Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP PLEASE!COMPUTER BEING ATTACKED THROUGH IP

hacked rootkits.hijack software malware viruses

  • Please log in to reply

#31
angel959

angel959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

file.JPG      here is that screen shot I used the basic uploader never had to do that before!!!

 

 

scratch that I got you now... copied and pasted into OTC and running scan now


Edited by angel959, 06 December 2014 - 09:04 AM.

  • 0

Advertisements


#32
angel959

angel959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
OTL logfile created on: 7/12/2014 3:50:01 a.m. - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Julie-Anne\J&N (3)
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
 
3.80 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 37.04% Memory free
7.60 Gb Paging File | 4.74 Gb Available in Paging File | 62.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 428.14 Gb Free Space | 91.94% Space Free | Partition Type: NTFS
 
Computer Name: TOSHIBA | User Name: Julie-Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/06 00:24:21 | 000,725,696 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
PRC - [2014/12/06 00:24:18 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2014/12/04 21:01:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie-Anne\J&N (3)\OTL.exe
PRC - [2014/11/17 06:42:25 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/08 08:05:06 | 001,514,040 | ---- | M] (Spotify Ltd) -- C:\Users\Julie-Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/28 02:42:36 | 000,879,808 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libGLESv2.dll
MOD - [2014/11/28 02:34:18 | 000,956,608 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
MOD - [2014/11/28 02:33:18 | 000,134,848 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libEGL.dll
MOD - [2014/10/11 13:06:16 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/10/11 13:05:58 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/13 10:52:58 | 007,615,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV:64bit: - [2014/11/13 10:52:22 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:64bit: - [2014/11/06 16:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 18:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/12/06 03:47:03 | 001,900,400 | ---- | M] (Electronic Arts) [On_Demand | Stopped] -- C:\Program Files (x86)\Origin\OriginClientService.exe -- (Origin Client Service)
SRV - [2014/12/06 00:24:18 | 002,370,240 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2014/12/03 00:56:33 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/27 05:24:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 22:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/21 11:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/02/11 13:45:52 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/11/21 16:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/02 15:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/19 00:54:52 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2013/02/07 00:24:06 | 000,469,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/02/07 00:24:04 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/24 03:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/24 03:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/04 19:27:34 | 001,226,344 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/03/11 19:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 19:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 10:10:41 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/30 23:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/02/27 12:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 20:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/15 18:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
DRV:64bit: - [2009/06/11 10:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 10:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 10:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=u159
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.bing.com/...com/?ocid=iehp"
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U159&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/10/29 22:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Extensions
[2014/12/05 23:48:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions
[2014/11/09 12:05:50 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2014/11/18 23:14:10 | 000,000,000 | ---D | M] (Pinterest Pin Button) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}
[2014/10/30 05:15:13 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\Firefox\Profiles\hyouixo8.default\extensions\[email protected]
[2014/11/27 01:18:35 | 000,014,177 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\bookmarkbackups\bookmarks-2014-11-27_110_i+XpIq03NUG9QGp2E+pWBw==.jsonlz4
[2014/11/19 23:14:11 | 000,644,339 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
[2014/11/03 13:27:26 | 000,024,427 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\[email protected]
[2014/11/13 22:40:40 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Julie-Anne\AppData\Roaming\mozilla\firefox\profiles\hyouixo8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/12/02 12:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/02 12:55:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_B8496BBA784EBCAF5D2F844CFA06FB4E] C:\Program Files (x86)\Comodo\Dragon\dragon.exe (Comodo)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Julie-Anne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{012A706E-5880-47D1-976B-B125E8710881}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{155FA928-5952-46C4-BF8B-0F1B21A48CC5}: NameServer = 156.154.70.22,156.154.71.22
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\TSpkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\TSpkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d27d13cc-4830-11e4-a974-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/06 06:29:27 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/12/06 04:30:27 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2014/12/06 04:29:53 | 000,000,000 | ---D | C] -- C:\RMVFLTR.TEMP
[2014/12/06 04:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/12/06 04:18:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/12/06 04:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/12/06 04:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/12/06 04:17:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/12/06 04:17:52 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2014/12/05 23:54:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Comodo
[2014/12/05 23:54:55 | 000,057,096 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/12/05 23:54:55 | 000,048,392 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/12/05 23:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2014/12/04 21:16:14 | 000,000,000 | ---D | C] -- C:\FRST
[2014/12/04 19:30:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/12/04 19:25:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/12/04 19:00:55 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/04 18:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/12/04 18:58:35 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/04 18:58:35 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/04 18:58:35 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/04 14:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82805
[2014/12/04 14:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2014/12/04 14:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2014/12/04 14:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/12/04 14:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2014/12/04 14:05:02 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\TestApp
[2014/12/03 05:11:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Comodo
[2014/12/03 01:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2014/12/03 01:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/12/03 00:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced-System Protector
[2014/12/02 02:05:33 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/12/01 12:09:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\COMODO REDUNDANT DETECTIONS
[2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Deployment
[2014/12/01 05:35:21 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apps
[2014/12/01 05:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tap0901
[2014/11/30 17:41:01 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Diagnostics
[2014/11/29 14:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/29 14:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/28 15:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2014/11/28 15:11:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014/11/28 15:11:31 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2014/11/28 03:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/11/28 03:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/11/28 02:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared Space
[2014/11/28 02:54:33 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2014/11/28 02:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2014/11/28 02:51:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/11/27 17:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/11/27 17:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/11/27 05:24:10 | 004,443,312 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/11/26 12:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/11/26 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/26 12:46:17 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/26 12:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/11/26 12:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/11/26 12:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/11/23 09:54:43 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Various_Artists_-_Death_Row_Greatest_Hits_Disc_2_(1996)_320_-_HIPHOPISDREAM.COM
[2014/11/20 03:30:59 | 000,000,000 | -HSD | C] -- C:\Users\Julie-Anne\AppData\Local\EmieBrowserModeList
[2014/11/19 18:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2014/11/19 18:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/11/19 18:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Apple Computer
[2014/11/19 16:24:59 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple Computer
[2014/11/19 16:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/11/19 16:23:00 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Apple
[2014/11/19 16:22:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/11/19 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2014/11/19 16:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/11/19 16:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2014/11/17 08:33:56 | 000,000,000 | ---D | C] -- C:\NPE
[2014/11/17 08:30:38 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\NPE
[2014/11/17 06:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/11/17 06:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/11/17 06:42:17 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Google
[2014/11/14 07:03:40 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Programs
[2014/11/13 10:53:14 | 000,021,304 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2014/11/13 10:52:58 | 000,041,856 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2014/11/13 10:52:56 | 000,438,912 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2014/11/13 10:52:56 | 000,353,392 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2014/11/13 10:52:48 | 000,354,520 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2014/11/13 10:52:44 | 000,045,784 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2014/11/13 10:52:36 | 000,286,424 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2014/11/13 10:52:32 | 000,040,664 | ---- | C] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2014/11/12 15:32:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/11/12 15:32:59 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/12 15:32:59 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/12 15:32:57 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/12 15:32:56 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/12 15:32:56 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/12 15:32:52 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/12 15:32:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/12 15:32:52 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/12 15:32:52 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/12 15:32:52 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/12 15:32:52 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/12 15:32:52 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/12 15:32:52 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/12 15:32:51 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/12 15:32:50 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/12 15:32:50 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/12 15:32:50 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/12 15:32:49 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/12 15:32:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/12 15:32:49 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/12 15:32:49 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/12 15:32:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/12 15:32:49 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/12 15:32:49 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/12 15:32:48 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/12 15:32:48 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/12 15:32:47 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/12 15:32:47 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/12 15:32:46 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/12 15:32:46 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/12 15:32:46 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/12 15:32:46 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/12 15:32:45 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/12 15:32:45 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/12 15:32:44 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/12 15:32:44 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/12 15:32:44 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/12 15:32:44 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/12 15:32:43 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/12 15:32:43 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/12 15:31:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/12 15:30:59 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/12 15:30:59 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/12 15:30:57 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/12 15:30:57 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/12 15:30:57 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/12 15:30:57 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/12 15:30:57 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/12 15:30:55 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/12 15:30:47 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/12 15:30:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/12 15:30:45 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/11/12 15:30:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/11/11 13:43:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/11/11 06:30:51 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\J&N (6)\Tenancy Docs
[2014/11/08 15:21:50 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\ElevatedDiagnostics
[2014/11/08 08:05:09 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Spotify
[2014/11/08 08:03:44 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\Spotify
[2014/11/07 14:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA
[2014/11/07 14:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2014/11/07 14:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
[2014/11/07 14:22:08 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\InstallShield
[2014/11/07 14:21:04 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Local\Downloaded Installations
[2014/11/07 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Julie-Anne\AppData\Roaming\WinBatch
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/07 03:51:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/12/07 03:47:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/07 03:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/07 03:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\sfc
[2014/12/07 03:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\dir
[2014/12/07 03:22:31 | 000,000,000 | ---- | M] () -- C:\Windows\cd
[2014/12/07 01:28:52 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 01:28:52 | 000,029,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/07 01:27:57 | 000,886,760 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/07 01:27:57 | 000,721,556 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/07 01:27:57 | 000,173,820 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/07 01:22:48 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/07 01:21:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/07 01:21:39 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/07 01:12:55 | 000,583,742 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/12/06 06:29:27 | 001,643,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2014/12/06 04:56:56 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/06 04:18:50 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/12/06 04:18:47 | 000,125,872 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2014/12/06 04:18:47 | 000,106,928 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2014/12/06 04:18:46 | 000,033,240 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2014/12/06 00:24:24 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/12/06 00:24:21 | 000,057,096 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2014/12/06 00:24:21 | 000,048,392 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2014/12/05 23:57:26 | 000,001,888 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2014/12/04 18:58:40 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/04 18:58:35 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/12/04 18:58:35 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/12/04 18:58:35 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/12/04 15:25:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/12/03 01:34:50 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/12/03 01:26:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/12/01 05:34:21 | 000,033,328 | ---- | M] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2014/11/30 19:19:50 | 000,007,618 | ---- | M] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
[2014/11/28 15:11:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2014/11/28 15:11:31 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2014/11/27 05:24:16 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/11/27 05:24:16 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/27 05:24:10 | 004,443,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2014/11/26 12:45:45 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/11/19 18:20:58 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/17 06:44:09 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/11/13 10:53:14 | 000,021,304 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2014/11/13 10:52:58 | 000,041,856 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2014/11/13 10:52:56 | 000,438,912 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2014/11/13 10:52:56 | 000,353,392 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2014/11/13 10:52:48 | 000,354,520 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2014/11/13 10:52:44 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll
[2014/11/13 10:52:36 | 000,286,424 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2014/11/13 10:52:32 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll
[2014/11/13 03:23:47 | 000,267,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/08 14:44:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/11/08 08:05:08 | 000,001,829 | ---- | M] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
 
========== Files Created - No Company Name ==========
 
[2014/12/07 03:22:31 | 000,000,000 | ---- | C] () -- C:\Windows\sfc
[2014/12/07 03:22:31 | 000,000,000 | ---- | C] () -- C:\Windows\dir
[2014/12/07 03:22:31 | 000,000,000 | ---- | C] () -- C:\Windows\cd
[2014/12/06 04:30:06 | 000,583,742 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2014/12/06 04:18:50 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/12/05 23:57:26 | 000,001,888 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2014/12/05 23:57:19 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/12/05 23:55:00 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2014/12/04 18:58:40 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/04 15:25:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2014/12/03 01:34:50 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2014/12/03 01:26:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/29 15:04:16 | 000,007,618 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Local\resmon.resmoncfg
[2014/11/19 18:20:58 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/11/19 16:22:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/11/17 06:44:08 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/11/17 06:42:29 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/17 06:42:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/08 14:44:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2014/11/08 08:05:08 | 000,001,829 | ---- | C] () -- C:\Users\Julie-Anne\J&N (2)\Spotify.lnk
[2014/11/08 08:05:08 | 000,001,815 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2014/09/29 18:14:43 | 000,765,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/29 16:25:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/09/29 16:04:15 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2014/09/29 16:04:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2014/09/29 16:04:13 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2014/09/29 16:04:13 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2014/09/29 16:04:13 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2014/09/29 15:52:26 | 000,000,030 | ---- | C] () -- C:\Users\Julie-Anne\AppData\Roaming\fixcfg.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 15:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 14:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 14:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 14:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 14:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 14:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\GEARAspi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DWrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files\CCleaner\CCleaner64.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\iTunes\iTunesHelper.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Program Files (x86)\Comodo\Dragon\dragon.exe:$CmdTcID
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
 
< End of report >

  • 0

#33
angel959

angel959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation.  All rights reserved.
 
C:\Users\Julie-Anne>C:\Windows\system32\findstr /c:"[SR]" %windir%\Logs\CBS\CBS.
log
FINDSTR: Cannot open C:\Windows\Logs\CBS\CBS.log
 
C:\Users\Julie-Anne>

  • 0

#34
angel959

angel959

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

okay I ran the sfc command again here is the error log

 

 and Repair transaction

2014-12-07 04:20:04, Info                  CSI    000001cd [SR] Verify complete
2014-12-07 04:20:05, Info                  CSI    000001ce [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:05, Info                  CSI    000001cf [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:07, Info                  CSI    000001d1 [SR] Verify complete
2014-12-07 04:20:08, Info                  CSI    000001d2 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:08, Info                  CSI    000001d3 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:11, Info                  CSI    000001d5 [SR] Verify complete
2014-12-07 04:20:11, Info                  CSI    000001d6 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:11, Info                  CSI    000001d7 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:19, Info                  CSI    000001d9 [SR] Verify complete
2014-12-07 04:20:19, Info                  CSI    000001da [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:19, Info                  CSI    000001db [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:21, Info                  CSI    000001dd [SR] Verify complete
2014-12-07 04:20:22, Info                  CSI    000001de [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:22, Info                  CSI    000001df [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:23, Info                  CSI    000001e1 [SR] Verify complete
2014-12-07 04:20:23, Info                  CSI    000001e2 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:23, Info                  CSI    000001e3 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:29, Info                  CSI    000001eb [SR] Verify complete
2014-12-07 04:20:30, Info                  CSI    000001ec [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:30, Info                  CSI    000001ed [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:37, Info                  CSI    000001ef [SR] Verify complete
2014-12-07 04:20:37, Info                  CSI    000001f0 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:37, Info                  CSI    000001f1 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:49, Info                  CSI    000001f3 [SR] Verify complete
2014-12-07 04:20:49, Info                  CSI    000001f4 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:49, Info                  CSI    000001f5 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:20:57, Info                  CSI    000001f7 [SR] Verify complete
2014-12-07 04:20:57, Info                  CSI    000001f8 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:20:57, Info                  CSI    000001f9 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:21:07, Info                  CSI    000001fb [SR] Verify complete
2014-12-07 04:21:07, Info                  CSI    000001fc [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:07, Info                  CSI    000001fd [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:21:20, Info                  CSI    00000200 [SR] Verify complete
2014-12-07 04:21:20, Info                  CSI    00000201 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:20, Info                  CSI    00000202 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:21:28, Info                  CSI    00000204 [SR] Verify complete
2014-12-07 04:21:28, Info                  CSI    00000205 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:28, Info                  CSI    00000206 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:21:37, Info                  CSI    00000208 [SR] Verify complete
2014-12-07 04:21:37, Info                  CSI    00000209 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:37, Info                  CSI    0000020a [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:21:56, Info                  CSI    0000020f [SR] Verify complete
2014-12-07 04:21:56, Info                  CSI    00000210 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:21:56, Info                  CSI    00000211 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:22:09, Info                  CSI    00000214 [SR] Verify complete
2014-12-07 04:22:10, Info                  CSI    00000215 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:10, Info                  CSI    00000216 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:22:20, Info                  CSI    0000021a [SR] Verify complete
2014-12-07 04:22:20, Info                  CSI    0000021b [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:20, Info                  CSI    0000021c [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:22:29, Info                  CSI    00000227 [SR] Verify complete
2014-12-07 04:22:29, Info                  CSI    00000228 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:29, Info                  CSI    00000229 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:22:42, Info                  CSI    00000230 [SR] Verify complete
2014-12-07 04:22:43, Info                  CSI    00000231 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:43, Info                  CSI    00000232 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:22:51, Info                  CSI    00000234 [SR] Verify complete
2014-12-07 04:22:52, Info                  CSI    00000235 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:22:52, Info                  CSI    00000236 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:23:03, Info                  CSI    0000023a [SR] Verify complete
2014-12-07 04:23:04, Info                  CSI    0000023b [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:04, Info                  CSI    0000023c [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:23:11, Info                  CSI    0000023e [SR] Verify complete
2014-12-07 04:23:11, Info                  CSI    0000023f [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:11, Info                  CSI    00000240 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:23:20, Info                  CSI    00000265 [SR] Verify complete
2014-12-07 04:23:21, Info                  CSI    00000266 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:21, Info                  CSI    00000267 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:23:37, Info                  CSI    00000269 [SR] Verify complete
2014-12-07 04:23:37, Info                  CSI    0000026a [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:37, Info                  CSI    0000026b [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:23:52, Info                  CSI    0000026d [SR] Verify complete
2014-12-07 04:23:53, Info                  CSI    0000026e [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:23:53, Info                  CSI    0000026f [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:07, Info                  CSI    00000271 [SR] Verify complete
2014-12-07 04:24:07, Info                  CSI    00000272 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:07, Info                  CSI    00000273 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:16, Info                  CSI    00000281 [SR] Verify complete
2014-12-07 04:24:17, Info                  CSI    00000282 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:17, Info                  CSI    00000283 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:26, Info                  CSI    00000285 [SR] Verify complete
2014-12-07 04:24:27, Info                  CSI    00000286 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:27, Info                  CSI    00000287 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:37, Info                  CSI    00000295 [SR] Verify complete
2014-12-07 04:24:37, Info                  CSI    00000296 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:37, Info                  CSI    00000297 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:41, Info                  CSI    00000299 [SR] Verify complete
2014-12-07 04:24:41, Info                  CSI    0000029a [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:41, Info                  CSI    0000029b [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:47, Info                  CSI    0000029d [SR] Verify complete
2014-12-07 04:24:47, Info                  CSI    0000029e [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:47, Info                  CSI    0000029f [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:57, Info                  CSI    000002a2 [SR] Verify complete
2014-12-07 04:24:57, Info                  CSI    000002a3 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:57, Info                  CSI    000002a4 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:24:59, Info                  CSI    000002a6 [SR] Verify complete
2014-12-07 04:24:59, Info                  CSI    000002a7 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:24:59, Info                  CSI    000002a8 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:25:06, Info                  CSI    000002aa [SR] Verify complete
2014-12-07 04:25:06, Info                  CSI    000002ab [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:06, Info                  CSI    000002ac [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:25:13, Info                  CSI    000002ae [SR] Verify complete
2014-12-07 04:25:14, Info                  CSI    000002af [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:14, Info                  CSI    000002b0 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:25:26, Info                  CSI    000002b2 [SR] Verify complete
2014-12-07 04:25:26, Info                  CSI    000002b3 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:26, Info                  CSI    000002b4 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:25:36, Info                  CSI    000002ce [SR] Verify complete
2014-12-07 04:25:36, Info                  CSI    000002cf [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:25:36, Info                  CSI    000002d0 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:26:00, Info                  CSI    000002d2 [SR] Verify complete
2014-12-07 04:26:00, Info                  CSI    000002d3 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:00, Info                  CSI    000002d4 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:26:10, Info                  CSI    000002d6 [SR] Verify complete
2014-12-07 04:26:10, Info                  CSI    000002d7 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:10, Info                  CSI    000002d8 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:26:17, Info                  CSI    000002da [SR] Verify complete
2014-12-07 04:26:17, Info                  CSI    000002db [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:17, Info                  CSI    000002dc [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:26:24, Info                  CSI    000002e0 [SR] Verify complete
2014-12-07 04:26:24, Info                  CSI    000002e1 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:24, Info                  CSI    000002e2 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:26:34, Info                  CSI    000002e4 [SR] Verify complete
2014-12-07 04:26:34, Info                  CSI    000002e5 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:34, Info                  CSI    000002e6 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:26:44, Info                  CSI    000002e8 [SR] Verify complete
2014-12-07 04:26:44, Info                  CSI    000002e9 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:44, Info                  CSI    000002ea [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:26:52, Info                  CSI    000002ec [SR] Verify complete
2014-12-07 04:26:52, Info                  CSI    000002ed [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:26:52, Info                  CSI    000002ee [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:27:01, Info                  CSI    000002f1 [SR] Verify complete
2014-12-07 04:27:01, Info                  CSI    000002f2 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:01, Info                  CSI    000002f3 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:27:09, Info                  CSI    000002f5 [SR] Verify complete
2014-12-07 04:27:10, Info                  CSI    000002f6 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:10, Info                  CSI    000002f7 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:27:19, Info                  CSI    000002f9 [SR] Verify complete
2014-12-07 04:27:19, Info                  CSI    000002fa [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:19, Info                  CSI    000002fb [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:27:27, Info                  CSI    000002fd [SR] Verify complete
2014-12-07 04:27:27, Info                  CSI    000002fe [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:27, Info                  CSI    000002ff [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:27:36, Info                  CSI    00000302 [SR] Verify complete
2014-12-07 04:27:36, Info                  CSI    00000303 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:36, Info                  CSI    00000304 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:27:44, Info                  CSI    00000306 [SR] Verify complete
2014-12-07 04:27:45, Info                  CSI    00000307 [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:45, Info                  CSI    00000308 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:27:55, Info                  CSI    0000030a [SR] Verify complete
2014-12-07 04:27:56, Info                  CSI    0000030b [SR] Verifying 100 (0
x0000000000000064) components
2014-12-07 04:27:56, Info                  CSI    0000030c [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:28:06, Info                  CSI    0000030e [SR] Verify complete
2014-12-07 04:28:06, Info                  CSI    0000030f [SR] Verifying 41 (0x
0000000000000029) components
2014-12-07 04:28:06, Info                  CSI    00000310 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:28:08, Info                  CSI    00000312 [SR] Verify complete
2014-12-07 04:28:09, Info                  CSI    00000313 [SR] Repairing 1 comp
onents
2014-12-07 04:28:09, Info                  CSI    00000314 [SR] Beginning Verify
 and Repair transaction
2014-12-07 04:28:09, Info                  CSI    00000315 [SR] Cannot repair me
mber file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info                  CSI    00000316 [SR] Cannot repair me
mber file [l:22{11}]"fsquirt.exe" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info                  CSI    00000317 [SR] Cannot repair me
mber file [l:22{11}]"bthenum.sys" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info                  CSI    00000318 [SR] This component w
as referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1
.2.0.2732487-2_neutral_GDR"
2014-12-07 04:28:09, Info                  CSI    00000319 [SR] Cannot repair me
mber file [l:22{11}]"fsquirt.exe" of bth.inf, Version = 6.1.7601.17889, pA = PRO
CESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicK
eyToken = {l:8 b:31bf3856ad364e35}, Type = [l:24{12}]"driverUpdate", TypeName ne
utral, PublicKey neutral in the store, file is missing
2014-12-07 04:28:09, Info                  CSI    0000031a [SR] This component w
as referenced by [l:154{77}]"Package_1_for_KB2732487~31bf3856ad364e35~amd64~~6.1
.2.0.2732487-2_neutral_GDR"
2014-12-07 04:28:09, Info                  CSI    0000031c [SR] Repair complete
2014-12-07 04:28:09, Info                  CSI    0000031d [SR] Committing trans
action
2014-12-07 04:28:09, Info                  CSI    00000321 [SR] Verify and Repai
r Transaction completed. All files and registry keys listed in this transaction
 have been successfully repaired
 
C:\Windows\system32>

  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

You missed the first command:

cd  \windows

You will note your prompt still says C:\windows\system32> instead of C:\Windows>

 

Regedit should open a little window which says Registry Editor at the top.  There are a lot of entries in the registry which do not have values.  This is normal and if you do not know this you should stay away from regedit.  It sounds like it is working anyway.

 

For SFC:

 

Copy the next two lines:

 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.  If you don't see notepad then:
Hit Enter.
 
Copy and paste the text from notepad or if it is too big, just attach the file.  If the file is empty then it has been too long since you ran SFC and you need to run it again then do the above.

  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

The two files that are unfixable in sfc are related to bluetooth.  Do you use bluetooth?

 

 
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    • 0

    #37
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    cd  \windows

    dir regedit
    .*

     

    Microsoft Windows [Version 6.1.7601]

    Copyright © 2009 Microsoft Corporation.  All rights reserved.
     
    C:\Windows\system32>cd  \windows
     
    C:\Windows>cd  \windows
     
    C:\Windows>
    C:\Windows>dir regedit.*
     Volume in drive C has no label.
     Volume Serial Number is 8069-99CE
     
     Directory of C:\Windows
     
    14/07/2009  02:39 p.m.           427,008 regedit.exe
                   1 File(s)        427,008 bytes
                   0 Dir(s)  458,290,126,848 bytes free
     
    C:\Windows>cd \windows
     
    C:\Windows>
    C:\Windows>cd  \windows
     
    C:\Windows>
    C:\Windows>dir regedit.*
     Volume in drive C has no label.
     Volume Serial Number is 8069-99CE
     
     Directory of C:\Windows
     
    14/07/2009  02:39 p.m.           427,008 regedit.exe
                   1 File(s)        427,008 bytes
                   0 Dir(s)  458,289,922,048 bytes free
     
    C:\Windows>

    • 0

    #38
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    Attached File  junk.txt   170.28KB   60 downloads


    • 0

    #39
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

     

    The two files that are unfixable in sfc are related to bluetooth.  Do you use bluetooth?

     

     
    Checkmark the following checkboxes:
    •  
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer Errors
    • List Installed Programs
    • List Devices
    • List Users, Partitions and Memory size.
    • List Minidump Files
     
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

     

    sorry where do I find these to checkmark???


    • 0

    #40
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    Sorry two lines weren't included in the post:

     

    Please download MiniToolbox
     
    http://www.bleepingc...oad/minitoolbox save it to your desktop and run it.
     

    Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
     

    • 0

    Advertisements


    #41
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts

    No I dont use blue tooth thankfully !!Is it fix able at all or no?


    • 0

    #42
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
    MiniToolBox by Farbar  Version: 30-11-2014
    Ran by Julie-Anne (administrator) on 07-12-2014 at 05:38:09
    Running from "C:\Users\Julie-Anne\J&N (3)"
    Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
    Boot Mode: Normal
    ***************************************************************************
     
    ========================= Flush DNS: ===================================
     
    Windows IP Configuration
     
    Successfully flushed the DNS Resolver Cache.
     
    ========================= IE Proxy Settings: ============================== 
     
    Proxy is not enabled.
    No Proxy Server is set.
     
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
     
    ========================= FF Proxy Settings: ============================== 
     
    "network.proxy.type", 0
     
    "Reset FF Proxy Settings": Firefox Proxy settings were reset.
     
    ========================= Hosts content: =================================
     
     
     
    ========================= IP Configuration: ================================
     
    Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
    Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Media disconnected)
    Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
    TAP-Win32 Adapter V9 = Local Area Connection 2 (Media disconnected)
     
     
    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
     
    reset
    set global icmpredirects=enabled
     
     
    popd
    # End of IPv4 configuration
     
     
     
    Windows IP Configuration
     
       Host Name . . . . . . . . . . . . : Toshiba
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : home
     
    Ethernet adapter Local Area Connection 2:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : TAP-Win32 Adapter V9
       Physical Address. . . . . . . . . : 00-FF-17-17-3B-31
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
     
    Wireless LAN adapter Wireless Network Connection 2:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
       Physical Address. . . . . . . . . : 20-7C-8F-25-12-5F
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
     
    Ethernet adapter Local Area Connection:
     
       Connection-specific DNS Suffix  . : home
       Description . . . . . . . . . . . : Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
       Physical Address. . . . . . . . . : 60-EB-69-71-8D-B7
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5db1:bc4c:dd7f:6438%13(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Sunday, 7 December 2014 1:21:48 a.m.
       Lease Expires . . . . . . . . . . : Monday, 8 December 2014 1:21:48 a.m.
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 358673257
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-BA-81-DB-20-7C-8F-25-12-5F
       DNS Servers . . . . . . . . . . . : 156.154.70.22
                                           156.154.71.22
       NetBIOS over Tcpip. . . . . . . . : Enabled
     
    Wireless LAN adapter Wireless Network Connection:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
       Physical Address. . . . . . . . . : 20-7C-8F-25-12-5F
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter isatap.{17173B31-09DD-4CE1-8E2D-CDB8E22AA74D}:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
     
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:304c:1bdf:49cf:6367(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::304c:1bdf:49cf:6367%12(Preferred) 
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled
     
    Tunnel adapter isatap.{7F001E65-5600-4D48-91AE-6F3CEEF12510}:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter isatap.home:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : home
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Tunnel adapter isatap.{012A706E-5880-47D1-976B-B125E8710881}:
     
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Server:  UnKnown
    Address:  156.154.70.22
     
    Name:    google.com
    Addresses:  2607:f8b0:4007:802::100e
     74.125.224.68
     74.125.224.66
     74.125.224.64
     74.125.224.67
     74.125.224.71
     74.125.224.78
     74.125.224.72
     74.125.224.69
     74.125.224.73
     74.125.224.70
     74.125.224.65
     
     
    Pinging google.com [74.125.224.68] with 32 bytes of data:
    Reply from 74.125.224.68: bytes=32 time=184ms TTL=52
    Reply from 74.125.224.68: bytes=32 time=165ms TTL=52
     
    Ping statistics for 74.125.224.68:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 165ms, Maximum = 184ms, Average = 174ms
    Server:  UnKnown
    Address:  156.154.70.22
     
    Name:    yahoo.com
    Addresses:  98.138.253.109
     98.139.183.24
     206.190.36.45
     
     
    Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
    Reply from 206.190.36.45: bytes=32 time=179ms TTL=46
    Reply from 206.190.36.45: bytes=32 time=180ms TTL=46
     
    Ping statistics for 206.190.36.45:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 179ms, Maximum = 180ms, Average = 179ms
     
    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
     
    Ping statistics for 127.0.0.1:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
     15...00 ff 17 17 3b 31 ......TAP-Win32 Adapter V9
     14...20 7c 8f 25 12 5f ......Microsoft Virtual WiFi Miniport Adapter
     13...60 eb 69 71 8d b7 ......Qualcomm Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
     11...20 7c 8f 25 12 5f ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
      1...........................Software Loopback Interface 1
     16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
     18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
     19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
    ===========================================================================
     
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     20
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.1.0    255.255.255.0         On-link       192.168.1.4    276
          192.168.1.4  255.255.255.255         On-link       192.168.1.4    276
        192.168.1.255  255.255.255.255         On-link       192.168.1.4    276
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link       192.168.1.4    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link       192.168.1.4    276
    ===========================================================================
    Persistent Routes:
      None
     
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     12     58 ::/0                     On-link
      1    306 ::1/128                  On-link
     12     58 2001::/32                On-link
     12    306 2001:0:9d38:6ab8:304c:1bdf:49cf:6367/128
                                        On-link
     13    276 fe80::/64                On-link
     12    306 fe80::/64                On-link
     12    306 fe80::304c:1bdf:49cf:6367/128
                                        On-link
     13    276 fe80::5db1:bc4c:dd7f:6438/128
                                        On-link
      1    306 ff00::/8                 On-link
     12    306 ff00::/8                 On-link
     13    276 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================
     
    Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
    Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
    x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
    x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
    x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
    x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
    x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
    x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
     
    ========================= Event log errors: ===============================
     
    Application errors:
    ==================
    Error: (12/07/2014 02:40:38 AM) (Source: Application Error) (User: )
    Description: Faulting application name: dragon.exe, version: 36.1.1.21, time stamp: 0x5477224b
    Faulting module name: dragon_s.dll, version: 36.1.1.21, time stamp: 0x54772216
    Exception code: 0x80000003
    Fault offset: 0x004c1970
    Faulting process id: 0x894
    Faulting application start time: 0xdragon.exe0
    Faulting application path: dragon.exe1
    Faulting module path: dragon.exe2
    Report Id: dragon.exe3
     
    Error: (12/07/2014 01:23:02 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (12/06/2014 09:05:46 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2340436
     
    Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2340436
     
    Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2339438
     
    Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2339438
     
    Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/06/2014 05:02:08 PM) (Source: Bonjour Service) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4352
     
     
    System errors:
    =============
    Error: (12/07/2014 01:21:49 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    cdrom
     
    Error: (12/06/2014 09:05:09 PM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    cdrom
     
    Error: (12/06/2014 10:23:12 AM) (Source: Service Control Manager) (User: )
    Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
    %%1056
     
    Error: (12/06/2014 10:22:42 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (12/06/2014 10:22:42 AM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated with service-specific error %%-1073473535.
     
    Error: (12/06/2014 10:22:10 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    cdrom
     
    Error: (12/06/2014 04:32:37 AM) (Source: Service Control Manager) (User: )
    Description: The following boot-start or system-start driver(s) failed to load: 
    cdrom
     
    Error: (12/05/2014 11:22:11 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
     
    Error: (12/05/2014 11:22:11 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
    Error: (12/05/2014 11:22:11 PM) (Source: Service Control Manager) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
     
     
    Microsoft Office Sessions:
    =========================
    Error: (12/07/2014 02:40:38 AM) (Source: Application Error)(User: )
    Description: dragon.exe36.1.1.215477224bdragon_s.dll36.1.1.215477221680000003004c197089401d0114f3c20827bC:\Program Files (x86)\Comodo\Dragon\dragon.exeC:\Program Files (x86)\Comodo\Dragon\dragon_s.dll75f98354-7d4d-11e4-835b-60eb69718db7
     
    Error: (12/07/2014 01:23:02 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (12/06/2014 09:05:46 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
    Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2340436
     
    Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2340436
     
    Error: (12/06/2014 05:41:04 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2339438
     
    Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2339438
     
    Error: (12/06/2014 05:41:03 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: Continuously busy for more than a second
     
    Error: (12/06/2014 05:02:08 PM) (Source: Bonjour Service)(User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4352
     
     
     
    =========================== Installed Programs ============================
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 15.0.0.293 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 36.1.1.21 - Comodo)
    COMODO Internet Security Premium (HKLM\...\{7B1A9CD1-B552-4FA7-BBC1-EDDEAB8855A7}) (Version: 8.0.0.4337 - COMODO Security Solutions Inc.)
    Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    iCloud (HKLM\...\{2AAF09D5-4B3F-4975-B6A9-ECE2631FC942}) (Version: 4.0.5.20 - Apple Inc.)
    Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2189 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Java Auto Updater (x32 Version: 2.8.25.18 - Oracle Corporation) Hidden
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
    OpenVPN Tap Adapter 9.0.0.8 (HKLM-x32\...\OpenVPN Tap Adapter) (Version:  - )
    Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
    Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.10.4 - Synaptics Incorporated)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    Windows Driver Package - TOSHIBA (QIOMem) System  (06/02/2009 2) (HKLM\...\49D2EFB4A8A60E26073C303D72445B7C1A0D6729) (Version: 06/02/2009 2 - TOSHIBA)
    Windows Driver Package - TOSHIBA (TVALZ) System  (07/14/2009 2.0.0.3) (HKLM\...\431B595EBA877CE1D3E3A48B287D4E74DA9EE7D2) (Version: 07/14/2009 2.0.0.3 - TOSHIBA)
     
    ========================= Devices: ================================
     
    Name: HL-DT-ST BDDVDRW CT40N ATA Device
    Description: CD-ROM Drive
    Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
    Manufacturer: (Standard CD-ROM drives)
    Service: cdrom
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
     
     
    ========================= Memory info: ===================================
     
    Percentage of memory in use: 76%
    Total physical RAM: 3893.86 MB
    Available physical RAM: 907.09 MB
    Total Pagefile: 7785.9 MB
    Available Pagefile: 3955.45 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3970.68 MB
     
    ========================= Partitions: =====================================
     
    1 Drive c: () (Fixed) (Total:465.66 GB) (Free:426.83 GB) NTFS
     
    ========================= Users: ========================================
     
    User accounts for \\TOSHIBA
     
    Administrator            Guest                    Julie-Anne               
     
    ========================= Minidump Files ==================================
     
    No minidump file found
     
     
    **** End of log ****

    • 0

    #43
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP
    Copy the next three lines:
     
    reg query  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318} /s > \junk.txt
    reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom /s >> \junk.txt
    notepad \junk.txt
     
     
    Start, All Programs, Accessories then right click on Command Prompt and Run AS ADmin.  Continue/Yes and the window should open.  REight click and Paste or Edit then Paste and the copied lines should appear.  If notepad doesn't open automatically, hit Enter.  Copy and paste the text into a reply.

    • 0

    #44
    angel959

    angel959

      Member

    • Topic Starter
    • Member
    • PipPip
    • 38 posts
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
        Class    REG_SZ    CDROM
        ClassDesc    REG_SZ    @%SystemRoot%\System32\StorProp.dll,-17001
        (Default)    REG_SZ    DVD/CD-ROM drives
        IconPath    REG_MULTI_SZ    %SystemRoot%\System32\imageres.dll,-30
        Installer32    REG_SZ    storprop.dll,DvdClassInstaller
        EnumPropPages32    REG_SZ    storprop.dll,DvdPropPageProvider
        SilentInstall    REG_SZ    1
        NoInstallClass    REG_SZ    1
        UpperFilters    REG_MULTI_SZ    GEARAspiWDM
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0000
        InfPath    REG_SZ    cdrom.inf
        InfSection    REG_SZ    cdrom_install
        ProviderName    REG_SZ    Microsoft
        DriverDateData    REG_BINARY    00808CA3C594C601
        DriverDate    REG_SZ    6-21-2006
        DriverVersion    REG_SZ    6.1.7601.17514
        MatchingDeviceId    REG_SZ    gencdrom
        DriverDesc    REG_SZ    CD-ROM Drive
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0001
        InfPath    REG_SZ    cdrom.inf
        InfSection    REG_SZ    cdrom_install
        ProviderName    REG_SZ    Microsoft
        DriverDateData    REG_BINARY    00808CA3C594C601
        DriverDate    REG_SZ    6-21-2006
        DriverVersion    REG_SZ    6.1.7601.17514
        MatchingDeviceId    REG_SZ    gencdrom
        DriverDesc    REG_SZ    CD-ROM Drive
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0002
        InfPath    REG_SZ    cdrom.inf
        InfSection    REG_SZ    cdrom_install
        ProviderName    REG_SZ    Microsoft
        DriverDateData    REG_BINARY    00808CA3C594C601
        DriverDate    REG_SZ    6-21-2006
        DriverVersion    REG_SZ    6.1.7601.17514
        MatchingDeviceId    REG_SZ    gencdrom
        DriverDesc    REG_SZ    CD-ROM Drive
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\0003
        InfPath    REG_SZ    cdrom.inf
        InfSection    REG_SZ    cdrom_install
        ProviderName    REG_SZ    Microsoft
        DriverDateData    REG_BINARY    00808CA3C594C601
        DriverDate    REG_SZ    6-21-2006
        DriverVersion    REG_SZ    6.1.7601.17514
        MatchingDeviceId    REG_SZ    gencdrom
        DriverDesc    REG_SZ    CD-ROM Drive
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom
        Start    REG_DWORD    0x1
        Type    REG_DWORD    0x1
        ErrorControl    REG_DWORD    0x1
        ImagePath    REG_EXPAND_SZ    system32\DRIVERS\cdrom.sys
        DisplayName    REG_SZ    CD-ROM Driver
        Group    REG_SZ    SCSI CDROM Class
        DriverPackageId    REG_SZ    cdrom.inf_amd64_neutral_8363d00ecae4322d
        AutoRun    REG_DWORD    0x1
        AutoRunAlwaysDisable    REG_MULTI_SZ    NEC     MBR-7   \0NEC     MBR-7.4 \0PIONEER CHANGR DRM-1804X\0PIONEER CD-ROM DRM-6324X\0PIONEER CD-ROM DRM-624X \0TORiSAN CD-ROM CDR_C36
        Tag    REG_DWORD    0x3
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom\Parameters
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom\Parameters\Wdf
        WdfMajorVersion    REG_DWORD    0x1
        WdfMinorVersion    REG_DWORD    0x9
        TimeOfLastSqmLog    REG_QWORD    0x1d010446795fe82
     
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom\Enum
        0    REG_SZ    IDE\CdRomHL-DT-ST_BDDVDRW_CT40N__________________1.00____\5&38d1f008&0&1.0.0
        Count    REG_DWORD    0x1
        NextInstance    REG_DWORD    0x1

    • 0

    #45
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,001 posts
    • MVP

    Copy the next line:

    reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}" /v UpperFilters
    Start, All Programs, Accessories then right click on Command Prompt and Run AS Admin.  Continue/Yes and the window should open.  Right click and Paste or Edit then Paste and the copied line should appear.  Hit Enter.
     
    If you don't get an error then it worked.  Go in to Device Manager and uninstall the DVD/CD player and reboot.  It should find it and hopefully install the CDROM correctly this time.  If this works then the cause of the problem was iTunes.  There is a lot on the internet about iTunes breaking CDROMs by installing an UpperFilter called GEARAspiWDM

    • 0






    Similar Topics


    Also tagged with one or more of these keywords: hacked, rootkits.hijack software, malware viruses

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP