Jump to content

Find-all-you-want Redirects - Malware?


tiffcj

Recommended Posts

 

Hi:

 

I've recently been experiencing redirects on both of my browsers (Internet Explorer and Chrome). When I click on a normal website, it first goes to a site with a URL like "...find-all-you-want.com..." which then redirects again to some random ad-like site. This happens randomly on many different websites (even this forum). I've cleared the history, caches and temporary files on my browsers which didn't help. I've also performed multiple scans with my antivirus software, ZoneAlarm, and found nothing. I fear that it's a malware or virus on my laptop because ever since I've been seeing the redirects I've also had several times where ZoneAlarm had to restart my computer because it said my computer has been infected with malware (and the restarting doesn't help - the redirects still keep coming back).

 

Please, any help regarding the removal of it would be much appreciated. Thank you.

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

  • 2 weeks later...
Hi, thanks for replying and sorry for the late reply. Here are the FRST.txt and Addition.txt files:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01

Ran by Tiffany Jiang (administrator) on TIFFANYJIANG-PC on 27-01-2015 23:35:22

Running from C:\Users\Tiffany Jiang\Desktop

Loaded Profiles: Tiffany Jiang (Available profiles: Tiffany Jiang)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe

(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\Dashlane.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Microsoft Corporation) C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Dropbox, Inc.) C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\Dropbox.exe

(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe

(DTS, Inc.) C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Toshiba) C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe

(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [] => [X]

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-05-07] (Realtek Semiconductor)

HKLM\...\Run: [batteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [293760 2013-02-20] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [997216 2013-05-07] (TOSHIBA Corporation)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()

HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [iSW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [933496 2014-03-27] (Check Point Software Technologies LTD)

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2778864 2014-08-06] (Synaptics Incorporated)

HKLM-x32\...\Run: [DTS Sound] => C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\APO3GUI.exe [1471296 2013-05-31] (DTS, Inc.)

HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-20] (Intel Corporation)

HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [bingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)

HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-04-25] (Check Point Software Technologies Ltd.)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [Dashlane] => C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\Dashlane.exe [227000 2015-01-26] ()

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [Google Update] => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-07-07] (Google Inc.)

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [skyDrive] => C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation)

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Run: [GoogleChromeAutoLaunch_21295BAD6B3744A840489D2CA39C020A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-25] (Google Inc.)

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512"

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714"

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1\amd64"

HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\RunOnce: [uninstall C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714_1"

HKU\S-1-5-18\...\Run: [Copy] => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\CopyAgent.exe [15422096 2014-09-14] (Barracuda Networks, Inc.)

Startup: C:\Users\Tiffany Jiang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Tiffany Jiang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\Tiffany Jiang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: [1aCopyShExtError] -> {83BEA36E-7680-4598-A4DF-994426F6E78D} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

ShellIconOverlayIdentifiers: [2aCopyShExtSynced] -> {845B7388-6F85-4F32-9FD5-F02DC7882B89} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

ShellIconOverlayIdentifiers: [3aCopyShExtSyncing] -> {F6378A7A-F753-449B-AE1B-997A96132E61} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

ShellIconOverlayIdentifiers: [4aCopyShExtSyncingProg1] -> {3A511828-777D-46F8-82F4-5B530C1B3D9E} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

ShellIconOverlayIdentifiers: [5aCopyShExtSyncingProg2] -> {C8C88204-5B14-40EC-BA72-8AEBC762047E} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

ShellIconOverlayIdentifiers: [6aCopyShExtSyncingProg3] -> {ACFF45C3-3EEB-4351-86C2-6696BA264239} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

ShellIconOverlayIdentifiers: [7aCopyShExtSyncingProg4] -> {29AF997F-488B-46F0-AE78-7146F1B89CC3} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

ShellIconOverlayIdentifiers: [8aCopyShExtSyncingProg5] -> {03F9AD29-1C78-4B66-8890-B177B5430C53} => C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\CopyShExt.dll (Barracuda Networks, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com

StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Toolbar: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{3B567131-4E44-47AF-977B-FAB55DBFC4B6}: [NameServer] 8.8.8.8,8.8.8.8

Tcpip\..\Interfaces\{7A7AB64B-0F07-4368-93DF-C79A043790A6}: [NameServer] 8.8.8.8,8.8.8.8

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Tiffany Jiang\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @talk.google.com/O1DPlugin -> C:\Users\Tiffany Jiang\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-2462840774-3069367131-1658702193-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Tiffany Jiang\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Tiffany Jiang\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR StartupUrls: Default -> "hxxp://www.google.ca/"

