Limited) C:\Windows\SysWOW64\certsentry.dll
    2014-11-28 02:54 - 2014-11-28 03:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    2014-11-28 02:54 - 2014-11-28 02:54 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Comodo
    2014-11-28 02:53 - 2014-11-28 02:53 - 00000000 ____D () C:\ProgramData\Comodo Downloader
    2014-11-28 02:51 - 2014-12-04 15:21 - 00000000 ____D () C:\ProgramData\Comodo
    2014-11-27 23:15 - 2014-11-27 23:15 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Identity Safe
    2014-11-27 17:21 - 2014-12-04 18:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-27 17:21 - 2014-12-03 00:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-11-27 17:17 - 2014-12-04 15:24 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\vlc
    2014-11-27 17:15 - 2014-12-04 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2014-11-27 17:15 - 2014-12-04 15:24 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
    2014-11-27 05:24 - 2014-11-27 05:24 - 04443312 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2014-11-26 12:46 - 2014-11-26 12:46 - 00000000 ____D () C:\ProgramData\Sun
    2014-11-26 12:46 - 2014-11-26 12:45 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-11-26 12:45 - 2014-11-26 12:46 - 00000000 ____D () C:\ProgramData\Oracle
    2014-11-26 12:45 - 2014-11-26 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-11-26 12:45 - 2014-11-26 12:45 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-11-26 12:44 - 2014-11-26 12:44 - 00003174 _____ () C:\Windows\System32\Tasks\{17E0ECCE-8E16-4E32-B4CC-A64AFA3441AA}
    2014-11-23 09:54 - 2014-12-03 01:17 - 00000000 ____D () C:\Users\Julie-Anne\J&N (6)\Various_Artists_-_Death_Row_Greatest_Hits_Disc_2_(1996)_320_-_HIPHOPISDREAM.COM
    2014-11-20 03:57 - 2014-11-11 16:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-20 03:57 - 2014-11-11 16:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
    2014-11-20 03:57 - 2014-11-11 15:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-20 03:57 - 2014-11-11 15:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
    2014-11-20 03:30 - 2014-11-20 03:30 - 00000000 __SHD () C:\Users\Julie-Anne\AppData\Local\EmieBrowserModeList
    2014-11-19 18:21 - 2014-12-03 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2014-11-19 18:20 - 2014-12-03 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-11-19 18:20 - 2014-12-03 00:57 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-11-19 16:24 - 2014-12-04 15:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-11-19 16:24 - 2014-12-04 15:24 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-11-19 16:24 - 2014-12-03 12:43 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\Apple Computer
    2014-11-19 16:24 - 2014-12-01 08:13 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Apple Computer
    2014-11-19 16:24 - 2014-11-19 16:24 - 00000000 ____D () C:\ProgramData\Apple Computer
    2014-11-19 16:24 - 2014-11-19 16:24 - 00000000 ____D () C:\Program Files\iTunes
    2014-11-19 16:24 - 2014-11-19 16:24 - 00000000 ____D () C:\Program Files\iPod
    2014-11-19 16:24 - 2014-11-19 16:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-11-19 16:24 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2014-11-19 16:23 - 2014-11-19 16:23 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Apple
    2014-11-19 16:22 - 2014-12-04 16:05 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2014-11-19 16:22 - 2014-11-19 18:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-11-19 16:22 - 2014-11-19 16:22 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-11-19 16:21 - 2014-12-04 16:05 - 00000000 ____D () C:\Program Files\Bonjour
    2014-11-19 16:21 - 2014-12-04 16:05 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-11-19 16:21 - 2014-11-19 16:22 - 00000000 ____D () C:\ProgramData\Apple
    2014-11-17 08:33 - 2014-11-27 16:59 - 00000000 ____D () C:\NPE
    2014-11-17 08:30 - 2014-11-27 17:05 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\NPE
    2014-11-17 06:44 - 2014-11-17 06:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2014-11-17 06:42 - 2014-12-04 20:47 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-11-17 06:42 - 2014-12-04 18:41 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-11-17 06:42 - 2014-12-03 00:55 - 00000000 ____D () C:\Program Files (x86)\Google
    2014-11-17 06:42 - 2014-12-02 13:44 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Google
    2014-11-17 06:42 - 2014-11-17 06:42 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-17 06:42 - 2014-11-17 06:42 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-11-13 10:53 - 2014-11-13 10:53 - 00793768 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
    2014-11-13 10:53 - 2014-11-13 10:53 - 00105728 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
    2014-11-13 10:53 - 2014-11-13 10:53 - 00047000 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
    2014-11-13 10:53 - 2014-11-13 10:53 - 00021304 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
    2014-11-13 10:52 - 2014-11-13 10:52 - 00438912 _____ (COMODO) C:\Windows\system32\guard64.dll
    2014-11-13 10:52 - 2014-11-13 10:52 - 00354520 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
    2014-11-13 10:52 - 2014-11-13 10:52 - 00353392 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
    2014-11-13 10:52 - 2014-11-13 10:52 - 00286424 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
    2014-11-13 10:52 - 2014-11-13 10:52 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
    2014-11-13 10:52 - 2014-11-13 10:52 - 00041856 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
    2014-11-13 10:52 - 2014-11-13 10:52 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
    2014-11-12 15:32 - 2014-11-08 08:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-11-12 15:32 - 2014-11-08 08:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-11-12 15:32 - 2014-11-06 17:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-11-12 15:32 - 2014-11-06 17:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-11-12 15:32 - 2014-11-06 17:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-11-12 15:32 - 2014-11-06 16:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-11-12 15:32 - 2014-11-06 16:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-11-12 15:32 - 2014-11-06 16:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-11-12 15:32 - 2014-11-06 16:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-11-12 15:32 - 2014-11-06 16:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-11-12 15:32 - 2014-11-06 16:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-11-12 15:32 - 2014-11-06 16:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-11-12 15:32 - 2014-11-06 16:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-11-12 15:32 - 2014-11-06 16:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-11-12 15:32 - 2014-11-06 16:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-11-12 15:32 - 2014-11-06 16:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-11-12 15:32 - 2014-11-06 16:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-11-12 15:32 - 2014-11-06 16:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-11-12 15:32 - 2014-11-06 16:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-11-12 15:32 - 2014-11-06 16:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-11-12 15:32 - 2014-11-06 16:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-11-12 15:32 - 2014-11-06 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-11-12 15:32 - 2014-11-06 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-11-12 15:32 - 2014-11-06 16:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-11-12 15:32 - 2014-11-06 16:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-11-12 15:32 - 2014-11-06 16:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-11-12 15:32 - 2014-11-06 16:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-11-12 15:32 - 2014-11-06 16:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-11-12 15:32 - 2014-11-06 16:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-11-12 15:32 - 2014-11-06 16:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-11-12 15:32 - 2014-11-06 16:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-11-12 15:32 - 2014-11-06 16:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-11-12 15:32 - 2014-11-06 15:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-11-12 15:32 - 2014-11-06 15:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-11-12 15:32 - 2014-11-06 15:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-11-12 15:32 - 2014-11-06 15:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-11-12 15:32 - 2014-11-06 15:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-11-12 15:32 - 2014-11-06 15:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-11-12 15:32 - 2014-11-06 15:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-11-12 15:32 - 2014-11-06 15:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-11-12 15:32 - 2014-11-06 15:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-11-12 15:32 - 2014-11-06 15:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-11-12 15:32 - 2014-11-06 15:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-11-12 15:32 - 2014-11-06 15:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-11-12 15:32 - 2014-11-06 15:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-11-12 15:32 - 2014-11-06 15:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-11-12 15:32 - 2014-11-06 15:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-11-12 15:32 - 2014-11-06 15:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-11-12 15:32 - 2014-11-06 15:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-11-12 15:32 - 2014-11-06 15:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-11-12 15:32 - 2014-11-06 15:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-11-12 15:32 - 2014-11-06 15:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-11-12 15:32 - 2014-11-06 14:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-11-12 15:32 - 2014-11-06 14:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-11-12 15:32 - 2014-11-06 14:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-11-12 15:32 - 2014-11-06 14:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-11-12 15:32 - 2014-11-06 06:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-11-12 15:32 - 2014-11-06 06:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-11-12 15:32 - 2014-11-06 06:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-11-12 15:32 - 2014-10-14 15:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-11-12 15:32 - 2014-10-14 15:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-12 15:32 - 2014-10-14 15:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-12 15:32 - 2014-10-14 15:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-12 15:32 - 2014-10-14 15:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-12 15:32 - 2014-10-14 14:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-12 15:32 - 2014-10-14 14:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-11-12 15:32 - 2014-10-14 14:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-12 15:32 - 2014-10-14 14:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-12 15:31 - 2014-08-21 19:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-12 15:31 - 2014-08-21 19:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-12 15:31 - 2014-08-21 19:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-12 15:31 - 2014-08-21 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-12 15:30 - 2014-10-25 14:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-12 15:30 - 2014-10-25 14:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-12 15:30 - 2014-10-18 15:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-12 15:30 - 2014-10-18 14:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-12 15:30 - 2014-10-14 15:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-11-12 15:30 - 2014-10-14 14:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-11-12 15:30 - 2014-10-10 13:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-12 15:30 - 2014-10-03 15:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-12 15:30 - 2014-10-03 15:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-12 15:30 - 2014-10-03 15:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-12 15:30 - 2014-10-03 15:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-11-12 15:30 - 2014-10-03 15:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-12 15:30 - 2014-10-03 14:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-12 15:30 - 2014-10-03 14:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-12 15:30 - 2014-10-03 14:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-12 15:30 - 2014-09-19 22:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-11-12 15:30 - 2014-09-19 22:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-11-12 15:30 - 2014-09-19 22:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-11-12 15:30 - 2014-09-19 22:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-11-12 15:30 - 2014-09-19 22:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-11-12 15:30 - 2014-09-19 22:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-11-12 15:30 - 2014-09-19 22:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-11-12 15:30 - 2014-09-19 22:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-11-12 15:30 - 2014-09-19 22:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-11-12 15:30 - 2014-09-19 22:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-11-12 15:30 - 2014-09-19 22:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-11-12 15:30 - 2014-09-19 22:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-11-12 15:30 - 2014-08-12 15:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-12 15:30 - 2014-08-12 14:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-11 13:43 - 2014-12-03 01:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-11 06:30 - 2014-11-14 01:42 - 00000000 ____D () C:\Users\Julie-Anne\J&N (6)\Tenancy Docs
    2014-11-08 14:44 - 2014-11-08 14:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
    2014-11-08 08:05 - 2014-11-17 08:34 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Spotify
    2014-11-08 08:05 - 2014-11-08 08:05 - 00001829 _____ () C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
    2014-11-08 08:05 - 2014-11-08 08:05 - 00001815 _____ () C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2014-11-08 08:03 - 2014-12-03 03:12 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\Spotify
    2014-11-07 15:13 - 2014-12-04 16:04 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F0E0D968-F844-4EDB-A46A-E660FABD8268}
    2014-11-07 14:28 - 2014-12-03 01:17 - 00000000 ____D () C:\Program Files\TOSHIBA
    2014-11-07 14:22 - 2014-12-03 01:17 - 00000000 ____D () C:\ProgramData\Toshiba
    2014-11-07 14:22 - 2014-11-07 14:22 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\InstallShield
    2014-11-07 14:22 - 2014-11-07 14:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
    2014-11-07 14:22 - 2014-11-07 14:22 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
    2014-11-07 14:21 - 2014-11-07 14:21 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Downloaded Installations
    2014-11-07 14:19 - 2014-11-07 14:19 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\WinBatch
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-12-04 21:16 - 2014-09-29 15:32 - 00000000 ___RD () C:\Users\Julie-Anne\J&N (3)
    2014-12-04 20:24 - 2014-10-29 17:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-04 18:48 - 2009-07-14 17:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-04 18:48 - 2009-07-14 17:45 - 00029120 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-04 18:44 - 2014-09-29 15:32 - 01929516 _____ () C:\Windows\WindowsUpdate.log
    2014-12-04 18:41 - 2009-07-14 18:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-04 17:59 - 2014-10-30 07:48 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\CrashDumps
    2014-12-04 16:09 - 2014-09-29 15:32 - 00000000 ___RD () C:\Users\Julie-Anne\J&N (2)
    2014-12-04 15:26 - 2014-09-29 15:32 - 00000000 ____D () C:\Users\Julie-Anne
    2014-12-04 15:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\registration
    2014-12-04 14:23 - 2009-07-14 16:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-12-04 14:23 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
    2014-12-04 14:18 - 2014-09-30 19:16 - 00000000 ____D () C:\Windows\Panther
    2014-12-03 01:28 - 2009-07-14 18:13 - 00918688 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-03 01:20 - 2014-09-29 18:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-03 01:20 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\Msdtc
    2014-12-03 01:19 - 2009-07-14 18:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-12-03 01:17 - 2014-10-31 11:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
    2014-12-03 01:17 - 2014-10-31 11:45 - 00000000 ____D () C:\Program Files (x86)\Origin
    2014-12-03 01:17 - 2014-10-29 22:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-12-03 01:17 - 2014-09-29 16:26 - 00000000 ____D () C:\Program Files (x86)\Cisco
    2014-12-03 01:17 - 2014-09-29 16:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-12-03 01:17 - 2014-09-29 15:32 - 00000000 ___RD () C:\Users\Julie-Anne\J&N (9)
    2014-12-03 01:17 - 2014-09-29 15:32 - 00000000 ___RD () C:\Users\Julie-Anne\J&N (8)
    2014-12-03 01:17 - 2014-09-29 15:32 - 00000000 ___RD () C:\Users\Julie-Anne\J&N (7)
    2014-12-03 01:17 - 2014-09-29 15:32 - 00000000 ___RD () C:\Users\Julie-Anne\J&N (6)
    2014-12-03 01:12 - 2014-10-29 17:42 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
    2014-12-03 00:57 - 2014-10-29 22:07 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Mozilla
    2014-12-02 23:55 - 2014-10-31 12:15 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\Origin
    2014-12-02 23:55 - 2014-10-31 11:46 - 00000000 ____D () C:\ProgramData\Origin
    2014-12-02 15:07 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-01 05:34 - 2011-10-25 02:29 - 00033328 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
    2014-11-29 13:14 - 2011-04-12 21:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-11-28 02:49 - 2014-10-29 16:11 - 00000000 ____D () C:\ProgramData\Norton
    2014-11-27 17:14 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\Resources
    2014-11-27 05:24 - 2014-10-29 17:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-11-27 05:24 - 2014-10-29 17:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-11-27 05:24 - 2014-10-29 17:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-11-13 06:25 - 2009-07-14 16:20 - 00000000 ____D () C:\Windows\rescache
    2014-11-13 03:23 - 2009-07-14 17:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-11-13 03:03 - 2014-09-29 17:09 - 00000000 ____D () C:\Windows\system32\MRT
    2014-11-13 03:02 - 2014-09-29 17:09 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-11-11 06:27 - 2014-09-29 18:55 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Roaming\Adobe
    2014-11-11 05:54 - 2014-10-29 17:36 - 00000000 ____D () C:\Users\Julie-Anne\AppData\Local\Adobe
    2014-11-04 14:30 - 2010-11-21 16:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-11-26 21:40
     
