Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware blocking internet access


  • This topic is locked This topic is locked
10 replies to this topic

#1 smurfhandy

smurfhandy

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 03 September 2015 - 10:58 PM

I am working on my Son's computer.  Initially we noticed that "automatically detect (proxy) settings" was unchecked and proxy settings had been set.  On changing these settings they would revert back.   I could go into safe mode and change the settings ... as soon as I booted into normal mode the settings would be changed back.   So I posted here ... http://www.bleepingcomputer.com/forums/t/588730/malware-changing-the-proxy-settings/#entry3806100

 

these solved the settings being changed.  However, the computer still will not go online in either chrome or IE in normal mode AFTER the startup is complete.  It will if I open them quickly but then it will give me the error message that network access is denied.

 

So I was instructed to do some other things and post here.   This was run in safe mode... 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by Tiara (administrator) on TIARAS-COMPUTER (03-09-2015 22:40:42)
Running from C:\Users\Tiara\Desktop
Loaded Profiles: Tiara (Available Profiles: Tiara & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-08-10]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyServer: [S-1-5-21-4225743412-3915342973-980045758-1001] => http=127.0.0.1:56087;https=127.0.0.1:56087
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 216.252.23.242
Tcpip\..\Interfaces\{AA3017C7-B5E4-4B4A-BD81-807BF47F475A}: [DhcpNameServer] 8.8.8.8 216.252.23.242
Tcpip\..\Interfaces\{B03D7686-80F4-4CC4-A775-2BA715E82463}: [DhcpNameServer] 8.8.8.8 216.252.23.242
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM -> DefaultScope {91B8A9CE-9DA0-4529-A913-E515F00ACAF2} URL = 
SearchScopes: HKU\S-1-5-21-4225743412-3915342973-980045758-1001 -> DefaultScope {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
SearchScopes: HKU\S-1-5-21-4225743412-3915342973-980045758-1001 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll [2014-04-29] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL [2013-04-08] (Symantec Corporation)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn [2015-06-27]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFFPlgn [2015-06-12]
 
Chrome: 
=======
CHR Profile: C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-12]
CHR Extension: (Google Docs) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-12]
CHR Extension: (Google Drive) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-07-08]
CHR Extension: (YouTube) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-12]
CHR Extension: (Google Search) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-12]
CHR Extension: (Google Sheets) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-12]
CHR Extension: (Gmail) - C:\Users\Tiara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-12]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2015-06-29]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] -  <not found>
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
S2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\SymcPCCULaunchSvc.exe [123320 2012-07-23] (Symantec Corporation)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
S2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-06-16] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-06-14] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-06-27] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20150706.001\IDSvia64.sys [692984 2015-06-21] (Symantec Corporation)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-08-31] (Malwarebytes)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-08-31] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20150706.035\ENG64.SYS [138488 2015-06-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20150706.035\EX64.SYS [2146040 2015-06-24] (Symantec Corporation)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                           )
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2015-06-15] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 22:40 - 2015-09-03 22:41 - 00014191 _____ C:\Users\Tiara\Desktop\FRST.txt
2015-09-03 22:39 - 2015-09-03 22:40 - 00000000 ____D C:\FRST
2015-09-03 22:38 - 2015-09-03 22:38 - 02188800 _____ (Farbar) C:\Users\Tiara\Desktop\FRST64.exe
2015-08-31 23:52 - 2015-08-31 23:53 - 00000000 ____D C:\ProgramData\Sophos
2015-08-31 23:49 - 2015-08-31 23:49 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-08-31 23:49 - 2015-08-31 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-08-31 23:49 - 2015-08-31 23:49 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-08-31 23:37 - 2015-08-31 23:44 - 132495576 _____ (Sophos Limited) C:\Users\Tiara\Desktop\Sophos Virus Removal Tool.exe
2015-08-31 23:13 - 2015-08-31 23:13 - 00001855 _____ C:\Users\Tiara\Desktop\JRT.txt
2015-08-31 23:07 - 2015-08-31 23:07 - 01798640 _____ (Malwarebytes Corporation) C:\Users\Tiara\Desktop\JRT.exe
2015-08-31 22:47 - 2015-08-31 22:53 - 00000000 ____D C:\AdwCleaner
2015-08-31 22:44 - 2015-08-31 22:44 - 01654272 _____ C:\Users\Tiara\Desktop\adwcleaner_5.005.exe
2015-08-31 22:37 - 2015-08-31 22:37 - 00448512 _____ (OldTimer Tools) C:\Users\Tiara\Downloads\TFC (1).exe
2015-08-31 22:36 - 2015-08-31 22:37 - 00448512 _____ (OldTimer Tools) C:\Users\Tiara\Downloads\TFC.exe
2015-08-31 22:01 - 2015-08-31 22:05 - 00002620 _____ C:\Users\Tiara\Desktop\Rkill.txt
2015-08-31 21:59 - 2015-08-31 21:59 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Tiara\Desktop\iExplore.exe
2015-08-31 21:04 - 2015-08-31 21:38 - 00000000 ____D C:\Users\Tiara\Desktop\mbar
2015-08-31 21:04 - 2015-08-31 21:38 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-31 21:02 - 2015-08-31 21:02 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Tiara\Desktop\mbar-1.09.2.1008.exe
2015-08-31 20:59 - 2015-08-31 20:59 - 00020830 _____ C:\Users\Tiara\Desktop\2015 0831 mbam.txt.txt
2015-08-31 20:21 - 2015-08-31 21:04 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-31 20:21 - 2015-08-31 21:04 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-31 20:21 - 2015-08-31 20:21 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-31 20:21 - 2015-08-31 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 20:21 - 2015-08-31 20:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-31 20:21 - 2015-08-31 20:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 20:21 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-31 20:21 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-31 20:18 - 2015-08-31 20:18 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tiara\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-31 20:16 - 2015-09-03 19:00 - 00029891 _____ C:\Users\Tiara\Desktop\MTB.txt
2015-08-31 20:14 - 2015-08-31 20:14 - 00891392 _____ (Farbar) C:\Users\Tiara\Desktop\MiniToolBox.exe
2015-08-31 20:13 - 2015-08-31 22:24 - 00002786 _____ C:\Users\Tiara\Desktop\FSS.txt
2015-08-31 20:11 - 2015-08-31 20:11 - 00899072 _____ (Farbar) C:\Users\Tiara\Desktop\FSS.exe
2015-08-31 20:08 - 2015-08-31 20:08 - 00852704 _____ C:\Users\Tiara\Desktop\SecurityCheck.exe
2015-08-31 01:17 - 2015-08-31 01:17 - 00350320 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-31 00:33 - 2015-08-07 21:27 - 00793544 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-31 00:33 - 2015-08-07 21:27 - 00177632 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-30 23:03 - 2014-02-03 18:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2015-08-30 23:03 - 2014-02-03 18:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2015-08-30 23:03 - 2014-01-30 19:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2015-08-30 23:03 - 2014-01-30 19:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2015-08-30 23:03 - 2014-01-26 22:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2015-08-30 23:03 - 2014-01-15 18:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2015-08-30 23:03 - 2014-01-02 18:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2015-08-30 23:03 - 2014-01-02 18:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2015-08-30 23:03 - 2012-11-05 23:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\iscsilog.dll
2015-08-30 23:02 - 2013-06-01 06:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2015-08-30 23:02 - 2013-06-01 05:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2015-08-30 23:02 - 2013-06-01 04:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2015-08-30 23:02 - 2013-06-01 04:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2015-08-30 23:02 - 2013-06-01 04:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2015-08-30 23:02 - 2013-06-01 04:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2015-08-30 23:02 - 2013-06-01 04:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-08-30 23:02 - 2013-06-01 04:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2015-08-30 23:02 - 2013-06-01 04:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2015-08-30 23:02 - 2013-06-01 04:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2015-08-30 23:02 - 2013-06-01 04:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2015-08-30 23:02 - 2013-06-01 04:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2015-08-30 23:02 - 2013-06-01 04:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-08-30 23:02 - 2013-06-01 04:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2015-08-30 23:02 - 2013-06-01 04:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2015-08-30 23:02 - 2013-06-01 04:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2015-08-30 23:02 - 2013-06-01 04:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2015-08-30 23:02 - 2013-05-31 22:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2015-08-30 23:01 - 2013-06-16 17:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-08-30 22:59 - 2013-03-02 03:23 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2015-08-30 22:59 - 2013-03-02 03:23 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2015-08-30 22:59 - 2013-03-02 03:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2015-08-30 22:59 - 2013-03-02 03:21 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvstore.dll
2015-08-30 22:59 - 2013-03-02 03:21 - 00145408 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2015-08-30 22:59 - 2013-03-02 03:21 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevDispItemProvider.dll
2015-08-30 22:57 - 2013-03-02 05:57 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys
2015-08-30 22:57 - 2013-03-01 21:45 - 01149952 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2015-08-30 22:57 - 2013-03-01 21:45 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2015-08-30 22:57 - 2013-03-01 21:45 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
2015-08-30 22:57 - 2013-03-01 21:45 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2015-08-30 22:57 - 2013-03-01 21:45 - 00240640 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe
2015-08-30 22:57 - 2013-03-01 21:45 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2015-08-30 22:57 - 2013-03-01 21:45 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\TimeBrokerServer.dll
2015-08-30 22:57 - 2013-03-01 21:45 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2015-08-30 22:57 - 2013-03-01 21:45 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\WSDPrintProxy.DLL
2015-08-30 22:57 - 2013-03-01 21:44 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\drvstore.dll
2015-08-30 22:57 - 2013-03-01 21:44 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2015-08-30 22:57 - 2013-03-01 21:44 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\discan.dll
2015-08-30 22:57 - 2013-03-01 21:44 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\NdisImPlatform.dll
2015-08-30 22:57 - 2013-03-01 21:44 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\DevDispItemProvider.dll
2015-08-30 22:57 - 2013-03-01 21:43 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2015-08-30 22:57 - 2013-03-01 21:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2015-08-30 22:57 - 2013-02-28 23:56 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rfcomm.sys
2015-08-30 22:57 - 2013-02-28 23:56 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys
2015-08-30 22:57 - 2013-02-28 23:55 - 01175040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2015-08-30 22:57 - 2013-01-08 22:59 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2015-08-30 22:57 - 2013-01-08 22:58 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2015-08-30 22:56 - 2013-01-09 20:53 - 00028904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpiowin32.sys
2015-08-30 22:56 - 2013-01-09 20:29 - 00091880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys
2015-08-30 22:56 - 2013-01-09 18:26 - 01752064 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupapi.dll
2015-08-30 22:56 - 2013-01-09 18:26 - 01611776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2015-08-30 22:56 - 2013-01-09 18:26 - 00436736 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2015-08-30 22:56 - 2013-01-09 18:26 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2015-08-30 22:56 - 2013-01-09 18:26 - 00083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wiaacmgr.exe
2015-08-30 22:56 - 2013-01-09 18:23 - 02094592 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2015-08-30 22:56 - 2013-01-09 18:23 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\wlidsvc.dll
2015-08-30 22:56 - 2013-01-09 18:23 - 01886208 _____ (Microsoft Corporation) C:\windows\system32\setupapi.dll
2015-08-30 22:56 - 2013-01-09 18:23 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2015-08-30 22:56 - 2013-01-09 18:23 - 00256000 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2015-08-30 22:56 - 2013-01-09 18:23 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\wiaacmgr.exe
2015-08-30 22:56 - 2013-01-09 18:22 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2015-08-30 22:56 - 2013-01-09 18:22 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2015-08-30 22:56 - 2013-01-09 18:22 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2015-08-30 22:56 - 2012-11-02 00:19 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ncbservice.dll
2015-08-30 22:56 - 2012-11-02 00:18 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2015-08-30 22:56 - 2012-11-02 00:18 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2015-08-30 22:56 - 2012-11-02 00:18 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\adhapi.dll
2015-08-30 22:56 - 2012-11-02 00:18 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\httpprxp.dll
2015-08-30 22:56 - 2012-11-02 00:18 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\keepaliveprovider.dll
2015-08-30 22:54 - 2013-01-15 19:25 - 01437696 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2015-08-30 22:54 - 2013-01-15 19:23 - 01690624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2015-08-30 22:45 - 2013-05-14 21:25 - 00888320 _____ (Microsoft Corporation) C:\windows\system32\autochk.exe
2015-08-30 22:45 - 2013-05-14 21:25 - 00542208 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2015-08-30 22:45 - 2013-05-14 21:24 - 00793088 _____ (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
2015-08-30 22:45 - 2013-05-14 21:24 - 00482816 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2015-08-30 22:45 - 2013-05-04 01:57 - 01131520 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2015-08-30 22:45 - 2013-05-04 01:57 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2015-08-30 22:44 - 2013-05-04 02:58 - 00120736 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2015-08-30 22:44 - 2013-05-04 01:59 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
2015-08-30 22:44 - 2013-05-04 01:58 - 00470528 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2015-08-30 22:44 - 2013-05-04 01:58 - 00330240 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2015-08-30 22:44 - 2013-05-04 01:58 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\netplwiz.dll
2015-08-30 22:44 - 2013-05-04 01:58 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
2015-08-30 22:44 - 2013-05-04 01:58 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2015-08-30 22:44 - 2013-05-04 01:57 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2015-08-30 22:44 - 2013-05-04 01:57 - 00501760 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2015-08-30 22:44 - 2013-05-04 01:57 - 00389120 _____ (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
2015-08-30 22:44 - 2013-05-04 01:57 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2015-08-30 22:44 - 2013-05-04 01:57 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\biwinrt.dll
2015-08-30 22:44 - 2013-05-04 01:57 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
2015-08-30 22:44 - 2013-05-04 01:56 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\intl.cpl
2015-08-30 22:44 - 2013-05-03 23:58 - 00758784 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2015-08-30 22:44 - 2013-05-03 23:57 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2015-08-30 22:44 - 2013-05-03 23:57 - 00151040 _____ (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
2015-08-30 22:44 - 2013-05-03 23:57 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2015-08-30 22:44 - 2013-05-03 23:57 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2015-08-30 22:44 - 2013-05-03 23:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
2015-08-30 22:44 - 2013-05-03 23:56 - 00449536 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2015-08-30 22:44 - 2013-05-03 23:56 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2015-08-30 22:44 - 2013-05-03 23:56 - 00309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
2015-08-30 22:44 - 2013-05-03 23:56 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
2015-08-30 22:44 - 2013-05-03 23:55 - 00389632 _____ (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
2015-08-30 22:44 - 2013-05-03 23:51 - 00014848 _____ (Microsoft) C:\windows\system32\rars.rs
2015-08-30 22:44 - 2013-05-03 23:47 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2015-08-30 22:44 - 2013-05-03 23:10 - 00014848 _____ (Microsoft) C:\windows\SysWOW64\rars.rs
2015-08-30 22:44 - 2013-03-01 21:45 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2015-08-30 22:44 - 2013-03-01 21:45 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
2015-08-30 22:44 - 2013-02-02 03:39 - 00015872 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmproxy.dll
2015-08-30 22:44 - 2013-02-02 03:39 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmsprep.dll
2015-08-30 22:43 - 2012-11-27 01:39 - 01122768 _____ (Microsoft Corporation) C:\windows\system32\Taskmgr.exe
2015-08-30 22:43 - 2012-11-26 23:49 - 01027152 _____ (Microsoft Corporation) C:\windows\SysWOW64\Taskmgr.exe
2015-08-30 22:43 - 2012-11-26 23:20 - 00798208 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebcamUi.dll
2015-08-30 22:43 - 2012-11-26 23:20 - 00560128 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserLanguagesCpl.dll
2015-08-30 22:43 - 2012-11-26 23:20 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpnapps.dll
2015-08-30 22:43 - 2012-11-26 23:20 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\vds_ps.dll
2015-08-30 22:43 - 2012-11-26 23:19 - 00955904 _____ (Microsoft Corporation) C:\windows\system32\WebcamUi.dll
2015-08-30 22:43 - 2012-11-26 23:19 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\UserLanguagesCpl.dll
2015-08-30 22:43 - 2012-11-26 23:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\wpnapps.dll
2015-08-30 22:43 - 2012-11-26 22:57 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys
2015-08-30 22:43 - 2012-11-26 22:55 - 00029952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthhfHid.sys
2015-08-30 22:43 - 2012-09-11 00:28 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\vdsldr.exe
2015-08-30 22:43 - 2012-09-11 00:27 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\vds_ps.dll
2015-08-30 22:42 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2015-08-30 22:42 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2015-08-30 22:42 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2015-08-30 22:42 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2015-08-30 22:42 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2015-08-30 22:42 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2015-08-30 22:42 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2015-08-30 22:42 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2015-08-30 22:42 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2015-08-30 22:42 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2015-08-30 22:42 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2015-08-30 22:42 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2015-08-30 22:42 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2015-08-30 22:42 - 2013-03-02 03:23 - 00100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncInfo.dll
2015-08-30 22:19 - 2015-07-01 08:00 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-30 22:19 - 2015-07-01 07:58 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-30 22:19 - 2015-07-01 06:42 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-30 22:19 - 2015-07-01 06:41 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-30 22:19 - 2015-06-27 08:46 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-30 22:19 - 2015-06-27 08:23 - 00694784 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-30 22:19 - 2015-04-30 08:44 - 00478296 _____ C:\windows\SysWOW64\locale.nls
2015-08-30 22:19 - 2015-04-30 08:44 - 00478296 _____ C:\windows\system32\locale.nls
2015-08-30 22:18 - 2015-07-28 11:25 - 00025776 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-30 22:18 - 2015-07-28 09:13 - 01116160 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-30 22:18 - 2015-07-28 09:13 - 00774144 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-30 22:18 - 2015-07-28 09:13 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-30 22:18 - 2015-07-28 09:13 - 00437248 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-30 22:18 - 2015-07-28 09:13 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-30 22:18 - 2015-07-28 08:12 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-30 22:18 - 2015-06-29 08:27 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-30 22:18 - 2015-06-09 08:09 - 00411133 _____ C:\windows\system32\ApnDatabase.xml
2015-08-30 22:18 - 2015-04-21 08:53 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2015-08-30 22:18 - 2015-03-27 03:07 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\cryptcatsvc.dll
2015-08-30 22:18 - 2014-04-19 04:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2015-08-30 22:18 - 2012-10-10 02:04 - 00094208 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll
2015-08-30 22:18 - 2012-10-10 01:31 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\synceng.dll
2015-08-30 22:17 - 2015-07-06 11:16 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-30 22:17 - 2015-07-06 09:32 - 00281944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-30 22:16 - 2015-07-13 16:05 - 00054272 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-30 22:16 - 2015-07-13 16:05 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-30 22:16 - 2015-07-09 16:46 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-30 22:16 - 2015-07-09 16:44 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-08-30 22:16 - 2015-07-09 15:17 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-30 22:16 - 2015-07-09 15:16 - 00269824 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-08-30 22:16 - 2013-12-04 18:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2015-08-30 22:16 - 2013-12-04 18:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2015-08-30 22:15 - 2015-06-17 09:13 - 01150264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-08-30 22:15 - 2015-06-17 08:44 - 01567560 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-08-30 22:15 - 2014-03-24 18:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2015-08-30 22:15 - 2014-03-24 17:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2015-08-30 22:15 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2015-08-30 22:15 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2015-08-30 22:15 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2015-08-30 22:15 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2015-08-30 22:15 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-30 22:15 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2015-08-30 22:14 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2015-08-30 22:14 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2015-08-30 22:14 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2015-08-30 22:13 - 2013-08-16 00:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2015-08-30 22:13 - 2013-08-16 00:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2015-08-30 22:13 - 2013-08-16 00:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2015-08-30 22:13 - 2013-08-16 00:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2015-08-30 22:13 - 2013-08-16 00:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2015-08-30 22:13 - 2013-08-16 00:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2015-08-30 22:13 - 2013-08-16 00:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2015-08-30 22:13 - 2013-08-16 00:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2015-08-30 22:13 - 2013-08-16 00:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-30 22:13 - 2013-08-15 17:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2015-08-30 22:13 - 2013-08-15 17:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2015-08-30 22:13 - 2013-08-15 17:43 - 00083968 _____ C:\windows\SysWOW64\OEMLicense.dll
2015-08-30 22:13 - 2013-08-15 17:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2015-08-30 22:13 - 2013-08-15 17:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2015-08-30 22:12 - 2014-06-17 18:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2015-08-30 22:12 - 2014-06-17 18:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2015-08-30 22:11 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2015-08-30 22:11 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2015-08-30 22:11 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2015-08-30 22:11 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2015-08-30 22:11 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2015-08-30 22:10 - 2015-07-30 08:11 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-30 22:10 - 2015-07-30 08:10 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-30 22:09 - 2014-07-08 17:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2015-08-30 22:09 - 2014-07-08 17:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2015-08-30 22:09 - 2014-07-08 17:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2015-08-30 22:09 - 2014-07-08 17:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2015-08-30 22:09 - 2014-07-07 00:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2015-08-30 22:09 - 2014-07-07 00:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2015-08-30 22:09 - 2014-07-04 05:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2015-08-30 22:09 - 2014-06-17 18:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-30 22:09 - 2014-06-17 18:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-30 22:09 - 2014-06-11 09:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2015-08-30 22:09 - 2014-06-10 23:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2015-08-30 22:09 - 2014-06-10 17:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-08-30 22:09 - 2014-02-04 05:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-08-30 22:09 - 2013-05-24 17:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-08-30 22:09 - 2013-05-24 17:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-08-30 22:08 - 2015-07-16 15:31 - 19291648 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-30 22:07 - 2015-07-16 14:06 - 14383616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-30 22:05 - 2015-07-16 15:32 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-30 22:05 - 2015-07-16 15:32 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-30 22:05 - 2015-07-16 15:32 - 00601600 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-30 22:05 - 2015-07-16 15:31 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-30 22:05 - 2015-07-16 15:31 - 00856064 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-30 22:05 - 2015-07-16 15:31 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-30 22:05 - 2015-07-16 15:30 - 15416320 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-30 22:05 - 2015-07-16 15:30 - 02657280 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-30 22:05 - 2015-07-16 15:30 - 00949760 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-30 22:05 - 2015-07-16 14:07 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-30 22:05 - 2015-07-16 14:07 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-30 22:05 - 2015-07-16 14:07 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 13774848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 02865664 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 00737280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 00690176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-30 22:05 - 2015-07-16 14:06 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-30 22:05 - 2015-06-15 10:22 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-30 22:05 - 2015-06-15 10:22 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-30 22:05 - 2015-06-15 10:20 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-30 22:05 - 2015-06-15 10:20 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-30 22:05 - 2015-06-15 10:19 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-30 22:05 - 2015-06-15 10:19 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-30 22:04 - 2013-07-09 03:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2015-08-30 22:04 - 2013-07-08 22:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2015-08-30 22:04 - 2013-07-08 17:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2015-08-30 22:04 - 2013-07-08 17:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2015-08-30 22:04 - 2013-07-08 17:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2015-08-30 22:04 - 2013-07-08 17:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2015-08-30 22:04 - 2013-07-02 19:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2015-08-30 22:04 - 2013-07-02 19:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2015-08-30 22:04 - 2013-07-02 19:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-08-30 22:04 - 2013-06-30 17:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2015-08-30 22:04 - 2013-06-30 17:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2015-08-30 22:04 - 2013-06-29 01:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2015-08-30 22:04 - 2013-06-29 01:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2015-08-30 22:04 - 2013-06-25 22:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2015-08-30 22:04 - 2013-06-25 21:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
2015-08-30 22:04 - 2013-06-24 17:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2015-08-30 22:04 - 2013-06-19 00:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2015-08-30 22:04 - 2013-06-19 00:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2015-08-30 22:04 - 2013-06-18 17:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2015-08-30 22:04 - 2013-06-18 17:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2015-08-30 22:04 - 2013-06-11 18:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2015-08-30 22:04 - 2013-06-11 18:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2015-08-30 22:04 - 2013-06-06 03:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2015-08-30 21:58 - 2014-04-29 17:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2015-08-30 21:58 - 2014-04-29 17:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2015-08-30 21:58 - 2014-04-23 18:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2015-08-30 21:58 - 2014-04-23 18:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-30 21:58 - 2014-04-23 18:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2015-08-30 21:58 - 2014-04-23 18:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-30 21:58 - 2014-01-30 19:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-30 21:58 - 2013-08-16 00:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2015-08-30 21:39 - 2015-07-13 16:23 - 01744384 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-30 21:39 - 2015-07-13 16:23 - 01422336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-30 21:39 - 2015-07-13 16:05 - 02340864 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-30 21:39 - 2015-07-13 16:05 - 01850880 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-30 21:39 - 2013-02-19 10:07 - 00083688 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_AuthenticAMD.dll
2015-08-30 21:36 - 2013-04-23 18:13 - 01013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2015-08-30 21:36 - 2013-04-23 18:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-08-30 21:36 - 2013-04-23 17:56 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2015-08-30 21:36 - 2013-04-23 17:55 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-08-30 21:30 - 2015-06-15 10:22 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2015-08-30 21:30 - 2015-06-15 10:22 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-08-30 21:30 - 2015-06-15 10:22 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-08-30 21:30 - 2015-06-15 10:22 - 00062976 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-08-30 21:30 - 2015-06-15 10:21 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-08-30 21:30 - 2015-06-15 10:20 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2015-08-30 21:30 - 2015-06-15 10:20 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-08-30 21:30 - 2015-06-15 10:19 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-08-30 21:30 - 2015-06-09 08:57 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-08-30 20:59 - 2015-07-29 09:45 - 01412608 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-30 20:59 - 2015-07-29 09:45 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-30 20:59 - 2015-07-29 08:52 - 01840640 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-30 20:59 - 2015-07-29 08:52 - 01280000 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-30 20:59 - 2015-07-29 08:52 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-30 20:59 - 2015-07-27 17:42 - 00304128 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-30 20:59 - 2015-07-27 17:40 - 04064768 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-30 20:59 - 2015-07-27 17:40 - 00366592 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-30 20:59 - 2015-07-15 11:09 - 06969688 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-30 20:59 - 2015-07-15 11:09 - 00095064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-30 20:59 - 2015-07-15 11:06 - 01824296 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-30 20:59 - 2015-07-15 08:49 - 01410000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-30 20:59 - 2015-07-15 08:29 - 01333248 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-30 20:59 - 2015-06-27 11:36 - 00171352 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-30 20:59 - 2015-06-27 08:56 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2015-08-30 20:59 - 2015-06-27 08:55 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-30 20:59 - 2015-06-27 08:55 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-30 20:59 - 2015-06-27 08:46 - 00829952 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-30 20:59 - 2015-06-27 08:46 - 00588800 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2015-08-30 20:59 - 2015-06-27 08:46 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-30 20:59 - 2015-06-25 13:29 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-30 20:59 - 2015-06-25 13:27 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-30 20:59 - 2015-06-11 15:29 - 01302528 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-08-30 20:59 - 2015-06-11 11:27 - 01024000 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-08-30 20:59 - 2015-01-06 23:25 - 00403456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-30 20:58 - 2015-07-09 16:47 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-30 20:58 - 2015-07-09 16:47 - 00243712 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-30 20:58 - 2015-07-09 15:18 - 00233984 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-30 20:58 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2015-08-30 20:58 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2015-08-30 20:58 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2015-08-30 20:58 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2015-08-30 20:58 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2015-08-30 20:58 - 2013-02-11 19:17 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2015-08-30 20:58 - 2012-10-11 00:46 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\wfapigp.dll
2015-08-30 20:58 - 2012-10-11 00:44 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\icfupgd.dll
2015-08-30 20:58 - 2012-10-11 00:07 - 00019968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfapigp.dll
2015-08-30 20:55 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2015-08-30 20:55 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2015-08-30 20:55 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2015-08-30 20:55 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2015-08-30 20:55 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2015-08-30 20:26 - 2014-03-01 04:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-30 20:26 - 2014-03-01 04:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2015-08-30 20:26 - 2014-03-01 03:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2015-08-30 20:26 - 2014-03-01 01:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-30 20:26 - 2014-02-14 23:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2015-08-30 20:26 - 2013-11-25 18:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2015-08-15 11:01 - 2015-08-16 20:14 - 00000000 ____D C:\Users\Tiara\AppData\Local\Windows Live
2015-08-14 20:01 - 2015-08-14 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-08-14 20:01 - 2015-08-14 20:01 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-08-10 18:52 - 2015-08-10 18:52 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-08-10 18:52 - 2015-08-10 18:52 - 00000000 ____D C:\ProgramData\McAfee
2015-08-10 18:51 - 2015-09-03 17:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-10 18:51 - 2015-08-29 19:18 - 00000892 _____ C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-10 18:51 - 2015-08-14 20:14 - 00003718 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-10 18:51 - 2015-08-14 20:13 - 00003870 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-08-10 18:49 - 2015-08-10 18:49 - 00000000 ____D C:\Users\Tiara\AppData\Local\Adobe
2015-08-10 18:47 - 2015-08-10 18:49 - 00000000 ____D C:\Users\Tiara\AppData\Local\CrashDumps
2015-08-10 18:47 - 2015-08-10 18:48 - 00000000 ____D C:\Users\Tiara\AppData\Local\{C883FEDF-EC2B-9267-81B3-B78FA5DB4B17}
2015-08-10 18:47 - 2015-08-10 18:47 - 01187032 _____ (Adobe Systems Incorporated) C:\Users\Tiara\Downloads\flashplayer18pp_ga_install.exe
2015-08-10 18:45 - 2015-08-10 18:45 - 00000003 _____ C:\Users\Tiara\Downloads\2.txt
2015-08-10 18:45 - 2015-08-10 18:45 - 00000003 _____ C:\Users\Tiara\Downloads\1.txt
2015-08-10 14:29 - 2015-08-10 14:29 - 00000000 ____D C:\Users\Tiara\AppData\Roaming\sMedio
2015-08-06 21:38 - 2015-08-06 21:38 - 00011749 _____ C:\Users\Tiara\Documents\Radio.ods
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-03 19:12 - 2012-07-26 02:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-03 19:06 - 2015-06-12 20:27 - 01515426 _____ C:\windows\WindowsUpdate.log
2015-09-03 19:02 - 2012-07-26 02:59 - 00000000 ____D C:\windows\CbsTemp
2015-09-03 19:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2015-09-03 18:56 - 2015-06-12 20:44 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-03 18:56 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-03 17:23 - 2015-06-12 20:44 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-02 16:34 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\NDF
2015-08-31 20:54 - 2012-11-14 23:36 - 00045186 _____ C:\windows\PFRO.log
2015-08-31 20:51 - 2012-07-26 03:12 - 00000000 ____D C:\windows\Vss
2015-08-31 01:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ____D C:\windows\PolicyDefinitions
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-31 00:26 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-31 00:26 - 2012-07-26 00:38 - 00000000 ____D C:\windows\system32\oobe
2015-08-31 00:25 - 2015-06-27 19:49 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-31 00:25 - 2015-06-27 19:49 - 00000000 ____D C:\windows\system32\appraiser
2015-08-31 00:25 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-08-31 00:25 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-08-31 00:25 - 2012-07-26 00:38 - 00000000 ____D C:\windows\SysWOW64\Dism
2015-08-31 00:25 - 2012-07-26 00:38 - 00000000 ____D C:\windows\system32\Dism
2015-08-31 00:24 - 2012-07-26 03:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-30 23:25 - 2015-06-12 20:38 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-08-30 22:49 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2015-08-30 22:48 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2015-08-30 22:48 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-30 22:48 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-30 22:48 - 2012-07-26 03:12 - 00000000 ____D C:\windows\WinStore
2015-08-30 22:46 - 2015-06-23 12:12 - 00000000 ____D C:\windows\system32\MRT
2015-08-30 22:14 - 2015-06-16 18:59 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2015-08-30 21:21 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\BBI
2015-08-29 19:26 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2015-08-29 11:48 - 2012-07-26 03:12 - 00000000 ___HD C:\windows\ELAMBKUP
2015-08-29 11:44 - 2013-10-04 16:13 - 00000000 ___RD C:\Users\Tiara\Desktop\all folders
2015-08-29 10:18 - 2015-06-12 20:44 - 00003910 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 10:18 - 2015-06-12 20:44 - 00003674 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-23 16:21 - 2015-06-12 20:45 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-15 22:05 - 2015-06-12 20:51 - 00003598 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4225743412-3915342973-980045758-1001
2015-08-10 19:05 - 2012-11-15 00:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-10 18:47 - 2012-07-26 03:12 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-08-10 18:47 - 2012-07-26 03:12 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-06 20:30 - 2015-06-06 15:37 - 00030481 _____ C:\Users\Tiara\Documents\Steven Pay.ods
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-30 23:16
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Tiara (2015-09-03 22:42:32)
Running from C:\Users\Tiara\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4225743412-3915342973-980045758-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-4225743412-3915342973-980045758-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4225743412-3915342973-980045758-1003 - Limited - Enabled)
Tiara (S-1-5-21-4225743412-3915342973-980045758-1001 - Administrator - Enabled) => C:\Users\Tiara
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{14718008-7D73-53AA-D0FF-88E805958D42}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FindingDiscount (HKLM-x32\...\FindingDiscount) (Version:  - )
Gardenscapes: Mansion Makeover (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.60 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6743 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.08.6402 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 1.1.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v1.0.0.8 - TOSHIBA Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0014 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0002.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.9.7 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
02-08-2015 13:22:19 Installed The Sims 3
10-08-2015 19:04:32 Removed The Sims 3
30-08-2015 22:05:05 Windows Update
31-08-2015 23:48:30 Installed Sophos Virus Removal Tool.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-26 00:26 - 2015-08-14 20:01 - 00000854 ____A C:\windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {18B69BA5-2105-4FBC-853E-57E6038FED84} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {2CAA65BA-70AF-4C5A-A827-EC4DC2DD1115} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {40937BD1-58EE-4E65-AFF2-678D366A87E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {5214F5D5-6515-4213-A3F0-A365EF1AAB6F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {597B5FFE-6542-4270-BBC6-FA539A3A388A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {6B278E3D-2FBF-4839-BEE4-652F779BAB42} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {7BDB8C23-B8B0-45CE-9421-4F19E817DB51} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {AAA81E7F-F2AE-4EC4-802F-24EFE3A086DD} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {B3319419-03FE-4F97-9D94-0A9AF0012B9F} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {B9DA1319-9E81-4D3B-BB77-F3FE97042636} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-12] (Google Inc.)
Task: {CCD9A567-C114-4EBA-943D-FBFB4C803CF2} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {D50D07CD-B121-4BCD-8659-B423AB9BE2E9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {DDED27CD-BF5A-4860-9BA1-C0475E57161E} - \Cassiopesa cadi -> No File <==== ATTENTION
Task: {F90826B6-73A7-408C-A8B0-1CE091A33B8E} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-23 16:21 - 2015-08-18 00:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-23 16:21 - 2015-08-18 00:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4225743412-3915342973-980045758-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tiara\Desktop\all folders\pics for chance\11933424_10207402477323914_1861814647417189679_n.jpg
DNS Servers: 8.8.8.8 - 216.252.23.242
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1AB94965-8F43-48F8-9679-146469AE3F09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D7B5C841-1264-4E92-9244-3359506ACC47}] => (Allow) LPort=2869
FirewallRules: [{A138BF14-60A4-411D-B3EF-0686682919AC}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{3929BF90-54BC-4881-8E66-AE239FBA7AAC}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{6275640B-799F-488B-B162-C5A20013F51D}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{432AA766-7912-41BD-8CE8-927CD2A3148E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1E15A64E-A006-48D4-8D04-8FBD5284A260}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [UDP Query User{F84A6038-9C16-49B6-899E-4890F6D6F56F}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Block) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/03/2015 06:57:11 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.26.9, time stamp: 0x54c04d6c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7db48b60
Faulting process id: 0x960
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
Faulting package full name: GoogleUpdate.exe4
Faulting package-relative application ID: GoogleUpdate.exe5
 
Error: (09/03/2015 05:45:58 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:41:46 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 04:49:20 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:55:13 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:45:13 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/02/2015 04:30:47 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (08/31/2015 11:47:46 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (08/31/2015 11:08:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Tiara\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
 
 
System errors:
=============
Error: (09/03/2015 10:39:55 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/03/2015 10:39:34 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/03/2015 10:39:34 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/03/2015 10:39:28 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/03/2015 10:39:18 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/03/2015 10:39:10 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/03/2015 10:38:45 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/03/2015 10:38:45 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (09/03/2015 10:38:45 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/03/2015 10:38:29 PM) (Source: DCOM) (EventID: 10005) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{9E175B6D-F52A-11D8-B9A5-505054503030}
 
 
Microsoft Office:
=========================
Error: (09/03/2015 06:57:11 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.26.954c04d6cunknown0.0.0.000000000c00000057db48b6096001d0e69a88bc6acdC:\Program Files (x86)\Google\Update\GoogleUpdate.exeunknownc6e4bdac-528d-11e5-be91-008cfa669e76
 
Error: (09/03/2015 05:45:58 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:41:46 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 04:49:20 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:55:13 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:45:13 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/02/2015 04:30:47 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (08/31/2015 11:47:46 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (08/31/2015 11:08:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Users\Tiara\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"JRT Pre-Junkware Removal0x8007043c
 
 
==================== Memory info =========================== 
 
Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 34%
Total physical RAM: 3678.25 MB
Available physical RAM: 2421.02 MB
Total Virtual: 4510.25 MB
Available Virtual: 3295.66 MB
 
==================== Drives ================================
 
Drive c: (TI10657600C) (Fixed) (Total:585 GB) (Free:532.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 04 September 2015 - 09:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
RemoveProxy:

HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyServer: [S-1-5-21-4225743412-3915342973-980045758-1001] => http=127.0.0.1:56087;https=127.0.0.1:56087
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {DDED27CD-BF5A-4860-9BA1-C0475E57161E} - \Cassiopesa cadi -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 04 September 2015 - 04:46 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Tiara (2015-09-04 16:30:23) Run:1
Running from C:\Users\Tiara\Desktop
Loaded Profiles: Tiara (Available Profiles: Tiara & Administrator)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: ipconfig /flushdns
RemoveProxy:
 
HKLM\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
ProxyServer: [S-1-5-21-4225743412-3915342973-980045758-1001] => http=127.0.0.1:56087;https=127.0.0.1:56087
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {DDED27CD-BF5A-4860-9BA1-C0475E57161E} - \Cassiopesa cadi -> No File <==== ATTENTION
 
End
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4225743412-3915342973-980045758-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-4225743412-3915342973-980045758-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4225743412-3915342973-980045758-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKU\S-1-5-21-4225743412-3915342973-980045758-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\Wow6432Node\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDED27CD-BF5A-4860-9BA1-C0475E57161E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDED27CD-BF5A-4860-9BA1-C0475E57161E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Cassiopesa cadi => key not found. 
EmptyTemp: => 143 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 16:30:36 ====
 
 
 
 
 
 
Nope still network access denied after startup programs have loaded.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 05 September 2015 - 08:06 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset

Place the fix here...

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If that fails to restore your connectivity run this tool.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • List IP Configuration
  • List Winsock Entries
  • List Devices (problems only)
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#5 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 05 September 2015 - 05:53 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Tiara (2015-09-05 17:33:20) Run:2
Running from C:\Users\Tiara\Desktop
Loaded Profiles: Tiara (Available Profiles: Tiara & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset
 
Place the fix here...
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
Place the fix here... => Error: No automatic fix found for this entry.
EmptyTemp: => 67 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 17:34:18 ====

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Tiara (administrator) on 05-09-2015 at 17:46:19
Running from "C:\Users\Tiara\Desktop"
Microsoft Windows 8  (X64)
Model: Satellite C855D Manufacturer: TOSHIBA
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Tiaras-computer
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 24-FD-52-9B-DB-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : westell.com
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 24-FD-52-9B-DB-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-8C-FA-66-9E-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...24 fd 52 9b db f9 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...24 fd 52 9b db f9 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 12...00 8c fa 66 9e 76 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/05/2015 05:36:38 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/05/2015 05:33:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a0aa1325-f6b4-4614-aed8-02b390d0f346}
 
Error: (09/05/2015 05:33:05 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/04/2015 04:32:04 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 06:57:11 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:47:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.26.9, time stamp: 0x54c04d6c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7db48b60
Faulting process id: 0x960
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
Faulting package full name: GoogleUpdate.exe4
Faulting package-relative application ID: GoogleUpdate.exe5
 
Error: (09/03/2015 05:45:58 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:41:46 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 04:49:20 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:55:13 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
 
System errors:
=============
Error: (09/05/2015 05:45:16 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:44:11 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/05/2015 05:44:11 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/05/2015 05:44:08 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:44:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 21
 
Error: (09/05/2015 05:44:04 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084EventSystemUnavailable{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/05/2015 05:44:03 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:44:03 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:35:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (09/05/2015 05:35:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
 
Microsoft Office Sessions:
=========================
Error: (09/05/2015 05:36:38 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/05/2015 05:33:26 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a0aa1325-f6b4-4614-aed8-02b390d0f346}
 
Error: (09/05/2015 05:33:05 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/04/2015 04:32:04 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 06:57:11 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:47:39 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.26.954c04d6cunknown0.0.0.000000000c00000057db48b6096001d0e69a88bc6acdC:\Program Files (x86)\Google\Update\GoogleUpdate.exeunknownc6e4bdac-528d-11e5-be91-008cfa669e76
 
Error: (09/03/2015 05:45:58 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:41:46 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 04:49:20 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:55:13 AM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
 
========================= Devices: ================================
 
 
**** End of log ****

Edited by smurfhandy, 05 September 2015 - 05:53 PM.


#6 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 05 September 2015 - 06:06 PM

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Tiara (administrator) on 05-09-2015 at 17:46:19
Running from "C:\Users\Tiara\Desktop"
Microsoft Windows 8  (X64)
Model: Satellite C855D Manufacturer: TOSHIBA
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================
 
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Tiaras-computer
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 24-FD-52-9B-DB-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : westell.com
   Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 24-FD-52-9B-DB-F9
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-8C-FA-66-9E-76
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host google.com. Please check the name and try again.
Server:  UnKnown
Address:  127.0.0.1
 
Ping request could not find host yahoo.com. Please check the name and try again.
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 14...24 fd 52 9b db f9 ......Microsoft Wi-Fi Direct Virtual Adapter
 13...24 fd 52 9b db f9 ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
 12...00 8c fa 66 9e 76 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\NLAapi.dll [55296] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [72192] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/05/2015 05:36:38 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/05/2015 05:33:26 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a0aa1325-f6b4-4614-aed8-02b390d0f346}
 
Error: (09/05/2015 05:33:05 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/04/2015 04:32:04 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 06:57:11 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:47:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.26.9, time stamp: 0x54c04d6c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7db48b60
Faulting process id: 0x960
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
Faulting package full name: GoogleUpdate.exe4
Faulting package-relative application ID: GoogleUpdate.exe5
 
Error: (09/03/2015 05:45:58 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:41:46 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 04:49:20 PM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:55:13 AM) (Source: Toshiba App Place) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
 
System errors:
=============
Error: (09/05/2015 05:45:16 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:44:11 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/05/2015 05:44:11 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (09/05/2015 05:44:08 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:44:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 21
 
Error: (09/05/2015 05:44:04 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084EventSystemUnavailable{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (09/05/2015 05:44:03 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:44:03 PM) (Source: DCOM) (User: Tiaras-computer)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/05/2015 05:35:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
Error: (09/05/2015 05:35:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\system32\Rtlihvs.dll
 
 
Microsoft Office Sessions:
=========================
Error: (09/05/2015 05:36:38 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/05/2015 05:33:26 PM) (Source: VSS)(User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a0aa1325-f6b4-4614-aed8-02b390d0f346}
 
Error: (09/05/2015 05:33:05 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/04/2015 04:32:04 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 06:57:11 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:47:39 PM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.26.954c04d6cunknown0.0.0.000000000c00000057db48b6096001d0e69a88bc6acdC:\Program Files (x86)\Google\Update\GoogleUpdate.exeunknownc6e4bdac-528d-11e5-be91-008cfa669e76
 
Error: (09/03/2015 05:45:58 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 05:41:46 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 04:49:20 PM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
Error: (09/03/2015 01:55:13 AM) (Source: Toshiba App Place)(User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)
 
 
========================= Devices: ================================
 
 
**** End of log ****


#7 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 05 September 2015 - 06:07 PM

NETWORK ACCESS DENIED



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 06 September 2015 - 08:18 AM

Please run the Farbar Recovery Scan Tool. Enter restrictanonymous in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#9 smurfhandy

smurfhandy
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:23 PM

Posted 10 September 2015 - 02:12 AM

Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by Tiara (2015-09-10 02:12:17)
Running from C:\Users\Tiara\Desktop
Boot Mode: Safe Mode (with Networking)
 
================== Search Registry: "restrictanonymous" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymousSAM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SecEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymousSAM]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"restrictanonymous"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa]
"restrictanonymoussam"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymoussam"="1"
 
====== End of Search ======


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 10 September 2015 - 10:14 AM

Accoring to this page there is no restrictions on the key.

Impact of changing these registry settings HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa?
http://www.experts-exchange.com/Security/Operating_Systems_Security/Q_23334041.html

Since this is not my forte I suggest you start a new topic in the Networking forum
http://www.bleepingcomputer.com/forums/f/21/networking/

An expert should be able to help you.

I will keep this topic open for 6 days if you need to return please do.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 16 September 2015 - 08:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users