CHR Profile: C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-27]

CHR Extension: (Google Docs) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-04]

CHR Extension: (Google Drive) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]

CHR Extension: (YouTube) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]

CHR Extension: (Google Search) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]

CHR Extension: (Google Calendar) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-09-02]

CHR Extension: (Dashlane) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-07-05]

CHR Extension: (Google Sheets) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-27]

CHR Extension: (AdBlock) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-04]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-09]

CHR Extension: (Google Wallet) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]

CHR Extension: (Evernote Web Clipper) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2014-07-05]

CHR Extension: (Gmail) - C:\Users\Tiffany Jiang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]

CHR HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-31] ()

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-04-02] (Nero AG)

R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)

R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1133176 2014-03-27] (Check Point Software Technologies LTD)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3592120 2014-04-25] (Check Point Software Technologies Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [92176 2014-04-09] (Check Point Software Technologies, Ltd.)

R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3124360 2014-04-25] (Check Point Software Technologies Ltd.)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-03-11] (Intel Corporation)

R3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-03-27] (Check Point Software Technologies LTD)

R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-03-27] (Check Point Software Technologies LTD)

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-03-19] (Kaspersky Lab ZAO)

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-03-19] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-03-19] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-03-19] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2014-03-19] (Kaspersky Lab)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2014-03-19] (Kaspersky Lab ZAO)

R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [128200 2013-04-03] (Qualcomm Atheros Co., Ltd.)

R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1480776 2013-02-08] (Realtek Semiconductor Corporation                           )

S3 scvad_simple; C:\Windows\System32\drivers\SplitCamAudio.sys [23552 2013-11-01] (Windows ® Win 7 DDK provider)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-02-06] (Synaptics Incorporated)

R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450968 2014-04-24] (Check Point Software Technologies Ltd.)

S3 clwvd6; system32\DRIVERS\clwvd6.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-27 23:35 - 2015-01-27 23:36 - 00028116 _____ () C:\Users\Tiffany Jiang\Desktop\FRST.txt

2015-01-27 23:35 - 2015-01-27 23:35 - 00000000 ____D () C:\FRST

2015-01-27 23:34 - 2015-01-27 23:34 - 02129920 _____ (Farbar) C:\Users\Tiffany Jiang\Desktop\FRST64.exe

2015-01-27 23:29 - 2015-01-27 23:29 - 00017189 _____ () C:\Users\Tiffany Jiang\Desktop\hijackthistxt.txt

2015-01-27 23:16 - 2015-01-27 23:16 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Local\SystemInfo

2015-01-27 23:15 - 2015-01-27 23:15 - 01724416 _____ () C:\Users\Tiffany Jiang\Desktop\SystemInfo.exe

2015-01-27 22:54 - 2015-01-27 22:54 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2015-01-27 22:53 - 2015-01-27 22:53 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-27 22:53 - 2015-01-27 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-27 22:53 - 2015-01-27 22:53 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-27 22:53 - 2015-01-27 22:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-27 22:53 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2015-01-27 22:53 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2015-01-27 22:53 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2015-01-27 22:51 - 2015-01-27 22:51 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Tiffany Jiang\Desktop\mbam-setup-2.0.4.1028.exe

2015-01-27 22:49 - 2015-01-27 23:29 - 00017189 _____ () C:\Users\Tiffany Jiang\Desktop\hijackthis.log

2015-01-27 22:49 - 2015-01-27 22:49 - 00388608 _____ (Trend Micro Inc.) C:\Users\Tiffany Jiang\Desktop\HijackThis.exe

2015-01-27 22:35 - 2015-01-27 22:35 - 00290304 _____ (Microsoft Corporation) C:\windows\SysWOW64\subinacl.exe

2015-01-27 22:35 - 2015-01-27 22:35 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool

2015-01-27 22:34 - 2015-01-27 22:34 - 00753184 _____ () C:\Users\Tiffany Jiang\Desktop\Adware-Removal-Tool-v3.9.1.exe

2015-01-27 22:32 - 2015-01-27 22:32 - 00000703 _____ () C:\Users\Tiffany Jiang\Desktop\JRT.txt

2015-01-27 22:26 - 2015-01-27 22:26 - 00000000 ____D () C:\windows\ERUNT

2015-01-27 22:16 - 2015-01-27 22:16 - 01707939 _____ (Thisisu) C:\Users\Tiffany Jiang\Desktop\JRT.exe

2015-01-27 22:15 - 2015-01-27 22:15 - 00002061 _____ () C:\Users\Tiffany Jiang\Desktop\AdwCleaner[s0].txt

2015-01-27 22:05 - 2015-01-27 22:20 - 00000000 ____D () C:\AdwCleaner

2015-01-27 22:05 - 2015-01-27 22:05 - 02194432 _____ () C:\Users\Tiffany Jiang\Desktop\adwcleaner_4.109.exe

2015-01-27 22:03 - 2015-01-27 22:03 - 00048663 _____ () C:\Users\Tiffany Jiang\Desktop\Result.txt

2015-01-27 22:01 - 2015-01-27 22:01 - 00401920 _____ (Farbar) C:\Users\Tiffany Jiang\Desktop\MiniToolBox.exe

2015-01-18 19:20 - 2015-01-18 19:20 - 00262144 _____ () C:\windows\system32\config\elam

2015-01-17 19:30 - 2015-01-22 12:31 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-17 19:30 - 2015-01-22 12:27 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-16 15:04 - 2015-01-16 15:04 - 00000000 ____D () C:\Users\Tiffany Jiang\Documents\Scratch Projects

2015-01-13 17:50 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2015-01-13 17:50 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll

2015-01-13 17:50 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe

2015-01-13 17:50 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll

2015-01-13 17:50 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2015-01-13 17:50 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2015-01-13 17:50 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll

2015-01-13 17:32 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll

2015-01-13 17:32 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys

2015-01-13 17:32 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2015-01-13 17:32 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll

2015-01-13 17:32 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll

2015-01-13 17:32 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll

2015-01-11 22:16 - 2015-01-11 22:16 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\edu.media.mit.Scratch2Editor

2015-01-11 22:15 - 2015-01-11 22:15 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scratch 2.lnk

2015-01-11 22:15 - 2015-01-11 22:15 - 00000000 ____D () C:\Program Files (x86)\Scratch 2

2015-01-11 22:10 - 2015-01-11 22:10 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia

2015-01-11 22:10 - 2015-01-11 22:10 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia

2015-01-11 22:07 - 2015-01-26 18:00 - 00000831 _____ () C:\Users\Tiffany Jiang\.drjava

2015-01-11 22:06 - 2015-01-11 22:07 - 12977155 _____ () C:\Users\Tiffany Jiang\Desktop\drjava-stable-20140826-r5761.exe

2015-01-11 22:05 - 2015-01-11 22:05 - 00000000 ____D () C:\ProgramData\Sun

2015-01-11 22:04 - 2015-01-22 12:28 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll

2015-01-11 22:04 - 2015-01-11 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-11 22:03 - 2015-01-22 12:31 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-11 22:02 - 2015-01-22 12:30 - 00000000 ____D () C:\Program Files\Java

2015-01-11 22:02 - 2015-01-11 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit

2015-01-03 17:05 - 2015-01-03 17:05 - 00003270 _____ () C:\windows\System32\Tasks\{F4A42F3C-B6B7-4B32-A4FA-993AC3174FE7}

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-27 23:24 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-27 23:24 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-27 23:11 - 2014-07-07 16:18 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000UA.job

2015-01-27 23:11 - 2014-07-04 20:09 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-27 22:51 - 2013-11-14 01:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2015-01-27 22:28 - 2014-07-04 21:03 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Copy

2015-01-27 22:28 - 2009-07-14 00:13 - 00781790 _____ () C:\windows\system32\PerfStringBackup.INI

2015-01-27 22:25 - 2014-07-04 15:27 - 01472453 _____ () C:\windows\WindowsUpdate.log

2015-01-27 22:22 - 2014-08-25 15:51 - 00000000 ___RD () C:\Users\Tiffany Jiang\OneDrive

2015-01-27 22:22 - 2014-08-24 19:16 - 00000000 ___RD () C:\Users\Tiffany Jiang\Dropbox

2015-01-27 22:22 - 2014-07-11 13:03 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox

2015-01-27 22:21 - 2014-07-15 15:41 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Local\HTC MediaHub

2015-01-27 22:21 - 2014-07-04 20:09 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-27 22:21 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2015-01-27 22:20 - 2014-11-22 20:13 - 00010361 _____ () C:\windows\setupact.log

2015-01-27 22:20 - 2010-11-20 22:47 - 00364596 _____ () C:\windows\PFRO.log

2015-01-27 21:51 - 2014-07-04 20:26 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane

2015-01-27 21:49 - 2014-07-04 20:29 - 00002028 _____ () C:\Users\Tiffany Jiang\Desktop\Dashlane.lnk

2015-01-27 21:48 - 2014-08-13 14:15 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\uTorrent

2015-01-27 21:44 - 2014-09-21 19:47 - 00000000 ____D () C:\Users\Tiffany Jiang\Documents\To Do

2015-01-27 19:19 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

2015-01-27 12:51 - 2014-07-07 16:17 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000Core.job

2015-01-26 22:13 - 2014-07-04 20:12 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-26 18:00 - 2014-07-04 15:24 - 00000000 ____D () C:\Users\Tiffany Jiang

2015-01-26 17:14 - 2014-08-25 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-25 13:57 - 2014-12-21 02:53 - 00002037 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

2015-01-25 13:57 - 2014-08-10 18:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2015-01-25 13:57 - 2014-07-04 15:47 - 00623274 _____ () C:\windows\DPINST.LOG

2015-01-25 13:57 - 2013-11-14 01:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-01-25 02:45 - 2014-07-05 17:40 - 00000000 ____D () C:\Leisure

2015-01-24 17:51 - 2013-11-14 01:56 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2015-01-24 17:51 - 2013-11-14 01:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-01-24 17:51 - 2013-11-14 01:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2015-01-23 22:24 - 2014-07-05 17:43 - 00000000 ____D () C:\University Applications

2015-01-23 13:14 - 2014-07-04 18:23 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Skype

2015-01-18 19:41 - 2009-07-14 00:08 - 00032648 _____ () C:\windows\Tasks\SCHEDLGU.TXT

2015-01-17 22:41 - 2014-07-05 20:28 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\vlc

2015-01-15 18:14 - 2014-09-14 21:23 - 00000000 ____D () C:\ProgramData\CanonIJPLM

2015-01-15 00:18 - 2013-11-14 00:28 - 00766100 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

2015-01-14 15:36 - 2014-07-04 16:48 - 00000000 ____D () C:\windows\system32\MRT

2015-01-14 15:16 - 2014-07-04 16:48 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2015-01-11 22:12 - 2014-07-04 15:28 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Roaming\Adobe

2015-01-11 22:12 - 2013-11-14 01:57 - 00000000 ____D () C:\ProgramData\Adobe

2015-01-11 22:10 - 2014-07-04 18:24 - 00000000 ____D () C:\Users\Tiffany Jiang\AppData\Local\Adobe

2015-01-11 22:10 - 2013-11-14 01:57 - 00000000 ____D () C:\Program Files (x86)\Adobe

2015-01-11 22:08 - 2014-07-05 17:39 - 00000000 ____D () C:\Grade 10 Assignments

2015-01-09 14:07 - 2014-07-05 16:52 - 00000000 ____D () C:\University 3 Assignments

2015-01-07 14:15 - 2014-07-04 15:29 - 00112344 _____ () C:\Users\Tiffany Jiang\AppData\Local\GDIPFONTCACHEV1.DAT

2015-01-07 14:13 - 2009-07-13 23:45 - 00435032 _____ () C:\windows\system32\FNTCACHE.DAT

2015-01-07 14:11 - 2014-07-04 19:41 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-01-07 14:10 - 2014-07-04 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

2015-01-07 14:10 - 2014-07-04 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2015-01-07 14:08 - 2010-11-21 02:16 - 00000000 ____D () C:\windows\ShellNew

2015-01-07 14:08 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild

2015-01-07 14:01 - 2009-07-13 21:34 - 00000478 _____ () C:\windows\win.ini

2015-01-06 18:12 - 2014-07-05 17:00 - 00000000 ____D () C:\windows\System32\Tasks\Games

2015-01-04 16:37 - 2014-07-21 12:09 - 00000334 _____ () C:\windows\BRCALIB.INI

2015-01-03 23:58 - 2014-07-15 15:27 - 00000000 ____D () C:\Temp

2015-01-03 17:15 - 2009-07-13 21:34 - 00001497 __RSH () C:\windows\system32\Drivers\etc\hosts.old

2015-01-02 00:11 - 2014-09-21 16:37 - 00061952 ____H () C:\Users\Tiffany Jiang\Documents\~WRL1398.tmp

2015-01-01 19:42 - 2014-07-05 20:12 - 00028569 ____H () C:\windows\SysWOW64\BTImages.dat

2014-12-29 00:01 - 2014-08-25 16:21 - 00000000 ___RD () C:\Users\Tiffany Jiang\Copy

 

==================== Files in the root of some directories =======

 

2014-07-06 16:21 - 2014-07-08 11:18 - 0000162 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\ready_files.ini

2014-07-06 16:23 - 2014-07-08 11:35 - 0000084 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\turing_files.ini

2014-07-15 12:00 - 2014-07-15 12:00 - 0000017 _____ () C:\Users\Tiffany Jiang\AppData\Local\resmon.resmoncfg

 

Some content of TEMP:

====================

C:\Users\Tiffany Jiang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3rnude.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-25 13:39

 

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01

Ran by Tiffany Jiang at 2015-01-27 23:36:41

Running from C:\Users\Tiffany Jiang\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Extreme Security Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)

Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)

B1 Free Archiver (HKLM-x32\...\B1FreeArchiver) (Version: 1.5.86.4889 - Catalina Group Ltd)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)

Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )

Canon MG2100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series) (Version:  - )

Canon MG2100 series On-screen Manual (HKLM-x32\...\Canon MG2100 series On-screen Manual) (Version:  - )

Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version:  - )

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Copy (HKLM\...\{3A0B2200-5D01-4B57-BF48-2CCF4294FEB1}) (Version: 1.46.380.0 - Barracuda Networks, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dashlane (HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Dashlane) (Version: 3.2.3.77451 - Dashlane SAS)

Dropbox (HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

DTS Sound (HKLM-x32\...\{791692AD-63B2-4A87-A097-4E8DD3CE4BC9}) (Version: 1.00.0079 - DTS, Inc.)

Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden

Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)

Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

HL-4570CDW (HKLM-x32\...\{123DE6D6-9566-4777-AC81-E6D86FFA95DA}) (Version: 1.0.5.0 - Brother Industries, Ltd.)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.7.248 - Intel Corporation)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)

Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2462840774-3069367131-1658702193-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)

PC Tune-Up (x32 Version: 2.2.0.1 - ZoneAlarm) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6899 - Realtek Semiconductor Corp.)

Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)

Scratch 2 Offline Editor (HKLM-x32\...\edu.media.mit.Scratch2Editor) (Version: 430 - MIT Media Lab)

Scratch 2 Offline Editor (x32 Version: 255 - MIT Media Lab) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Sony PC Companion 2.10.245 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)

Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.12 for x64 - TOSHIBA Corporation)

TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.23.64 - TOSHIBA Corporation)

TOSHIBA Hardware Setup (HKLM-x32\...\{6D622295-07A8-4CB3-8E0E-6E3D7C782A7B}) (Version: 3.1.0.10 - TOSHIBA Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)

TOSHIBA Supervisor Password (HKLM-x32\...\{661C3409-C3CC-4869-A0AC-90EAB15F5E93}) (Version: 3.1.0.2 - TOSHIBA Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0035.6406 - TOSHIBA Corporation)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.1 - TOSHIBA)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden

ZoneAlarm Antivirus (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 13.1.211.000 - Check Point)

ZoneAlarm Find My Laptop (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Firewall (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden

ZoneAlarm Security (x32 Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2462840774-3069367131-1658702193-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

31-12-2014 13:53:35 Scheduled Checkpoint

07-01-2015 13:59:44 Configured Microsoft Office Professional Plus 2010

11-01-2015 22:01:19 Installed Java SE Development Kit 8 Update 25 (64-bit)

14-01-2015 15:15:08 Windows Update

15-01-2015 00:08:26 Windows Update

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {00632C8E-9650-48ED-9B47-3BCCFA503D1B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {0264BE93-D280-45CB-971A-7E31354713CF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)

Task: {0F3B18BC-9760-4399-8AF3-ACB7F7167D72} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe

Task: {2B68F752-F010-4F8A-81BB-A9DFBDAAB0F0} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe

Task: {34063104-D97C-454C-807B-A6BD5F92E094} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)

Task: {4599EBB4-D477-4243-AE97-CA658BC58BE2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000UA => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)

Task: {49B6202A-44E4-4DA2-8C79-7362F103F011} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {7E64F6FB-0299-4E5D-8637-6FCF41D51DC2} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2462840774-3069367131-1658702193-1000

Task: {B7400461-E73D-4841-A52D-B79F224A5730} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)

Task: {DF04C4A8-78CE-458E-8BC7-26FDAEE0EE96} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000Core => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe [2014-07-07] (Google Inc.)

Task: {F9906EE0-6F58-4515-898D-B23FE866C76D} - System32\Tasks\{F4A42F3C-B6B7-4B32-A4FA-993AC3174FE7} => pcalua.exe -a "C:\Users\Tiffany Jiang\Downloads\Laggies 2014\Lite x264 Codec Pack.exe" -d "C:\Users\Tiffany Jiang\Downloads\Laggies 2014"

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000Core.job => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2462840774-3069367131-1658702193-1000UA.job => C:\Users\Tiffany Jiang\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-05-31 17:56 - 2013-05-31 17:56 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

2014-09-14 21:23 - 2011-02-07 02:56 - 00138192 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2013-03-08 21:06 - 2013-03-08 21:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-08-22 16:19 - 2011-08-22 16:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll

2012-03-02 17:08 - 2012-03-02 17:08 - 00595840 _____ () C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll

2014-07-04 20:29 - 2015-01-26 14:07 - 00227000 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\Dashlane.exe

2014-12-18 16:10 - 2014-12-18 16:10 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2014-08-25 16:02 - 2014-09-14 17:18 - 08212480 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Copy\overlay\Brt.dll

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-05-27 12:32 - 2014-05-27 12:32 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2014-12-18 16:08 - 2014-12-18 16:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2014-05-27 12:33 - 2014-05-27 12:33 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2014-05-27 12:32 - 2014-05-27 12:32 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2014-05-27 12:33 - 2014-05-27 12:33 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2014-05-27 12:34 - 2014-05-27 12:34 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll

2014-05-27 12:35 - 2014-05-27 12:35 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2015-01-26 14:05 - 2015-01-26 14:05 - 00307384 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.2.3.77451.dll

2015-01-26 14:05 - 2015-01-26 14:05 - 00417976 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.2.3.77451.dll

2015-01-26 14:05 - 2015-01-26 14:05 - 00442040 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.2.3.77451.dll

2015-01-26 14:05 - 2015-01-26 14:05 - 30940344 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.2.3.77451.dll

2015-01-26 14:05 - 2015-01-26 14:05 - 00266936 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.2.3.77451.dll

2015-01-26 14:05 - 2015-01-26 14:05 - 05805240 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.2.3.77451.dll

2015-01-26 14:05 - 2015-01-26 14:05 - 06614200 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dashlane\3.2.3.77451\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.2.3.77451.dll

2014-09-24 20:48 - 2014-09-24 20:48 - 00081056 _____ () C:\Users\Tiffany Jiang\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-27 22:21 - 2015-01-27 22:21 - 00043008 _____ () c:\Users\Tiffany Jiang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3rnude.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Tiffany Jiang\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2014-12-17 16:11 - 2014-12-17 16:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2014-12-17 16:11 - 2014-12-17 16:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2014-07-04 15:32 - 2013-01-14 12:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2015-01-26 22:13 - 2015-01-25 01:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll

2015-01-26 22:13 - 2015-01-25 01:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll

2015-01-26 22:13 - 2015-01-25 01:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2462840774-3069367131-1658702193-500 - Administrator - Disabled)

Guest (S-1-5-21-2462840774-3069367131-1658702193-501 - Limited - Disabled)

Tiffany Jiang (S-1-5-21-2462840774-3069367131-1658702193-1000 - Administrator - Enabled) => C:\Users\Tiffany Jiang

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/27/2015 11:32:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 11:22:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 11:12:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 11:02:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 10:52:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 10:42:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

 

System errors:

=============

Error: (01/27/2015 10:41:51 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: There was an error while attempting to read the local hosts file.

 

Error: (01/27/2015 10:41:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

 

Microsoft Office Sessions:

=========================

Error: (01/27/2015 11:32:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 11:22:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 11:12:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 11:02:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 10:52:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

Error: (01/27/2015 10:42:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )

Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'

Error Data:

(no response)

Stack Trace:

   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)

   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-09-13 15:39:25.995

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 15:39:25.993

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 15:39:25.924

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 15:39:25.921

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 15:37:06.140

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-09-13 15:37:03.332

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-16 11:31:58.148

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-16 11:31:58.136

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-16 11:31:57.998

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-08-16 11:31:57.996

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i3-3110M CPU @ 2.40GHz

Percentage of memory in use: 46%

Total physical RAM: 6026.36 MB

Available physical RAM: 3231.3 MB

Total Pagefile: 12050.89 MB

Available Pagefile: 9002.57 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: (TI10668700I) (Fixed) (Total:919.09 GB) (Free:710.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: D5FE6C0F)

Partition 1: (Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Not Active) - (Size=919.1 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=11 GB) - (Type=17)

 

==================== End Of Log ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.