    ==================== End Of Log ============================

    • 0

    Advertisements


    #11
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
     
    Ran by Julie-Anne at 2014-12-04 21:17:21
    Running from C:\Users\Julie-Anne\J&N (3)
    Boot Mode: Normal
    ==================== Shortcuts =============================
    (The entries could be listed to be restored or removed.)
     
     
     
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Uninstall.lnk -> C:\Program Files (x86)\VideoLAN\VLC\uninstall_vlc.mht (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Face Recognition Help.lnk -> C:\Program Files\TOSHIBA\SmartFaceV\Help\1033\index.htm (No File)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Face Recognition.lnk -> C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVSetting.exe (TOSHIBA Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Service Station.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Recuva.lnk -> C:\Program Files\Recuva\recuva64.exe (Piriform Ltd)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Uninstall Recuva.lnk -> C:\Program Files\Recuva\uninst.exe (Piriform Ltd)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\RichText.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}\QTPlayer.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin Error Reporter.lnk -> C:\Program Files (x86)\Origin\OriginER.exe (Electronic Arts)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin\Uninstall Origin.lnk -> C:\Program Files (x86)\Origin\OriginUninstall.exe (Electronic Arts, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dragon\Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\Dragon\Uninstall Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\uninstall.exe (Comodo)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\J&N (5)\Desktop.lnk -> C:\Users\Julie-Anne\J&N (2) ()
    Shortcut: C:\Users\Julie-Anne\J&N (5)\Downloads.lnk -> C:\Users\Julie-Anne\J&N (3) ()
    Shortcut: C:\Users\Julie-Anne\J&N (2)\Spotify.lnk -> C:\Users\Julie-Anne\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Julie-Anne\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Users\Julie-Anne\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
    Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
    Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    Shortcut: C:\Users\Public\Desktop\Comodo Dragon.lnk -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
    Shortcut: C:\Users\Public\Desktop\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
    Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    Shortcut: C:\Users\Public\Desktop\Origin.lnk -> C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)
    Shortcut: C:\Users\Public\Desktop\Recuva.lnk -> C:\Program Files\Recuva\recuva64.exe (Piriform Ltd)
    Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
     
     
     
     
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E} /qf
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab about
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab update
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Internet Security\Add and Remove components.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /I{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo\COMODO Internet Security\COMODO Internet Security.lnk -> C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO) -> --shortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
    ShortcutWithArgument: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\Users\Public\Desktop\COMODO Internet Security.lnk -> C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO) -> --shortcut
     
     
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva\Recuva Homepage.url -> hxxp://www.piriform.com/recuva
    InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
    InternetURL: C:\Users\Julie-Anne\J&N (7)\Various Artists - Death Row Greatest Hits Disc 1 (1996) 320 - HIPHOPISDREAM.COM\!HIPHOPISDREAM.COM.url -> hxxp://hiphopisdream.com/
    InternetURL: C:\Users\Julie-Anne\J&N (7)\Various Artists - Death Row Greatest Hits Disc 1 (1996) 320 - HIPHOPISDREAM.COM\FOLLOW US!.url -> hxxp://twitter.com/hiphopisdream/
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927
    InternetURL: C:\Users\Julie-Anne\J&N (4)\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143
    InternetURL: C:\Users\Julie-Anne\J&N (4)\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924
    InternetURL: C:\Users\Julie-Anne\J&N (4)\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923
    InternetURL: C:\Users\Julie-Anne\J&N (4)\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921
    InternetURL: C:\Users\Julie-Anne\J&N (4)\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729
    InternetURL: C:\Users\Julie-Anne\J&N (4)\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Links\BF4 Class Week The Assault - News - Battlelog - Battlefield 4.url -> hxxp://battlelog.battlefield.com/bf4/news/view/bf4-class-week-the-assault/
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\Julie-Anne\J&N (4)\Links\www.facebook.com.url -> https://www.facebook.com/
     
    ==================== End of log =============================

    • 0

    #12
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014
    Ran by Julie-Anne at 2014-12-04 21:16:55
    Running from C:\Users\Julie-Anne\J&N (3)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
    FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
    COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
    OpenVPN Tap Adapter 9.0.0.8 (HKLM-x32\...\OpenVPN Tap Adapter) (Version:  - )
    Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
    Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Spotify (HKU\S-1-5-21-1508351825-2038946537-1176088434-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.10.4 - Synaptics Incorporated)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    Windows Driver Package - TOSHIBA (QIOMem) System  (06/02/2009 2) (HKLM\...\49D2EFB4A8A60E26073C303D72445B7C1A0D6729) (Version: 06/02/2009 2 - TOSHIBA)
    Windows Driver Package - TOSHIBA (TVALZ) System  (07/14/2009 2.0.0.3) (HKLM\...\431B595EBA877CE1D3E3A48B287D4E74DA9EE7D2) (Version: 07/14/2009 2.0.0.3 - TOSHIBA)
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
     
    ==================== Restore Points  =========================
     
    30-11-2014 18:28:05 Restore Operation
    02-12-2014 00:39:17 Configured TOSHIBA Face Recognition
    02-12-2014 00:43:01 Configured TOSHIBA Face Recognition
    02-12-2014 00:57:15 Removed Cisco EAP-FAST Module
    02-12-2014 00:58:03 Removed Cisco LEAP Module
    02-12-2014 00:58:25 Removed Cisco PEAP Module
    02-12-2014 02:18:18 Configured TOSHIBA Face Recognition
    02-12-2014 10:14:46 Installed GeekBuddy.
    02-12-2014 11:28:43 Tuneup Pro Wed, Dec 03, 14  00:28
    02-12-2014 11:48:42 Restore Operation
    02-12-2014 14:00:12 Windows Update
    02-12-2014 14:28:22 CCE Restore Point
    04-12-2014 02:17:52 Restore Operation
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2009-07-14 15:34 - 2009-06-11 10:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {234F1AF0-7BA5-4222-A61D-4DF3A24FACC7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.)
    Task: {3E11D9BB-53F9-45F2-AEF0-7848B9ABCC5B} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
    Task: {4F56A8EE-AADF-4763-9AD9-EEC01D47CC10} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
    Task: {69A89627-1E9A-4007-9525-B39FEE639487} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
    Task: {89DEF043-8A85-4A1E-8D1D-D31F2A4A1672} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1508351825-2038946537-1176088434-1000
    Task: {985CEDCC-3A38-4698-91A8-3E793B74F14D} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-11-13] (COMODO)
    Task: {AA27938D-E334-4F9B-99F9-F69020F83F08} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-03] (Piriform Ltd)
    Task: {AC234F40-DFE7-4537-8BD6-1192898FF06D} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {B2055B81-8509-4BD3-BFCF-A522CDA2FC2C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {B5D0E032-86FB-4ABB-860D-4F6EAEE0381F} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
    Task: {B8E11739-30F7-4247-AB0D-33945D528E8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
    Task: {C5D7D036-D7AD-47CF-BDD1-9EA6413F388A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-17] (Google Inc.)
    Task: {E188A307-0828-4272-A4BD-D8CA4CE33EA8} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-11-13] (COMODO)
    Task: {E9E8F337-8621-4871-9F08-16306BDCB727} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.8.23\SymErr.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
     
    ==================== Loaded Modules (whitelisted) =============
     
    2013-04-15 17:39 - 2013-04-15 17:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
    2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-11-28 02:42 - 2014-11-28 02:42 - 00879808 _____ () C:\Program Files (x86)\Comodo\Dragon\libglesv2.dll
    2014-11-28 02:33 - 2014-11-28 02:33 - 00134848 _____ () C:\Program Files (x86)\Comodo\Dragon\libegl.dll
    2014-11-28 02:34 - 2014-11-28 02:34 - 00956608 _____ () C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
    AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID
    AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
     
    ==================== EXE Association (whitelisted) =============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== MSCONFIG/TASK MANAGER disabled items =========
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: SmartFaceVWatcher => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
     
    ========================= Accounts: ==========================
     
    Administrator (S-1-5-21-1508351825-2038946537-1176088434-500 - Administrator - Disabled)
    Guest (S-1-5-21-1508351825-2038946537-1176088434-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1508351825-2038946537-1176088434-1002 - Limited - Enabled)
    Julie-Anne (S-1-5-21-1508351825-2038946537-1176088434-1000 - Administrator - Enabled) => C:\Users\Julie-Anne
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
     
    System errors:
    =============
     
    Microsoft Office Sessions:
    =========================
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
    Percentage of memory in use: 47%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 2032.11 MB
    Total Pagefile: 7785.9 MB
    Available Pagefile: 5391.34 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB
     
    ==================== Drives ================================
     
    Drive c: () (Fixed) (Total:465.66 GB) (Free:420.75 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3D8426B)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Not seeing much.  You do appear to have a lot of Norton tasks and a driver left which probably should have been deleted when you removed Norton/Symantec.  I would run the Norton removal tool:

     

    Download and save the norton removal tool
    Right click on it and Run As Admin.  (Reboot after it runs if it doesn't fo it for you.)
     
    Let's check the hard drive and the system files:
     
    1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
    2. Click Properties, and then click Tools.
    3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
    4. Check both boxes and then click Start.
    You will receive the following message:
    The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
    Click Yes to schedule the disk check, but don't restart yet.
     
    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
     
    sfc /scannow
     
    (SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application. (When you run it a second time it will overwrite the first log so copy and paste it into a reply before hand)
     
    If you are seeing a lot of messages from your firewall that indicate some sort of attack you should realize that this is unfortunately normal.  What is not normal is that the firewall bothers you with this information.  Usually there is an option to turn off such notifications.  Looks like the default is Do Not Show Popups:   https://help.comodo....-451-4770-.html

    • 0

    #14
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    every time I plug in my Ipod it starts to upload drivers and is there any way I can show you theses just driver upon driver and I cant un install because they have trusted indstaller staus Is there any way I can get them off my computer?


    • 0

    #15
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    every time I plug in my Ipod it starts to upload drivers and is there any way I can show you theses just driver upon driver and I cant un install because they have trusted indstaller staus Is there any way I can get them off my computer?

    If you tell me how to post a screen shot I will tell you ..I am freaking out I just got a new hard drive and I go to a forum and this happens some people are just soo nasty!!!


    • 0






    Similar Topics


    Also tagged with one or more of these keywords: hacked, rootkits.hijack software, malware viruses

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP