tiffcj Posted January 19, 2015 ID:930641 Share Posted January 19, 2015 Hi: I've recently been experiencing redirects on both of my browsers (Internet Explorer and Chrome). When I click on a normal website, it first goes to a site with a URL like "...find-all-you-want.com..." which then redirects again to some random ad-like site. This happens randomly on many different websites (even this forum). I've cleared the history, caches and temporary files on my browsers which didn't help. I've also performed multiple scans with my antivirus software, ZoneAlarm, and found nothing. I fear that it's a malware or virus on my laptop because ever since I've been seeing the redirects I've also had several times where ZoneAlarm had to restart my computer because it said my computer has been infected with malware (and the restarting doesn't help - the redirects still keep coming back). Please, any help regarding the removal of it would be much appreciated. Thank you. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 19, 2015 ID:930734 Share Posted January 19, 2015 Hello, They call me TwinHeadedEagle around here, and I'll be working with you. Before we start please read and note the following:Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.Note that we may live in totally different time zones, what may cause some delays between answers.Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything unexpected happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
tiffcj Posted January 28, 2015 Author ID:933657 Share Posted January 28, 2015 Hi, thanks for replying and sorry for the late reply. Here are the FRST.txt and Addition.txt files: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01Ran by Tiffany Jiang (administrator) on TIFFANYJIANG-PC on 27-01-2015 23:35:22Running from C:\Users\Tiffany Jiang\DesktopLoaded Profiles: Tiffany Jiang (Available profiles: Tiffany Jiang)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe() C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\Dashlane.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE(Microsoft Corporation) C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Dropbox, Inc.) C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\Dropbox.exe(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe(DTS, Inc.) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Toshiba) C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X]HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-05-07] (Realtek Semiconductor)HKLM\...\Run: [batteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [293760 2013-02-20] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [997216 2013-05-07] (TOSHIBA Corporation)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [iSW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [933496 2014-03-27] (Check Point Software Technologies LTD)HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)HKLM-x32\...\Run: [DTS Sound] => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [1471296 2013-05-31] (DTS, Inc.)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [Dashlane] => C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-01-26] ()HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [Google Update] => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-07] (Google Inc.)HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [skyDrive] => C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [GoogleChromeAutoLaunch_21295BAD6B3744A840489D2CA39C020A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64"HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1"HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\CopyAgent.exe [15422096 2014-09-14] (Barracuda Networks, Inc.)Startup: C:\Users\Tiffany Jiang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Tiffany Jiang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\Tiffany Jiang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.comStartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHandler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No FileHosts: Hosts file not detected in the default directoryTcpip\Parameters: [DhcpNameServer] 192.168.2.1Tcpip\..\Interfaces\{3B567131-4E44-47AF-977B-FAB55DBFC4B6}: [NameServer] 8.8.8.8,8.8.8.8Tcpip\..\Interfaces\{7A7AB64B-0F07-4368-93DF-C79A043790A6}: [NameServer] 8.8.8.8,8.8.8.8 FireFox:========FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tiffany Jiang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @talk.google.com/O1DPlugin -> C:\Users\Tiffany Jiang\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Tiffany Jiang\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Tiffany Jiang\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) Chrome: =======CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://www.google.ca/"CHR Profile: C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-27]CHR Extension: (Google Docs) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]CHR Extension: (Google Drive) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]CHR Extension: (YouTube) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]CHR Extension: (Google Search) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]CHR Extension: (Google Calendar) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-02]CHR Extension: (Dashlane) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-07-05]CHR Extension: (Google Sheets) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-27]CHR Extension: (AdBlock) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-04]CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]CHR Extension: (Google Wallet) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]CHR Extension: (Evernote Web Clipper) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-05]CHR Extension: (Gmail) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]CHR HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-31] ()R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1133176 2014-03-27] (Check Point Software Technologies LTD)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3124360 2014-04-25] (Check Point Software Technologies Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation)R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-03-27] (Check Point Software Technologies LTD)R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-03-27] (Check Point Software Technologies LTD)R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] (Kaspersky Lab)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-04-03] (Qualcomm Atheros Co., Ltd.)R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1480776 2013-02-08] (Realtek Semiconductor Corporation )S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-11-01] (Windows ® Win 7 DDK provider)R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-02-06] (Synaptics Incorporated)R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)S3 clwvd6; system32\DRIVERS\clwvd6.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 23:35 - 2015-01-27 23:36 - 00028116 _____ () C:\Users\Tiffany Jiang\Desktop\FRST.txt2015-01-27 23:35 - 2015-01-27 23:35 - 00000000 ____D () C:\FRST2015-01-27 23:34 - 2015-01-27 23:34 - 02129920 _____ (Farbar) C:\Users\Tiffany Jiang\Desktop\FRST64.exe2015-01-27 23:29 - 2015-01-27 23:29 - 00017189 _____ () C:\Users\Tiffany Jiang\Desktop\hijackthistxt.txt2015-01-27 23:16 - 2015-01-27 23:16 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Local\SystemInfo2015-01-27 23:15 - 2015-01-27 23:15 - 01724416 _____ () C:\Users\Tiffany Jiang\Desktop\SystemInfo.exe2015-01-27 22:54 - 2015-01-27 22:54 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-01-27 22:53 - 2015-01-27 22:53 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-27 22:53 - 2015-01-27 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-27 22:53 - 2015-01-27 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-27 22:53 - 2015-01-27 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-27 22:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-01-27 22:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2015-01-27 22:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2015-01-27 22:51 - 2015-01-27 22:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tiffany Jiang\Desktop\mbam-setup-2.0.4.1028.exe2015-01-27 22:49 - 2015-01-27 23:29 - 00017189 _____ () C:\Users\Tiffany Jiang\Desktop\hijackthis.log2015-01-27 22:49 - 2015-01-27 22:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tiffany Jiang\Desktop\HijackThis.exe2015-01-27 22:35 - 2015-01-27 22:35 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe2015-01-27 22:35 - 2015-01-27 22:35 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool2015-01-27 22:34 - 2015-01-27 22:34 - 00753184 _____ () C:\Users\Tiffany Jiang\Desktop\Adware-Removal-Tool-v3.9.1.exe2015-01-27 22:32 - 2015-01-27 22:32 - 00000703 _____ () C:\Users\Tiffany Jiang\Desktop\JRT.txt2015-01-27 22:26 - 2015-01-27 22:26 - 00000000 ____D () C:\windows\ERUNT2015-01-27 22:16 - 2015-01-27 22:16 - 01707939 _____ (Thisisu) C:\Users\Tiffany Jiang\Desktop\JRT.exe2015-01-27 22:15 - 2015-01-27 22:15 - 00002061 _____ () C:\Users\Tiffany Jiang\Desktop\AdwCleaner[s0].txt2015-01-27 22:05 - 2015-01-27 22:20 - 00000000 ____D () C:\AdwCleaner2015-01-27 22:05 - 2015-01-27 22:05 - 02194432 _____ () C:\Users\Tiffany Jiang\Desktop\adwcleaner_4.109.exe2015-01-27 22:03 - 2015-01-27 22:03 - 00048663 _____ () C:\Users\Tiffany Jiang\Desktop\Result.txt2015-01-27 22:01 - 2015-01-27 22:01 - 00401920 _____ (Farbar) C:\Users\Tiffany Jiang\Desktop\MiniToolBox.exe2015-01-18 19:20 - 2015-01-18 19:20 - 00262144 _____ () C:\windows\system32\config\elam2015-01-17 19:30 - 2015-01-22 12:31 - 00000000 ____D () C:\Program Files (x86)\Java2015-01-17 19:30 - 2015-01-22 12:27 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2015-01-16 15:04 - 2015-01-16 15:04 - 00000000 ____D () C:\Users\Tiffany Jiang\Documents\Scratch Projects2015-01-13 17:50 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-01-13 17:50 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-01-13 17:50 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-01-13 17:50 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-01-13 17:50 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-01-13 17:50 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-01-13 17:50 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-01-13 17:32 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll2015-01-13 17:32 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2015-01-13 17:32 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe2015-01-13 17:32 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll2015-01-13 17:32 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll2015-01-13 17:32 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll2015-01-11 22:16 - 2015-01-11 22:16 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\edu.media.mit.Scratch2Editor2015-01-11 22:15 - 2015-01-11 22:15 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scratch 2.lnk2015-01-11 22:15 - 2015-01-11 22:15 - 00000000 ____D () C:\Program Files (x86)\Scratch 22015-01-11 22:10 - 2015-01-11 22:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia2015-01-11 22:10 - 2015-01-11 22:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia2015-01-11 22:07 - 2015-01-26 18:00 - 00000831 _____ () C:\Users\Tiffany Jiang\.drjava2015-01-11 22:06 - 2015-01-11 22:07 - 12977155 _____ () C:\Users\Tiffany Jiang\Desktop\drjava-stable-20140826-r5761.exe2015-01-11 22:05 - 2015-01-11 22:05 - 00000000 ____D () C:\ProgramData\Sun2015-01-11 22:04 - 2015-01-22 12:28 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll2015-01-11 22:04 - 2015-01-11 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-01-11 22:03 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Oracle2015-01-11 22:02 - 2015-01-22 12:30 - 00000000 ____D () C:\Program Files\Java2015-01-11 22:02 - 2015-01-11 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit2015-01-03 17:05 - 2015-01-03 17:05 - 00003270 _____ () C:\windows\System32\Tasks\{F4A42F3C-B6B7-4B32-A4FA-993AC3174FE7} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-27 23:24 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-27 23:24 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-27 23:11 - 2014-07-07 16:18 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000UA.job2015-01-27 23:11 - 2014-07-04 20:09 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-27 22:51 - 2013-11-14 01:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2015-01-27 22:28 - 2014-07-04 21:03 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Copy2015-01-27 22:28 - 2009-07-14 00:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI2015-01-27 22:25 - 2014-07-04 15:27 - 01472453 _____ () C:\windows\WindowsUpdate.log2015-01-27 22:22 - 2014-08-25 15:51 - 00000000 ___RD () C:\Users\Tiffany Jiang\OneDrive2015-01-27 22:22 - 2014-08-24 19:16 - 00000000 ___RD () C:\Users\Tiffany Jiang\Dropbox2015-01-27 22:22 - 2014-07-11 13:03 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox2015-01-27 22:21 - 2014-07-15 15:41 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Local\HTC MediaHub2015-01-27 22:21 - 2014-07-04 20:09 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-27 22:21 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-01-27 22:20 - 2014-11-22 20:13 - 00010361 _____ () C:\windows\setupact.log2015-01-27 22:20 - 2010-11-20 22:47 - 00364596 _____ () C:\windows\PFRO.log2015-01-27 21:51 - 2014-07-04 20:26 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane2015-01-27 21:49 - 2014-07-04 20:29 - 00002028 _____ () C:\Users\Tiffany Jiang\Desktop\Dashlane.lnk2015-01-27 21:48 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\uTorrent2015-01-27 21:44 - 2014-09-21 19:47 - 00000000 ____D () C:\Users\Tiffany Jiang\Documents\To Do2015-01-27 19:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF2015-01-27 12:51 - 2014-07-07 16:17 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000Core.job2015-01-26 22:13 - 2014-07-04 20:12 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-01-26 18:00 - 2014-07-04 15:24 - 00000000 ____D () C:\Users\Tiffany Jiang2015-01-26 17:14 - 2014-08-25 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-01-25 13:57 - 2014-12-21 02:53 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk2015-01-25 13:57 - 2014-08-10 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony2015-01-25 13:57 - 2014-07-04 15:47 - 00623274 _____ () C:\windows\DPINST.LOG2015-01-25 13:57 - 2013-11-14 01:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2015-01-25 02:45 - 2014-07-05 17:40 - 00000000 ____D () C:\Leisure2015-01-24 17:51 - 2013-11-14 01:56 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-01-24 17:51 - 2013-11-14 01:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-24 17:51 - 2013-11-14 01:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2015-01-23 22:24 - 2014-07-05 17:43 - 00000000 ____D () C:\University Applications2015-01-23 13:14 - 2014-07-04 18:23 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Skype2015-01-18 19:41 - 2009-07-14 00:08 - 00032648 _____ () C:\windows\Tasks\SCHEDLGU.TXT2015-01-17 22:41 - 2014-07-05 20:28 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\vlc2015-01-15 18:14 - 2014-09-14 21:23 - 00000000 ____D () C:\ProgramData\CanonIJPLM2015-01-15 00:18 - 2013-11-14 00:28 - 00766100 _____ () C:\windows\SysWOW64\PerfStringBackup.INI2015-01-14 15:36 - 2014-07-04 16:48 - 00000000 ____D () C:\windows\system32\MRT2015-01-14 15:16 - 2014-07-04 16:48 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-01-11 22:12 - 2014-07-04 15:28 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Adobe2015-01-11 22:12 - 2013-11-14 01:57 - 00000000 ____D () C:\ProgramData\Adobe2015-01-11 22:10 - 2014-07-04 18:24 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Local\Adobe2015-01-11 22:10 - 2013-11-14 01:57 - 00000000 ____D () C:\Program Files (x86)\Adobe2015-01-11 22:08 - 2014-07-05 17:39 - 00000000 ____D () C:\Grade 10 Assignments2015-01-09 14:07 - 2014-07-05 16:52 - 00000000 ____D () C:\University 3 Assignments2015-01-07 14:15 - 2014-07-04 15:29 - 00112344 _____ () C:\Users\Tiffany Jiang\AppData\Local\GDIPFONTCACHEV1.DAT2015-01-07 14:13 - 2009-07-13 23:45 - 00435032 _____ () C:\windows\system32\FNTCACHE.DAT2015-01-07 14:11 - 2014-07-04 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help2015-01-07 14:10 - 2014-07-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint2015-01-07 14:10 - 2014-07-04 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office2015-01-07 14:08 - 2010-11-21 02:16 - 00000000 ____D () C:\windows\ShellNew2015-01-07 14:08 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild2015-01-07 14:01 - 2009-07-13 21:34 - 00000478 _____ () C:\windows\win.ini2015-01-06 18:12 - 2014-07-05 17:00 - 00000000 ____D () C:\windows\System32\Tasks\Games2015-01-04 16:37 - 2014-07-21 12:09 - 00000334 _____ () C:\windows\BRCALIB.INI2015-01-03 23:58 - 2014-07-15 15:27 - 00000000 ____D () C:\Temp2015-01-03 17:15 - 2009-07-13 21:34 - 00001497 __RSH () C:\windows\system32\Drivers\etc\hosts.old2015-01-02 00:11 - 2014-09-21 16:37 - 00061952 ____H () C:\Users\Tiffany Jiang\Documents\~WRL1398.tmp2015-01-01 19:42 - 2014-07-05 20:12 - 00028569 ____H () C:\windows\SysWOW64\BTImages.dat2014-12-29 00:01 - 2014-08-25 16:21 - 00000000 ___RD () C:\Users\Tiffany Jiang\Copy ==================== Files in the root of some directories ======= 2014-07-06 16:21 - 2014-07-08 11:18 - 0000162 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\ready_files.ini2014-07-06 16:23 - 2014-07-08 11:35 - 0000084 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\turing_files.ini2014-07-15 12:00 - 2014-07-15 12:00 - 0000017 _____ () C:\Users\Tiffany Jiang\AppData\Local\resmon.resmoncfg Some content of TEMP:====================C:\Users\Tiffany Jiang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3rnude.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-25 13:39 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01Ran by Tiffany Jiang at 2015-01-27 23:36:41Running from C:\Users\Tiffany Jiang\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}FW: ZoneAlarm Extreme Security Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.5.86.4889 - Catalina Group Ltd)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version: - )Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version: - )Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - )Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCopy (HKLM\...\{3A0B2200-5D01-4B57-BF48-2CCF4294FEB1}) (Version: 1.46.380.0 - Barracuda Networks, Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDashlane (HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Dashlane) (Version: 3.2.3.77451 - Dashlane SAS)Dropbox (HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)DTS Sound (HKLM-x32\...\{791692AD-63B2-4A87-A097-4E8DD3CE4BC9}) (Version: 1.00.0079 - DTS, Inc.)Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) HiddenEvernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenHL-4570CDW (HKLM-x32\...\{123DE6D6-9566-4777-AC81-E6D86FFA95DA}) (Version: 1.0.5.0 - Brother Industries, Ltd.)HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenKing Oddball (x32 Version: 3.0.2.48 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)PC Tune-Up (x32 Version: 2.2.0.1 - ZoneAlarm) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6899 - Realtek Semiconductor Corp.)Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 430 - MIT Media Lab)Scratch 2 Offline Editor (x32 Version: 255 - MIT Media Lab) HiddenService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{6D622295-07A8-4CB3-8E0E-6E3D7C782A7B}) (Version: 3.1.0.10 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)TOSHIBA Supervisor Password (HKLM-x32\...\{661C3409-C3CC-4869-A0AC-90EAB15F5E93}) (Version: 3.1.0.2 - TOSHIBA Corporation)TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0035.6406 - TOSHIBA Corporation)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.1 - TOSHIBA)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenVLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) HiddenZoneAlarm Antivirus (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) HiddenZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 13.1.211.000 - Check Point)ZoneAlarm Find My Laptop (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) HiddenZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) HiddenZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 31-12-2014 13:53:35 Scheduled Checkpoint07-01-2015 13:59:44 Configured Microsoft Office Professional Plus 201011-01-2015 22:01:19 Installed Java SE Development Kit 8 Update 25 (64-bit)14-01-2015 15:15:08 Windows Update15-01-2015 00:08:26 Windows Update ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00632C8E-9650-48ED-9B47-3BCCFA503D1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {0264BE93-D280-45CB-971A-7E31354713CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)Task: {0F3B18BC-9760-4399-8AF3-ACB7F7167D72} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {2B68F752-F010-4F8A-81BB-A9DFBDAAB0F0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {34063104-D97C-454C-807B-A6BD5F92E094} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)Task: {4599EBB4-D477-4243-AE97-CA658BC58BE2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000UA => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)Task: {49B6202A-44E4-4DA2-8C79-7362F103F011} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {7E64F6FB-0299-4E5D-8637-6FCF41D51DC2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2462840774-3069367131-1658702193-1000Task: {B7400461-E73D-4841-A52D-B79F224A5730} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)Task: {DF04C4A8-78CE-458E-8BC7-26FDAEE0EE96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000Core => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)Task: {F9906EE0-6F58-4515-898D-B23FE866C76D} - System32\Tasks\{F4A42F3C-B6B7-4B32-A4FA-993AC3174FE7} => pcalua.exe -a "C:\Users\Tiffany Jiang\Downloads\Laggies 2014\Lite x264 Codec Pack.exe" -d "C:\Users\Tiffany Jiang\Downloads\Laggies 2014"Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000Core.job => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000UA.job => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-05-31 17:56 - 2013-05-31 17:56 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe2014-09-14 21:23 - 2011-02-07 02:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe2013-03-08 21:06 - 2013-03-08 21:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2011-08-22 16:19 - 2011-08-22 16:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll2012-03-02 17:08 - 2012-03-02 17:08 - 00595840 _____ () C:\Program Files\Toshiba\Power Saver\TPwrMain.exe2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll2014-07-04 20:29 - 2015-01-26 14:07 - 00227000 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\Dashlane.exe2014-12-18 16:10 - 2014-12-18 16:10 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe2014-08-25 16:02 - 2014-09-14 17:18 - 08212480 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\Brt.dll2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll2014-12-18 16:08 - 2014-12-18 16:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll2015-01-26 14:05 - 2015-01-26 14:05 - 00307384 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.3.77451.dll2015-01-26 14:05 - 2015-01-26 14:05 - 00417976 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.3.77451.dll2015-01-26 14:05 - 2015-01-26 14:05 - 00442040 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.3.77451.dll2015-01-26 14:05 - 2015-01-26 14:05 - 30940344 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.3.77451.dll2015-01-26 14:05 - 2015-01-26 14:05 - 00266936 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.3.77451.dll2015-01-26 14:05 - 2015-01-26 14:05 - 05805240 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.3.77451.dll2015-01-26 14:05 - 2015-01-26 14:05 - 06614200 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.3.77451.dll2014-09-24 20:48 - 2014-09-24 20:48 - 00081056 _____ () C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\libGLESv2.dll2015-01-27 22:21 - 2015-01-27 22:21 - 00043008 _____ () c:\Users\Tiffany Jiang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3rnude.dll2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\libEGL.dll2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll2014-12-17 16:11 - 2014-12-17 16:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll2014-12-17 16:11 - 2014-12-17 16:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll2014-07-04 15:32 - 2013-01-14 12:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2015-01-26 22:13 - 2015-01-25 01:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll2015-01-26 22:13 - 2015-01-25 01:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll2015-01-26 22:13 - 2015-01-25 01:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2462840774-3069367131-1658702193-500 - Administrator - Disabled)Guest (S-1-5-21-2462840774-3069367131-1658702193-501 - Limited - Disabled)Tiffany Jiang (S-1-5-21-2462840774-3069367131-1658702193-1000 - Administrator - Enabled) => C:\Users\Tiffany Jiang ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/27/2015 11:32:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 11:22:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 11:12:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 11:02:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 10:52:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 10:42:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) System errors:=============Error: (01/27/2015 10:41:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)Description: There was an error while attempting to read the local hosts file. Error: (01/27/2015 10:41:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Microsoft Office Sessions:=========================Error: (01/27/2015 11:32:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 11:22:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 11:12:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 11:02:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 10:52:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) Error: (01/27/2015 10:42:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'Error Data:(no response)Stack Trace: at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result) CodeIntegrity Errors:=================================== Date: 2014-09-13 15:39:25.995 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-13 15:39:25.993 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-13 15:39:25.924 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-13 15:39:25.921 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-13 15:37:06.140 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-13 15:37:03.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-16 11:31:58.148 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-16 11:31:58.136 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-16 11:31:57.998 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-08-16 11:31:57.996 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i3-3110M CPU @ 2.40GHzPercentage of memory in use: 46%Total physical RAM: 6026.36 MBAvailable physical RAM: 3231.3 MBTotal Pagefile: 12050.89 MBAvailable Pagefile: 9002.57 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (TI10668700I) (Fixed) (Total:919.09 GB) (Free:710.77 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D5FE6C0F)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=11 GB) - (Type=17) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 28, 2015 ID:933689 Share Posted January 28, 2015 Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools. Link to post Share on other sites More sharing options...
tiffcj Posted January 28, 2015 Author ID:933828 Share Posted January 28, 2015 Sorry I misread your first reply. I've attached the 2 logs.Addition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 28, 2015 ID:933877 Share Posted January 28, 2015 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please attach it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 29, 2015 ID:933996 Share Posted January 29, 2015 I noticed you're asking for help for with the same issue at multiple forums. This is something we do not like, because several people are trying to work with one computer which is not good. This topic will be closed. Link to post Share on other sites More sharing options...
Naathim Posted January 29, 2015 ID:934147 Share Posted January 29, 2015 This topic will be closed due to multiple help request posting. Link to post Share on other sites More sharing options...
Recommended Posts