here is that screen shot I used the basic uploader never had to do that before!!!
scratch that I got you now... copied and pasted into OTC and running scan now
Edited by angel959, 06 December 2014 - 09:04 AM.
HELP PLEASE!COMPUTER BEING ATTACKED THROUGH IP
Started by
angel959
, Dec 01 2014 06:05 AM
hacked rootkits.hijack software malware viruses
#31
Posted 06 December 2014 - 08:50 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
#32
Posted 06 December 2014 - 08:57 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
OTL logfile created on: 7/12/2014 3:50:01 a.m. - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julie-Anne\J&N (3)
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
3.80 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 37.04% Memory free
7.60 Gb Paging File | 4.74 Gb Available in Paging File | 62.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 428.14 Gb Free Space | 91.94% Space Free | Partition Type: NTFS
Computer Name: TOSHIBA | User Name: Julie-Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/12/06 00:24:21 | 000,725,696 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
PRC - [2014/12/06 00:24:18 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014/12/04 21:01:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie-Anne\J&N (3)\OTL.exe
PRC - [2014/11/17 06:42:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/08 08:05:06 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\Julie-Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
========== Modules (No Company Name) ==========
MOD - [2014/11/28 02:42:36 | 000,879,808 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libGLESv2.dll
MOD - [2014/11/28 02:34:18 | 000,956,608 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
MOD - [2014/11/28 02:33:18 | 000,134,848 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libEGL.dll
MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/11/13 10:52:58 | 007,615,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV:64bit: - [2014/11/13 10:52:22 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/12/06 03:47:03 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/12/06 00:24:18 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/12/03 00:56:33 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/27 05:24:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/21 11:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/21 16:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/02 15:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/19 00:54:52 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2013/02/07 00:24:06 | 000,469,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/02/07 00:24:04 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 03:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 03:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/04 19:27:34 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/03/11 19:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 19:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 10:10:41 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/30 23:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/02/27 12:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 20:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 18:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 10:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 10:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 10:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=u159
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...com/?ocid=iehp"
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U159&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2014/10/29 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Extensions
[2014/12/05 23:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions
[2014/11/09 12:05:50 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/11/18 23:14:10 | 000,000,000 | ---D | M] (Pinterest Pin Button) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}
[2014/10/30 05:15:13 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
[2014/11/27 01:18:35 | 000,014,177 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\bookmarkbackups\bookmarks-2014-11-27_110_i+XpIq03NUG9QGp2E+pWBw==.jsonlz4
[2014/11/19 23:14:11 | 000,644,339 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
[2014/11/03 13:27:26 | 000,024,427 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
[2014/11/13 22:40:40 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/12/02 12:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/02 12:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_B8496BBA784EBCAF5D2F844CFA06FB4E] C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Julie-Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012A706E-5880-47D1-976B-B125E8710881}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: NameServer = 156.154.70.22,156.154.71.22
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\TSpkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\TSpkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/12/06 06:29:27 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/12/06 04:30:27 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2014/12/06 04:29:53 | 000,000,000 | ---D | C] -- C:\RMVFLTR.TEMP
[2014/12/06 04:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/12/06 04:18:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/12/06 04:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/12/06 04:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/12/06 04:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/12/06 04:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/12/05 23:54:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Comodo
[2014/12/05 23:54:55 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/12/05 23:54:55 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/12/05 23:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014/12/04 21:16:14 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/04 19:30:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/04 19:25:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/04 19:00:55 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/04 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/04 18:58:35 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/04 18:58:35 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/04 18:58:35 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/04 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82805
[2014/12/04 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2014/12/04 14:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2014/12/04 14:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/12/04 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2014/12/04 14:05:02 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\TestApp
[2014/12/03 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Comodo
[2014/12/03 01:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2014/12/03 01:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
[2014/12/02 02:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/12/01 12:09:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\COMODO REDUNDANT DETECTIONS
[2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Deployment
[2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apps
[2014/12/01 05:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tap0901
[2014/11/30 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Diagnostics
[2014/11/29 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/29 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/28 15:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2014/11/28 15:11:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014/11/28 15:11:31 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2014/11/28 03:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/11/28 02:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space
[2014/11/28 02:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014/11/28 02:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014/11/28 02:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/27 17:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/11/27 05:24:10 | 004,443,312 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/11/26 12:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/11/26 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/26 12:46:17 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/26 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/11/26 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/11/26 12:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/11/23 09:54:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Various_Artists_-_Death_Row_Greatest_Hits_Disc_2_(1996)_320_-_HIPHOPISDREAM.COM
[2014/11/20 03:30:59 | 000,000,000 | -HSD | C] -- C:\Users\Julie-Anne\AppData\Local\EmieBrowserModeList
[2014/11/19 18:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/11/19 18:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/11/19 18:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Apple Computer
[2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple Computer
[2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/11/19 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple
[2014/11/19 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/11/19 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/11/17 08:33:56 | 000,000,000 | ---D | C] -- C:\NPE
[2014/11/17 08:30:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\NPE
[2014/11/17 06:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/11/17 06:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/11/17 06:42:17 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Google
[2014/11/14 07:03:40 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Programs
[2014/11/13 10:53:14 | 000,021,304 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2014/11/13 10:52:58 | 000,041,856 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2014/11/13 10:52:56 | 000,438,912 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2014/11/13 10:52:56 | 000,353,392 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2014/11/13 10:52:48 | 000,354,520 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2014/11/13 10:52:44 | 000,045,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2014/11/13 10:52:36 | 000,286,424 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2014/11/13 10:52:32 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2014/11/12 15:32:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/11/12 15:32:59 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/12 15:32:59 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/12 15:32:56 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/12 15:32:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/12 15:32:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/12 15:32:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/12 15:32:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/12 15:32:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/12 15:32:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/12 15:32:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/12 15:32:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/12 15:32:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/12 15:32:50 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/12 15:32:50 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/12 15:32:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/12 15:32:49 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/12 15:32:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/12 15:32:49 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/12 15:32:49 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/12 15:32:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/12 15:32:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/12 15:32:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/12 15:32:48 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/12 15:32:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/12 15:32:47 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/12 15:32:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/12 15:32:46 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/12 15:32:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/12 15:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/12 15:32:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/12 15:32:45 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/12 15:32:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/12 15:32:44 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/12 15:32:44 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/12 15:32:44 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/12 15:32:44 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/12 15:32:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/12 15:32:43 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/12 15:30:59 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/12 15:30:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/12 15:30:57 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/12 15:30:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/12 15:30:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/12 15:30:57 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/12 15:30:57 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/12 15:30:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/12 15:30:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/12 15:30:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/12 15:30:45 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/11/12 15:30:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/11 13:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/11 06:30:51 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Tenancy Docs
[2014/11/08 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\ElevatedDiagnostics
[2014/11/08 08:05:09 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Spotify
[2014/11/08 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Spotify
[2014/11/07 14:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
[2014/11/07 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
[2014/11/07 14:22:08 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\InstallShield
[2014/11/07 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Downloaded Installations
[2014/11/07 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\WinBatch
========== Files - Modified Within 30 Days ==========
[2014/12/07 03:51:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/12/07 03:47:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 03:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/07 03:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\sfc
[2014/12/07 03:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\dir
[2014/12/07 03:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\cd
[2014/12/07 01:28:52 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 01:28:52 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 01:27:57 | 000,886,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/07 01:27:57 | 000,721,556 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/07 01:27:57 | 000,173,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/07 01:22:48 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 01:21:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/07 01:21:39 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/07 01:12:55 | 000,583,742 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/12/06 06:29:27 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/12/06 04:56:56 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/06 04:18:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/12/06 04:18:47 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2014/12/06 04:18:47 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2014/12/06 04:18:46 | 000,033,240 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/12/06 00:24:24 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/12/06 00:24:21 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/12/06 00:24:21 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/12/05 23:57:26 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2014/12/04 18:58:40 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/04 18:58:35 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/04 18:58:35 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/04 18:58:35 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/04 15:25:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/12/03 01:34:50 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/12/03 01:26:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2014/11/30 19:19:50 | 000,007,618 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
[2014/11/28 15:11:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014/11/28 15:11:31 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2014/11/27 05:24:16 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/11/27 05:24:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/27 05:24:10 | 004,443,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/11/26 12:45:45 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/19 18:20:58 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/17 06:44:09 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2014/11/13 10:52:58 | 000,041,856 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2014/11/13 10:52:56 | 000,438,912 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2014/11/13 10:52:56 | 000,353,392 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2014/11/13 10:52:48 | 000,354,520 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2014/11/13 10:52:44 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2014/11/13 10:52:36 | 000,286,424 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2014/11/13 10:52:32 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2014/11/13 03:23:47 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/08 14:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/11/08 08:05:08 | 000,001,829 | ---- | M] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
========== Files Created - No Company Name ==========
[2014/12/07 03:22:31 | 000,000,000 | ---- | C] () -- C:\Windows\sfc
[2014/12/07 03:22:31 | 000,000,000 | ---- | C] () -- C:\Windows\dir
[2014/12/07 03:22:31 | 000,000,000 | ---- | C] () -- C:\Windows\cd
[2014/12/06 04:30:06 | 000,583,742 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/12/06 04:18:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/12/05 23:57:26 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2014/12/05 23:57:19 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/12/05 23:55:00 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/12/04 18:58:40 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/04 15:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/12/03 01:34:50 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/12/03 01:26:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/29 15:04:16 | 000,007,618 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
[2014/11/19 18:20:58 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/19 16:22:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/11/17 06:44:08 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/11/17 06:42:29 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/17 06:42:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/08 14:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/11/08 08:05:08 | 000,001,829 | ---- | C] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
[2014/11/08 08:05:08 | 000,001,815 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/09/29 18:14:43 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/29 16:25:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/09/29 16:04:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2014/09/29 16:04:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2014/09/29 16:04:13 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2014/09/29 16:04:13 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2014/09/29 16:04:13 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2014/09/29 15:52:26 | 000,000,030 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\fixcfg.ini
========== ZeroAccess Check ==========
[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 15:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 14:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Custom Scans ==========
< MD5 for: REGEDIT.EXE >
[2009/07/14 14:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 14:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 14:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 14:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\GEARAspi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DWrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files\CCleaner\CCleaner64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\iTunes\iTunesHelper.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe:$CmdTcID
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
#33
Posted 06 December 2014 - 09:10 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.
C:\Users\Julie-Anne>C:\Windows\system32\findstr /c:"[SR]" %windir%\Logs\CBS\CBS.
log
FINDSTR: Cannot open C:\Windows\Logs\CBS\CBS.log
C:\Users\Julie-Anne>
#34
Posted 06 December 2014 - 09:33 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
okay I ran the sfc command again here is the error log
and Repair transaction
2014-12-07 04:20:04, Info CSI 000001cd [SR] Verify complete
2014-12-07 04:20:05, Info CSI 000001ce [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:05, Info CSI 000001cf [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:07, Info CSI 000001d1 [SR] Verify complete
2014-12-07 04:20:08, Info CSI 000001d2 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:08, Info CSI 000001d3 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:11, Info CSI 000001d5 [SR] Verify complete
2014-12-07 04:20:11, Info CSI 000001d6 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:11, Info CSI 000001d7 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:19, Info CSI 000001d9 [SR] Verify complete
2014-12-07 04:20:19, Info CSI 000001da [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:19, Info CSI 000001db [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:21, Info CSI 000001dd [SR] Verify complete
2014-12-07 04:20:22, Info CSI 000001de [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:22, Info CSI 000001df [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:23, Info CSI 000001e1 [SR] Verify complete
2014-12-07 04:20:23, Info CSI 000001e2 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:23, Info CSI 000001e3 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:29, Info CSI 000001eb [SR] Verify complete
2014-12-07 04:20:30, Info CSI 000001ec [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:30, Info CSI 000001ed [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:37, Info CSI 000001ef [SR] Verify complete
2014-12-07 04:20:37, Info CSI 000001f0 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:37, Info CSI 000001f1 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:49, Info CSI 000001f3 [SR] Verify complete
2014-12-07 04:20:49, Info CSI 000001f4 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:49, Info CSI 000001f5 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:20:57, Info CSI 000001f7 [SR] Verify complete
2014-12-07 04:20:57, Info CSI 000001f8 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:57, Info CSI 000001f9 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:21:07, Info CSI 000001fb [SR] Verify complete
2014-12-07 04:21:07, Info CSI 000001fc [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:07, Info CSI 000001fd [SR] Beginning Verify
and Repair transaction
2014-12-07 04:21:20, Info CSI 00000200 [SR] Verify complete
2014-12-07 04:21:20, Info CSI 00000201 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:20, Info CSI 00000202 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:21:28, Info CSI 00000204 [SR] Verify complete
2014-12-07 04:21:28, Info CSI 00000205 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:28, Info CSI 00000206 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:21:37, Info CSI 00000208 [SR] Verify complete
2014-12-07 04:21:37, Info CSI 00000209 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:37, Info CSI 0000020a [SR] Beginning Verify
and Repair transaction
2014-12-07 04:21:56, Info CSI 0000020f [SR] Verify complete
2014-12-07 04:21:56, Info CSI 00000210 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:56, Info CSI 00000211 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:22:09, Info CSI 00000214 [SR] Verify complete
2014-12-07 04:22:10, Info CSI 00000215 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:10, Info CSI 00000216 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:22:20, Info CSI 0000021a [SR] Verify complete
2014-12-07 04:22:20, Info CSI 0000021b [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:20, Info CSI 0000021c [SR] Beginning Verify
and Repair transaction
2014-12-07 04:22:29, Info CSI 00000227 [SR] Verify complete
2014-12-07 04:22:29, Info CSI 00000228 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:29, Info CSI 00000229 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:22:42, Info CSI 00000230 [SR] Verify complete
2014-12-07 04:22:43, Info CSI 00000231 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:43, Info CSI 00000232 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:22:51, Info CSI 00000234 [SR] Verify complete
2014-12-07 04:22:52, Info CSI 00000235 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:52, Info CSI 00000236 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:23:03, Info CSI 0000023a [SR] Verify complete
2014-12-07 04:23:04, Info CSI 0000023b [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:04, Info CSI 0000023c [SR] Beginning Verify
and Repair transaction
2014-12-07 04:23:11, Info CSI 0000023e [SR] Verify complete
2014-12-07 04:23:11, Info CSI 0000023f [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:11, Info CSI 00000240 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:23:20, Info CSI 00000265 [SR] Verify complete
2014-12-07 04:23:21, Info CSI 00000266 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:21, Info CSI 00000267 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:23:37, Info CSI 00000269 [SR] Verify complete
2014-12-07 04:23:37, Info CSI 0000026a [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:37, Info CSI 0000026b [SR] Beginning Verify
and Repair transaction
2014-12-07 04:23:52, Info CSI 0000026d [SR] Verify complete
2014-12-07 04:23:53, Info CSI 0000026e [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:53, Info CSI 0000026f [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:07, Info CSI 00000271 [SR] Verify complete
2014-12-07 04:24:07, Info CSI 00000272 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:07, Info CSI 00000273 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:16, Info CSI 00000281 [SR] Verify complete
2014-12-07 04:24:17, Info CSI 00000282 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:17, Info CSI 00000283 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:26, Info CSI 00000285 [SR] Verify complete
2014-12-07 04:24:27, Info CSI 00000286 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:27, Info CSI 00000287 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:37, Info CSI 00000295 [SR] Verify complete
2014-12-07 04:24:37, Info CSI 00000296 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:37, Info CSI 00000297 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:41, Info CSI 00000299 [SR] Verify complete
2014-12-07 04:24:41, Info CSI 0000029a [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:41, Info CSI 0000029b [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:47, Info CSI 0000029d [SR] Verify complete
2014-12-07 04:24:47, Info CSI 0000029e [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:47, Info CSI 0000029f [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:57, Info CSI 000002a2 [SR] Verify complete
2014-12-07 04:24:57, Info CSI 000002a3 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:57, Info CSI 000002a4 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:24:59, Info CSI 000002a6 [SR] Verify complete
2014-12-07 04:24:59, Info CSI 000002a7 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:59, Info CSI 000002a8 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:25:06, Info CSI 000002aa [SR] Verify complete
2014-12-07 04:25:06, Info CSI 000002ab [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:06, Info CSI 000002ac [SR] Beginning Verify
and Repair transaction
2014-12-07 04:25:13, Info CSI 000002ae [SR] Verify complete
2014-12-07 04:25:14, Info CSI 000002af [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:14, Info CSI 000002b0 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:25:26, Info CSI 000002b2 [SR] Verify complete
2014-12-07 04:25:26, Info CSI 000002b3 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:26, Info CSI 000002b4 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:25:36, Info CSI 000002ce [SR] Verify complete
2014-12-07 04:25:36, Info CSI 000002cf [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:36, Info CSI 000002d0 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:26:00, Info CSI 000002d2 [SR] Verify complete
2014-12-07 04:26:00, Info CSI 000002d3 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:00, Info CSI 000002d4 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:26:10, Info CSI 000002d6 [SR] Verify complete
2014-12-07 04:26:10, Info CSI 000002d7 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:10, Info CSI 000002d8 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:26:17, Info CSI 000002da [SR] Verify complete
2014-12-07 04:26:17, Info CSI 000002db [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:17, Info CSI 000002dc [SR] Beginning Verify
and Repair transaction
2014-12-07 04:26:24, Info CSI 000002e0 [SR] Verify complete
2014-12-07 04:26:24, Info CSI 000002e1 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:24, Info CSI 000002e2 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:26:34, Info CSI 000002e4 [SR] Verify complete
2014-12-07 04:26:34, Info CSI 000002e5 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:34, Info CSI 000002e6 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:26:44, Info CSI 000002e8 [SR] Verify complete
2014-12-07 04:26:44, Info CSI 000002e9 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:44, Info CSI 000002ea [SR] Beginning Verify
and Repair transaction
2014-12-07 04:26:52, Info CSI 000002ec [SR] Verify complete
2014-12-07 04:26:52, Info CSI 000002ed [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:52, Info CSI 000002ee [SR] Beginning Verify
and Repair transaction
2014-12-07 04:27:01, Info CSI 000002f1 [SR] Verify complete
2014-12-07 04:27:01, Info CSI 000002f2 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:01, Info CSI 000002f3 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:27:09, Info CSI 000002f5 [SR] Verify complete
2014-12-07 04:27:10, Info CSI 000002f6 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:10, Info CSI 000002f7 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:27:19, Info CSI 000002f9 [SR] Verify complete
2014-12-07 04:27:19, Info CSI 000002fa [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:19, Info CSI 000002fb [SR] Beginning Verify
and Repair transaction
2014-12-07 04:27:27, Info CSI 000002fd [SR] Verify complete
2014-12-07 04:27:27, Info CSI 000002fe [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:27, Info CSI 000002ff [SR] Beginning Verify
and Repair transaction
2014-12-07 04:27:36, Info CSI 00000302 [SR] Verify complete
2014-12-07 04:27:36, Info CSI 00000303 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:36, Info CSI 00000304 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:27:44, Info CSI 00000306 [SR] Verify complete
2014-12-07 04:27:45, Info CSI 00000307 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:45, Info CSI 00000308 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:27:55, Info CSI 0000030a [SR] Verify complete
2014-12-07 04:27:56, Info CSI 0000030b [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:56, Info CSI 0000030c [SR] Beginning Verify
and Repair transaction
2014-12-07 04:28:06, Info CSI 0000030e [SR] Verify complete
2014-12-07 04:28:06, Info CSI 0000030f [SR] Verifying 41 (0x
0000000000000029) components
2014-12-07 04:28:06, Info CSI 00000310 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:28:08, Info CSI 00000312 [SR] Verify complete
2014-12-07 04:28:09, Info CSI 00000313 [SR] Repairing 1 comp
onents
2014-12-07 04:28:09, Info CSI 00000314 [SR] Beginning Verify
and Repair transaction
2014-12-07 04:28:09, Info CSI 00000315 [SR] Cannot repair me
mber file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info CSI 00000316 [SR] Cannot repair me
mber file [l:22{11}]"fsquirt.exe" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info CSI 00000317 [SR] Cannot repair me
mber file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info CSI 00000318 [SR] This component w
as referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1
.2.0.2732487-2_neutral_GDR"
2014-12-07 04:28:09, Info CSI 00000319 [SR] Cannot repair me
mber file [l:22{11}]"fsquirt.exe" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info CSI 0000031a [SR] This component w
as referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1
.2.0.2732487-2_neutral_GDR"
2014-12-07 04:28:09, Info CSI 0000031c [SR] Repair complete
2014-12-07 04:28:09, Info CSI 0000031d [SR] Committing trans
action
2014-12-07 04:28:09, Info CSI 00000321 [SR] Verify and Repai
r Transaction completed. All files and registry keys listed in this transaction
have been successfully repaired
C:\Windows\system32>
#35
Posted 06 December 2014 - 09:35 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
You missed the first command:
cd \windows
You will note your prompt still says C:\windows\system32> instead of C:\Windows>
Regedit should open a little window which says Registry Editor at the top. There are a lot of entries in the registry which do not have values. This is normal and if you do not know this you should stay away from regedit. It sounds like it is working anyway.
For SFC:
Copy the next two lines:
findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt notepad \windows\logs\cbs\junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear. If you don't see notepad then:
Hit Enter.
Copy and paste the text from notepad or if it is too big, just attach the file. If the file is empty then it has been too long since you ran SFC and you need to run it again then do the above.
#36
Posted 06 December 2014 - 09:47 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
The two files that are unfixable in sfc are related to bluetooth. Do you use bluetooth?
Checkmark the following checkboxes:
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
#37
Posted 06 December 2014 - 10:19 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
cd \windows
dir regedit.*
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.
C:\Windows\system32>cd \windows
C:\Windows>cd \windows
C:\Windows>
C:\Windows>dir regedit.*
Volume in drive C has no label.
Volume Serial Number is 8069-99CE
Directory of C:\Windows
14/07/2009 02:39 p.m. 427,008 regedit.exe
1 File(s) 427,008 bytes
0 Dir(s) 458,290,126,848 bytes free
C:\Windows>cd \windows
C:\Windows>
C:\Windows>cd \windows
C:\Windows>
C:\Windows>dir regedit.*
Volume in drive C has no label.
Volume Serial Number is 8069-99CE
Directory of C:\Windows
14/07/2009 02:39 p.m. 427,008 regedit.exe
1 File(s) 427,008 bytes
0 Dir(s) 458,289,922,048 bytes free
C:\Windows>
#39
Posted 06 December 2014 - 10:26 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
The two files that are unfixable in sfc are related to bluetooth. Do you use bluetooth?
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer Errors
- List Installed Programs
- List Devices
- List Users, Partitions and Memory size.
- List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
sorry where do I find these to checkmark???
#40
Posted 06 December 2014 - 10:30 AM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Sorry two lines weren't included in the post:
Please download MiniToolbox
http://www.bleepingc...oad/minitoolbox save it to your desktop and run it.
Checkmark the following checkboxes:
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
#41
Posted 06 December 2014 - 10:34 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
No I dont use blue tooth thankfully !!Is it fix able at all or no?
#42
Posted 06 December 2014 - 10:40 AM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
MiniToolBox by Farbar Version: 30-11-2014
Ran by Julie-Anne (administrator) on 07-12-2014 at 05:38:09
Running from "C:\Users\Julie-Anne\J&N (3)"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"network.proxy.type", 0
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global icmpredirects=enabled
popd
# End of IPv4 configuration
Windows IP Configuration
Host Name . . . . . . . . . . . . : Toshiba
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
Physical Address. . . . . . . . . : 00-FF-17-17-3B-31
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 20-7C-8F-25-12-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 60-EB-69-71-8D-B7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5db1:bc4c:dd7f:6438%13(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, 7 December 2014 1:21:48 a.m.
Lease Expires . . . . . . . . . . : Monday, 8 December 2014 1:21:48 a.m.
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 358673257
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-BA-81-DB-20-7C-8F-25-12-5F
DNS Servers . . . . . . . . . . . : 156.154.70.22
156.154.71.22
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 20-7C-8F-25-12-5F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{17173B31-09DD-4CE1-8E2D-CDB8E22AA74D}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:304c:1bdf:49cf:6367(Preferred)
Link-local IPv6 Address . . . . . : fe80::304c:1bdf:49cf:6367%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{7F001E65-5600-4D48-91AE-6F3CEEF12510}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.home:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{012A706E-5880-47D1-976B-B125E8710881}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 156.154.70.22
Name: google.com
Addresses: 2607:f8b0:4007:802::100e
74.125.224.68
74.125.224.66
74.125.224.64
74.125.224.67
74.125.224.71
74.125.224.78
74.125.224.72
74.125.224.69
74.125.224.73
74.125.224.70
74.125.224.65
Pinging google.com [74.125.224.68] with 32 bytes of data:
Reply from 74.125.224.68: bytes=32 time=184ms TTL=52
Reply from 74.125.224.68: bytes=32 time=165ms TTL=52
Ping statistics for 74.125.224.68:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 165ms, Maximum = 184ms, Average = 174ms
Server: UnKnown
Address: 156.154.70.22
Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
206.190.36.45
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=179ms TTL=46
Reply from 206.190.36.45: bytes=32 time=180ms TTL=46
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 179ms, Maximum = 180ms, Average = 179ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
15...00 ff 17 17 3b 31 ......TAP-Win32 Adapter V9
14...20 7c 8f 25 12 5f ......Microsoft Virtual WiFi Miniport Adapter
13...60 eb 69 71 8d b7 ......Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
11...20 7c 8f 25 12 5f ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:9d38:6ab8:304c:1bdf:49cf:6367/128
On-link
13 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::304c:1bdf:49cf:6367/128
On-link
13 276 fe80::5db1:bc4c:dd7f:6438/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
13 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/07/2014 02:40:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: dragon.exe, version: 36.1.1.21, time stamp: 0x5477224b
Faulting module name: dragon_s.dll, version: 36.1.1.21, time stamp: 0x54772216
Exception code: 0x80000003
Fault offset: 0x004c1970
Faulting process id: 0x894
Faulting application start time: 0xdragon.exe0
Faulting application path: dragon.exe1
Faulting module path: dragon.exe2
Report Id: dragon.exe3
Error: (12/07/2014 01:23:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 09:05:46 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2340436
Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2340436
Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2339438
Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2339438
Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2014 05:02:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4352
System errors:
=============
Error: (12/07/2014 01:21:49 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (12/06/2014 09:05:09 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (12/06/2014 10:23:12 AM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (12/06/2014 10:22:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/06/2014 10:22:42 AM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (12/06/2014 10:22:10 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (12/06/2014 04:32:37 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (12/05/2014 11:22:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (12/05/2014 11:22:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/05/2014 11:22:11 PM) (Source: Service Control Manager) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Microsoft Office Sessions:
=========================
Error: (12/07/2014 02:40:38 AM) (Source: Application Error)(User: )
Description: dragon.exe36.1.1.215477224bdragon_s.dll36.1.1.215477221680000003004c197089401d0114f3c20827bC:\Program Files (x86)\Comodo\Dragon\dragon.exeC:\Program Files (x86)\Comodo\Dragon\dragon_s.dll75f98354-7d4d-11e4-835b-60eb69718db7
Error: (12/07/2014 01:23:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 09:05:46 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2340436
Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2340436
Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2339438
Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2339438
Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (12/06/2014 05:02:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4352
=========================== Installed Programs ============================
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
OpenVPN Tap Adapter 9.0.0.8 (HKLM-x32\...\OpenVPN Tap Adapter) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.10.4 - Synaptics Incorporated)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
Windows Driver Package - TOSHIBA (QIOMem) System (06/02/2009 2) (HKLM\...\49D2EFB4A8A60E26073C303D72445B7C1A0D6729) (Version: 06/02/2009 2 - TOSHIBA)
Windows Driver Package - TOSHIBA (TVALZ) System (07/14/2009 2.0.0.3) (HKLM\...\431B595EBA877CE1D3E3A48B287D4E74DA9EE7D2) (Version: 07/14/2009 2.0.0.3 - TOSHIBA)
========================= Devices: ================================
Name: HL-DT-ST BDDVDRW CT40N ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
========================= Memory info: ===================================
Percentage of memory in use: 76%
Total physical RAM: 3893.86 MB
Available physical RAM: 907.09 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 3955.45 MB
Total Virtual: 4095.88 MB
Available Virtual: 3970.68 MB
========================= Partitions: =====================================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:426.83 GB) NTFS
========================= Users: ========================================
User accounts for \\TOSHIBA
Administrator Guest Julie-Anne
========================= Minidump Files ==================================
No minidump file found
**** End of log ****
#43
Posted 06 December 2014 - 05:59 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Copy the next three lines:
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /s > \junk.txt
reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom /s >> \junk.txt
notepad \junk.txt
Start, All Programs, Accessories then right click on Command Prompt and Run AS ADmin. Continue/Yes and the window should open. REight click and Paste or Edit then Paste and the copied lines should appear. If notepad doesn't open automatically, hit Enter. Copy and paste the text into a reply.
#44
Posted 06 December 2014 - 06:05 PM
angel959
- Topic Starter
-
- Member
-
- 38 posts
Member
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
Class REG_SZ CDROM
ClassDesc REG_SZ @%SystemRoot%\System32\StorProp.dll,-17001
(Default) REG_SZ DVD/CD-ROM drives
IconPath REG_MULTI_SZ %SystemRoot%\System32\imageres.dll,-30
Installer32 REG_SZ storprop.dll,DvdClassInstaller
EnumPropPages32 REG_SZ storprop.dll,DvdPropPageProvider
SilentInstall REG_SZ 1
NoInstallClass REG_SZ 1
UpperFilters REG_MULTI_SZ GEARAspiWDM
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000
InfPath REG_SZ cdrom.inf
InfSection REG_SZ cdrom_install
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 00808CA3C594C601
DriverDate REG_SZ 6-21-2006
DriverVersion REG_SZ 6.1.7601.17514
MatchingDeviceId REG_SZ gencdrom
DriverDesc REG_SZ CD-ROM Drive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001
InfPath REG_SZ cdrom.inf
InfSection REG_SZ cdrom_install
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 00808CA3C594C601
DriverDate REG_SZ 6-21-2006
DriverVersion REG_SZ 6.1.7601.17514
MatchingDeviceId REG_SZ gencdrom
DriverDesc REG_SZ CD-ROM Drive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0002
InfPath REG_SZ cdrom.inf
InfSection REG_SZ cdrom_install
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 00808CA3C594C601
DriverDate REG_SZ 6-21-2006
DriverVersion REG_SZ 6.1.7601.17514
MatchingDeviceId REG_SZ gencdrom
DriverDesc REG_SZ CD-ROM Drive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0003
InfPath REG_SZ cdrom.inf
InfSection REG_SZ cdrom_install
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 00808CA3C594C601
DriverDate REG_SZ 6-21-2006
DriverVersion REG_SZ 6.1.7601.17514
MatchingDeviceId REG_SZ gencdrom
DriverDesc REG_SZ CD-ROM Drive
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom
Start REG_DWORD 0x1
Type REG_DWORD 0x1
ErrorControl REG_DWORD 0x1
ImagePath REG_EXPAND_SZ system32\DRIVERS\cdrom.sys
DisplayName REG_SZ CD-ROM Driver
Group REG_SZ SCSI CDROM Class
DriverPackageId REG_SZ cdrom.inf_amd64_neutral_8363d00ecae4322d
AutoRun REG_DWORD 0x1
AutoRunAlwaysDisable REG_MULTI_SZ NEC MBR-7 \0NEC MBR-7.4 \0PIONEER CHANGR DRM-1804X\0PIONEER CD-ROM DRM-6324X\0PIONEER CD-ROM DRM-624X \0TORiSAN CD-ROM CDR_C36
Tag REG_DWORD 0x3
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom\Parameters\Wdf
WdfMajorVersion REG_DWORD 0x1
WdfMinorVersion REG_DWORD 0x9
TimeOfLastSqmLog REG_QWORD 0x1d010446795fe82
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom\Enum
0 REG_SZ IDE\CdRomHL-DT-ST_BDDVDRW_CT40N__________________1.00____\5&38d1f008&0&1.0.0
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
#45
Posted 06 December 2014 - 06:18 PM
RKinner
-
- Expert
-
- 24,625 posts
Malware Expert
Copy the next line:
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}" /v UpperFilters
Start, All Programs, Accessories then right click on Command Prompt and Run AS Admin. Continue/Yes and the window should open. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.
If you don't get an error then it worked. Go in to Device Manager and uninstall the DVD/CD player and reboot. It should find it and hopefully install the CDROM correctly this time. If this works then the cause of the problem was iTunes. There is a lot on the internet about iTunes breaking CDROMs by installing an UpperFilter called GEARAspiWDM
Similar Topics
Also tagged with one or more of these keywords: hacked, rootkits.hijack software, malware viruses
![Possibly infected Homegroup? [Closed] - last post by dbreeze](https://www.geekstogo.com/forum/uploads/profile/photo-thumb-383089.jpg?_r=1438500019)
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
