Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Taplika Search and other programs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Taplika Search and other programs

Unread postby mike1127 » December 12th, 2014, 1:10 am

My friend's Windows 8 computer has become infected with Taplika Search and other programs. This happened when she attempted to download and install Chrome but got tricked into downloading malicious software.

The symptom is that browsers have become hijacked by Taplika and ads are popping up constantly including video ads.

Looking at the control panel, some other suspicious programs which just showed up are Pro PC Cleaner, KNTCTR, and snipsmart.

Logs follow:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17183
Run by Connie at 20:57:05 on 2014-12-11
Microsoft Windows 8 Single Language 6.2.9200.0.1252.1.1033.18.3970.1453 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Users\Connie\AppData\Roaming\VOPackage\VOsrv.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\dashost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\dwm.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
C:\windows\ImmersiveControlPanel\SystemSettings.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
\\?\C:\windows\system32\wbem\WMIADAP.EXE
C:\Windows\System32\WUDFHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://Taplika.com/?f=1&a=tpl_otbrw1_14 ... 909650&ir=
mWinlogon: Userinit = userinit.exe
BHO: snipsmart 1.0.0.5: {68261aaa-dc9f-4c2b-a168-c323e304c3a2} - C:\Program Files (x86)\snipsmart\snipsmartbho.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0C1EBBCF-314B-4A8A-8D72-8D764850C655} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0C1EBBCF-314B-4A8A-8D72-8D764850C655}\16378666F62746 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0C1EBBCF-314B-4A8A-8D72-8D764850C655}\57E696175756F57657563747 : DHCPNameServer = 10.0.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-ExplorerRun: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-mPolicies-System: DisableCAD = dword:1
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\Drivers\aswNdisFlt.sys [2014-12-11 449936]
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2014-7-12 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2014-7-12 267632]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-5-24 652344]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-5-24 56336]
R1 {1993b064-46e3-4c7d-8b20-2161564a7685}Gw64;{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64;C:\windows\System32\Drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys [2014-12-11 48784]
R1 aswKbd;aswKbd;C:\windows\System32\Drivers\aswKbd.sys [2014-12-11 28184]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswsnx.sys [2014-7-12 1050432]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2014-7-12 436624]
R1 cbfs3;cbfs3;C:\windows\System32\Drivers\cbfs3.sys [2013-5-24 352456]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-5-24 92536]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2013-1-26 172104]
R2 aswHwid;avast! HardwareID;C:\windows\System32\Drivers\aswHwid.sys [2014-7-12 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2014-7-12 83280]
R2 aswStm;aswStm;C:\windows\System32\Drivers\aswStm.sys [2014-7-12 116728]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2014-1-7 318592]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-11 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-12-11 104416]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2013-1-31 1594416]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-9 732160]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-5-24 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-5-24 165336]
R2 servervo;VO Service component;C:\Users\Connie\AppData\Roaming\VOPackage\VOsrv.exe [2014-12-11 133120]
R2 SWUpdateService;SW Update Service;C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [2014-4-4 3020632]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-5-24 366040]
R2 Update snipsmart;Update snipsmart;C:\Program Files (x86)\snipsmart\updatesnipsmart.exe [2014-12-11 524016]
R2 Util snipsmart;Util snipsmart;C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe [2014-12-11 524016]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-11 271752]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2014-1-7 323584]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-11 4012248]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2014-1-7 34384]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2013-5-24 169752]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-1-22 342528]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-5-24 719504]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2014-1-7 89800]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2014-1-7 338120]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2014-1-7 116424]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2014-1-7 179432]
S3 BTATH_HID;Bluetooth HID Device;C:\windows\System32\Drivers\btath_hid.sys [2014-1-7 223432]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2014-1-7 77464]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2014-1-7 137928]
S3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2014-1-7 597192]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-9 803872]
.
=============== Created Last 30 ================
.
2014-12-12 03:03:46 -------- d-----w- C:\windows\SysWow64\vbox
2014-12-12 03:03:46 -------- d-----w- C:\windows\System32\vbox
2014-12-12 02:54:44 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2014-12-12 02:54:30 43152 ----a-w- C:\windows\avastSS.scr
2014-12-12 02:53:45 449936 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2014-12-12 02:50:05 48784 ----a-w- C:\windows\System32\drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys
2014-12-12 02:45:19 -------- d-----w- C:\Users\Connie\AppData\Local\Google
2014-12-12 02:44:21 -------- d-----w- C:\Users\Connie\AppData\Roaming\VOPackage
2014-12-12 02:42:03 -------- d-----w- C:\Users\Connie\AppData\Roaming\Itibiti
2014-12-12 02:41:41 -------- d-----w- C:\Users\Connie\AppData\Local\Pro_PC_Cleaner
2014-12-12 02:41:39 -------- d-----w- C:\Program Files (x86)\Itibiti Soft Phone
2014-12-12 02:41:35 -------- d-sh--w- C:\windows\SysWow64\AI_RecycleBin
2014-12-12 02:41:25 -------- d-----w- C:\Program Files (x86)\Pro PC Cleaner
2014-12-12 02:41:02 -------- d-----w- C:\Users\Connie\AppData\Roaming\Pro PC Cleaner
2014-12-12 02:40:14 -------- d-----w- C:\Program Files (x86)\snipsmart
2014-12-11 17:30:07 714184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-11 17:30:07 106440 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-11 17:28:05 -------- d-----w- C:\windows\System32\appraiser
2014-12-11 04:30:45 69632 ----a-w- C:\windows\System32\vsstrace.dll
2014-12-11 04:30:45 52224 ----a-w- C:\windows\SysWow64\vsstrace.dll
2014-12-11 04:30:44 1195520 ----a-w- C:\windows\SysWow64\vssapi.dll
2014-12-11 04:30:43 1519104 ----a-w- C:\windows\System32\vssapi.dll
2014-12-11 04:30:42 1484288 ----a-w- C:\windows\System32\VSSVC.exe
2014-12-10 18:43:58 673792 ----a-w- C:\windows\System32\mfmpeg2srcsnk.dll
2014-12-10 18:43:57 513536 ----a-w- C:\windows\SysWow64\mfmpeg2srcsnk.dll
2014-12-10 18:43:54 212992 ----a-w- C:\windows\System32\dnsrslvr.dll
2014-12-10 18:40:25 1890816 ----a-w- C:\windows\System32\crypt32.dll
2014-12-10 18:40:24 1569792 ----a-w- C:\windows\SysWow64\crypt32.dll
2014-11-26 16:44:27 582552 ----a-w- C:\windows\System32\AutoUpdate.exe
2014-11-26 16:44:27 462760 ----a-w- C:\windows\System32\NotificationUI.exe
2014-11-18 19:54:20 827904 ----a-w- C:\windows\System32\kerberos.dll
2014-11-18 19:54:20 666624 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-18 19:54:18 238080 ----a-w- C:\windows\System32\pku2u.dll
2014-11-18 19:54:18 187904 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-16 00:10:29 269992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10248.bin
2014-11-12 13:42:57 2837504 ----a-w- C:\windows\System32\WsmSvc.dll
.
==================== Find3M ====================
.
2014-12-12 02:55:12 1050432 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-12-12 02:54:31 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-12-12 02:54:31 83280 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-12-12 02:54:31 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-12-12 02:54:31 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-12-12 02:54:31 267632 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-12-12 02:54:31 116728 ----a-w- C:\windows\System32\drivers\aswStm.sys
2014-12-05 01:41:41 740864 ----a-w- C:\windows\System32\invagent.dll
2014-12-05 01:41:22 396288 ----a-w- C:\windows\System32\devinv.dll
2014-12-05 01:41:01 830464 ----a-w- C:\windows\System32\appraiser.dll
2014-12-05 01:40:59 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-03 01:48:02 412672 ----a-w- C:\windows\System32\generaltel.dll
2014-12-03 01:48:01 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-03 01:48:01 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-11-21 08:38:00 2237952 ----a-w- C:\windows\System32\wininet.dll
2014-11-21 08:37:51 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-11-21 08:37:51 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-11-21 08:36:24 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-11-21 08:36:17 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-11-21 08:36:17 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-11-21 08:35:42 1509376 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-21 07:17:51 1762816 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 07:17:44 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-11-21 07:16:46 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-21 07:16:42 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-21 07:16:42 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-11-21 07:16:16 1441280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-21 07:00:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-21 06:54:49 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-21 04:30:26 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-11-06 06:50:46 1627648 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-06 05:03:42 1339392 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-10-23 12:47:53 79872 ----a-w- C:\windows\System32\packager.dll
2014-10-23 11:04:41 68096 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-22 01:08:16 568832 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-10-22 01:08:16 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-22 01:01:22 695808 ----a-w- C:\windows\System32\WSShared.dll
2014-10-22 01:01:22 198656 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.dll
2014-10-22 01:01:22 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-22 01:00:53 125952 ----a-w- C:\windows\System32\WinSetupUI.dll
2014-10-18 08:44:05 778240 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 07:05:16 567808 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-11 08:35:58 171840 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-11 07:45:07 10115072 ----a-w- C:\windows\System32\twinui.dll
2014-10-11 07:44:56 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-10-11 07:44:47 3248640 ----a-w- C:\windows\System32\rdpcorets.dll
2014-10-11 07:44:07 393216 ----a-w- C:\windows\System32\msihnd.dll
2014-10-11 07:44:07 2885632 ----a-w- C:\windows\System32\msi.dll
2014-10-11 07:43:51 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-11 07:43:08 2307072 ----a-w- C:\windows\System32\authui.dll
2014-10-11 05:58:05 8858624 ----a-w- C:\windows\SysWow64\twinui.dll
2014-10-11 05:57:57 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-10-11 05:57:21 295424 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-10-11 05:57:21 2416640 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-11 05:56:37 2037760 ----a-w- C:\windows\SysWow64\authui.dll
2014-10-11 05:41:57 146944 ----a-w- C:\windows\System32\msaudite.dll
2014-10-11 05:41:43 713728 ----a-w- C:\windows\System32\adtschema.dll
2014-10-11 05:05:20 146944 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-11 05:04:59 713728 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-03 01:21:18 522728 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-10-02 22:29:25 267264 ----a-w- C:\windows\System32\EncDump.dll
2014-10-02 22:29:16 783872 ----a-w- C:\windows\System32\audiosrv.dll
2014-10-02 22:29:16 169472 ----a-w- C:\windows\System32\AudioEndpointBuilder.dll
2014-10-01 23:05:12 4068864 ----a-w- C:\windows\System32\win32k.sys
2014-09-24 23:29:59 318976 ----a-w- C:\windows\SysWow64\schannel.dll
2014-09-24 23:29:51 72192 ----a-w- C:\windows\SysWow64\ncryptsslp.dll
2014-09-24 23:01:14 414208 ----a-w- C:\windows\System32\schannel.dll
2014-09-24 23:01:00 86528 ----a-w- C:\windows\System32\ncryptsslp.dll
2014-09-22 05:53:10 35320 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2014-09-13 06:24:47 2233152 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:58:55.95 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Single Language
Boot Device: \Device\HarddiskVolume2
Install Date: 7/12/2014 8:22:29 PM
System Uptime: 12/11/2014 7:28:07 PM (1 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP270E4E-K01JM
Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz | CPU Socket - U3E1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 442 GiB total, 395.689 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Device ID: USB\VID_0CF3&PID_3004\ALASKA_DAY_2006
Manufacturer: Qualcomm Atheros Communications
Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
PNP Device ID: USB\VID_0CF3&PID_3004\ALASKA_DAY_2006
Service: BTHUSB
.
==== System Restore Points ===================
.
RP21: 11/12/2014 7:58:18 PM - Windows Update
RP22: 11/18/2014 4:12:24 PM - Windows Update
RP23: 11/26/2014 9:21:03 AM - Windows Update
RP24: 12/10/2014 8:11:24 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Photoshop Elements 11
Adobe Reader X (10.1.13) MUI
Avast Internet Security
Bitcasa version 0.9.20.4135
CyberLink Power2Go 8
CyberLink PowerDVD 10
D3DX10
Driver Support
E-POP
Easy File Share
Elements 11 Organizer
Help Desk
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Itibiti RTC
KNCTR
Microsoft Application Error Reporting
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
OpenOffice 4.1.0
Photo Common
Photo Gallery
Pro PC Cleaner
PSE11 STI Installer
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recovery
Remote Desktop Access (VuuPC)
S Agent
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Settings
snipsmart
Support Center
Support Center FAQ
SW Update
Synaptics Pointing Device Driver
User Guide
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WordBiz 1.8.7
.
==== Event Viewer Messages From Past Week ========
.
12/9/2014 12:39:39 AM, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.
12/9/2014 12:39:39 AM, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
12/11/2014 8:27:39 PM, Error: Microsoft-Windows-Kernel-Power [137] - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
12/11/2014 7:29:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AvastVBoxSvc with arguments "Unavailable" in order to run the server: {F319F1B8-7587-4146-AF9C-0D6D77819BF1}
12/11/2014 7:29:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AvastVBox COM Service service to connect.
12/11/2014 7:29:57 PM, Error: Service Control Manager [7000] - The AvastVBox COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/11/2014 7:28:14 PM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
.
==== End Of File ===========================
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am
Advertisement
Register to Remove

Re: Taplika Search and other programs

Unread postby Blade81 » December 12th, 2014, 3:29 pm

Hi,

  • Download Farbar Recovery Scan Tool to your Desktop.
  • Right-click Frst64.exe and select Run as Administrator to launch it (if Windows SmartScreen protection window appears click More Info and then Run anyway).
    Note: Make sure that Addition option is checked.
  • Press Scan button and wait.
  • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt

Please post their contents in your next reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Taplika Search and other programs

Unread postby mike1127 » December 12th, 2014, 6:38 pm

Thank you.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Connie (administrator) on CONNIE on 12-12-2014 14:25:16
Running from C:\Users\Connie\Desktop
Loaded Profile: Connie (Available profiles: Connie)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\Connie\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
() C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Pro PC Cleaner) C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
() C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-11] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [5673824 2014-08-07] (PC Drivers Headquarters)
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\RunOnce: [Adobe Speed Launcher] => 1418422741
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {E6E76032-1AF9-4C30-B963-2BE1D099B26E} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {E6E76032-1AF9-4C30-B963-2BE1D099B26E} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1065951238-459515337-3442329596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Taplika.com/?f=1&a=tpl_otbrw1_14 ... 909650&ir=
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1065951238-459515337-3442329596-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1065951238-459515337-3442329596-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: snipsmart 1.0.0.5 -> {68261aaa-dc9f-4c2b-a168-c323e304c3a2} -> C:\Program Files (x86)\snipsmart\snipsmartbho.dll (snipsmart)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-12]

Chrome:
=======
CHR Profile: C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-11] (Avast Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-01-31] (Samsung Electronics CO., LTD.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-09] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-09] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 servervo; C:\Users\Connie\AppData\Roaming\VOPackage\VOsrv.exe [133120 2014-12-11] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R2 Update snipsmart; C:\Program Files (x86)\snipsmart\updatesnipsmart.exe [523504 2014-12-12] ()
R2 Util snipsmart; C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe [524016 2014-12-11] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-07] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-11] (Avast Software)
R1 {1993b064-46e3-4c7d-8b20-2161564a7685}Gw64; C:\Windows\System32\drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys [48784 2014-12-11] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 14:25 - 2014-12-12 14:25 - 00015312 _____ () C:\Users\Connie\Desktop\FRST.txt
2014-12-12 14:24 - 2014-12-12 14:19 - 02119680 _____ (Farbar) C:\Users\Connie\Desktop\FRST64.exe
2014-12-11 21:11 - 2014-12-11 21:11 - 00000247 _____ () C:\windows\system32\2014-12-12-05-11-49.020-aswFe.exe-13180.log
2014-12-11 20:59 - 2014-12-11 20:59 - 00004711 _____ () C:\Users\Connie\Desktop\attach.txt
2014-12-11 20:59 - 2014-12-11 20:58 - 00021390 _____ () C:\Users\Connie\Desktop\dds.txt
2014-12-11 20:27 - 2014-12-11 21:11 - 00000247 _____ () C:\windows\system32\2014-12-12-04-27-18.057-aswFe.exe-5080.log
2014-12-11 20:27 - 2014-12-11 20:27 - 00000197 _____ () C:\windows\system32\2014-12-12-04-27-10.072-AvastVBoxSVC.exe-3984.log
2014-12-11 20:20 - 2014-12-11 20:20 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-11 19:03 - 2014-12-11 19:27 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-11 19:03 - 2014-12-11 19:27 - 00000000 ____D () C:\windows\system32\vbox
2014-12-11 19:01 - 2014-12-11 19:01 - 00001088 _____ () C:\Users\Connie\Desktop\Continue Live Installation.lnk
2014-12-11 18:55 - 2014-12-11 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-11 18:54 - 2014-12-11 18:54 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-11 18:54 - 2014-12-11 18:54 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-11 18:54 - 2014-12-11 18:54 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-12-11 18:53 - 2014-12-11 18:53 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-12-11 18:50 - 2014-12-11 18:24 - 00048784 _____ (StdLib) C:\windows\system32\Drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys
2014-12-11 18:45 - 2014-12-11 18:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-11 18:45 - 2014-12-11 18:46 - 00000000 ____D () C:\Users\Connie\AppData\Local\Google
2014-12-11 18:45 - 2014-12-11 18:45 - 00003104 _____ () C:\windows\System32\Tasks\{A1B19F51-1570-4A78-B857-02297B4C0237}
2014-12-11 18:44 - 2014-12-11 18:48 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\VOPackage
2014-12-11 18:44 - 2014-12-11 18:44 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Itibiti
2014-12-11 18:41 - 2014-12-12 14:23 - 00000000 ____D () C:\Users\Connie\Documents\ProPCCleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00003194 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Pro PC Cleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Users\Connie\AppData\Local\Pro_PC_Cleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Pro PC Cleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-12-11 18:40 - 2014-12-11 21:32 - 00000000 ____D () C:\Program Files (x86)\snipsmart
2014-12-11 18:39 - 2014-12-11 21:39 - 00000310 _____ () C:\windows\Tasks\WSE_Taplika.job
2014-12-11 18:39 - 2014-12-11 18:39 - 00002648 _____ () C:\windows\System32\Tasks\WSE_Taplika
2014-12-11 09:30 - 2014-11-26 13:11 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 09:30 - 2014-11-26 13:11 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 09:28 - 2014-12-11 09:28 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 20:30 - 2014-10-08 20:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-10 20:30 - 2014-10-08 20:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-10 20:30 - 2014-10-08 20:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-10 20:30 - 2014-10-08 19:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-10 20:30 - 2014-10-08 19:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-10 10:44 - 2014-10-10 23:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-10 10:44 - 2014-10-10 21:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-10 10:43 - 2014-11-21 00:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 10:43 - 2014-10-08 19:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-10 10:43 - 2014-10-08 19:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-10 10:43 - 2014-10-08 19:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-10 10:43 - 2014-09-21 21:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-10 10:43 - 2014-09-21 19:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 10:42 - 2014-12-04 17:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 10:42 - 2014-11-21 00:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 10:42 - 2014-11-21 00:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 10:42 - 2014-11-21 00:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 10:42 - 2014-11-21 00:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-10 10:42 - 2014-11-21 00:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 10:42 - 2014-11-21 00:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 10:42 - 2014-11-20 23:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 10:42 - 2014-11-20 23:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 10:42 - 2014-11-20 23:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 10:42 - 2014-11-20 22:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 10:42 - 2014-11-20 20:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-10 10:42 - 2014-11-05 22:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 10:42 - 2014-11-05 21:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:40 - 2014-10-29 23:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 10:40 - 2014-10-29 21:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-11-26 08:44 - 2014-11-18 23:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-26 08:44 - 2014-11-18 23:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-11-18 11:54 - 2014-11-08 03:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 11:54 - 2014-11-08 03:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 11:54 - 2014-11-07 22:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 11:54 - 2014-11-07 22:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-15 20:56 - 2014-11-15 20:56 - 00018944 ___SH () C:\Users\Connie\Downloads\Thumbs.db
2014-11-12 05:43 - 2014-10-23 04:47 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 05:43 - 2014-10-23 03:04 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 05:43 - 2014-10-18 00:44 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 05:43 - 2014-10-17 23:05 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 05:43 - 2014-10-11 00:35 - 00171840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 05:43 - 2014-10-10 23:44 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-11-12 05:43 - 2014-10-10 23:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-11-12 05:43 - 2014-10-10 23:43 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 05:43 - 2014-10-10 21:57 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-11-12 05:43 - 2014-10-10 21:41 - 00713728 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 05:43 - 2014-10-10 21:41 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 05:43 - 2014-10-10 21:05 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 05:43 - 2014-10-10 21:04 - 00713728 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 05:43 - 2014-10-02 17:21 - 00522728 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 05:43 - 2014-10-02 14:29 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 05:43 - 2014-10-02 14:29 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 05:43 - 2014-10-02 14:29 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-11-12 05:43 - 2014-10-01 15:05 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 05:43 - 2014-09-24 15:29 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 05:43 - 2014-09-24 15:29 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2014-11-12 05:43 - 2014-09-24 15:01 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 05:43 - 2014-09-24 15:01 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2014-11-12 05:43 - 2014-08-21 15:56 - 01418752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 05:43 - 2014-08-21 15:27 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 05:42 - 2014-10-10 23:45 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-11-12 05:42 - 2014-10-10 23:44 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 05:42 - 2014-10-10 23:44 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-11-12 05:42 - 2014-10-10 23:43 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-11-12 05:42 - 2014-10-10 21:58 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-11-12 05:42 - 2014-10-10 21:57 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 05:42 - 2014-10-10 21:57 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-11-12 05:42 - 2014-10-10 21:56 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-11-12 05:42 - 2014-09-21 21:53 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-11-12 05:42 - 2014-09-12 22:24 - 02233152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-11-12 05:42 - 2014-09-05 16:46 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-11-12 05:42 - 2014-09-02 18:48 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2014-11-12 05:42 - 2014-09-02 18:22 - 00188928 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2014-11-12 05:42 - 2014-08-28 20:17 - 02043392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-11-12 05:42 - 2014-08-28 20:17 - 00227328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-11-12 05:42 - 2014-08-28 20:04 - 02837504 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-11-12 05:42 - 2014-08-28 20:04 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-11-12 05:42 - 2014-08-27 22:04 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSCOMEX.dll
2014-11-12 05:42 - 2014-08-27 22:04 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-11-12 05:42 - 2014-08-27 21:59 - 00616448 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-11-12 05:42 - 2014-08-27 21:59 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-11-12 05:42 - 2014-08-27 21:59 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\FXSTIFF.dll
2014-11-12 05:42 - 2014-08-27 21:59 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\FXST30.dll
2014-11-12 05:42 - 2014-08-26 14:08 - 00270024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-11-12 05:42 - 2014-07-24 05:12 - 00328512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 14:25 - 2014-07-13 00:59 - 00000000 ____D () C:\FRST
2014-12-12 14:20 - 2013-05-24 22:49 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-12 14:20 - 2013-05-24 20:35 - 01800924 _____ () C:\windows\WindowsUpdate.log
2014-12-12 14:18 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-11 21:32 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\GroupPolicy
2014-12-11 20:58 - 2012-07-25 23:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-11 20:55 - 2012-07-25 23:21 - 00404674 _____ () C:\windows\setupact.log
2014-12-11 20:20 - 2013-05-24 22:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 19:31 - 2012-07-25 21:26 - 00000194 _____ () C:\windows\win.ini
2014-12-11 19:28 - 2014-07-12 19:22 - 00000000 ____D () C:\Users\Connie
2014-12-11 19:28 - 2012-07-25 23:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-11 19:04 - 2014-07-15 15:38 - 00000000 ____D () C:\Users\Connie\AppData\Local\CrashDumps
2014-12-11 18:57 - 2012-08-05 13:07 - 00891538 _____ () C:\windows\PFRO.log
2014-12-11 18:57 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-11 18:55 - 2014-07-12 19:48 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-11 18:55 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-11 18:54 - 2014-07-12 19:48 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-11 09:28 - 2014-07-20 14:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 09:28 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-11 09:28 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AppCompat
2014-12-10 20:40 - 2012-07-25 23:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-10 20:39 - 2014-07-20 09:01 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 20:34 - 2014-07-20 09:01 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-10 01:42 - 2014-07-12 19:34 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1065951238-459515337-3442329596-1001
2014-12-04 11:05 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-01 20:58 - 2014-07-12 19:22 - 00000000 ____D () C:\Users\Connie\AppData\Local\Packages
2014-11-24 14:21 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\NDF
2014-11-22 19:36 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\rescache
2014-11-12 20:33 - 2014-10-24 12:44 - 00393568 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 20:30 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 20:30 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 20:30 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 20:30 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-10 20:13

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by Connie at 2014-12-12 14:27:11
Running from C:\Users\Connie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 9.1.4.4 - PC Drivers Headquarters, LP)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5.43 - Pro PC Cleaner)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
snipsmart (HKLM\...\snipsmart) (Version: 2014.12.11.232059 - snipsmart) <==== ATTENTION
Support Center (HKLM\...\{5422229D-6131-404C-8107-9B3F87EF65BB}) (Version: 2.1.90 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{029A9E80-E460-4108-8825-3A449EC9A26A}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WordBiz 1.8.7 (HKLM-x32\...\WordBiz_0) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

13-11-2014 03:58:18 Windows Update
19-11-2014 00:12:24 Windows Update
26-11-2014 17:21:03 Windows Update
11-12-2014 04:11:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D5C75DA-1878-43D1-8DEF-8CE21595403B} - System32\Tasks\Driver Support-RTMScanRunOnce => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {19F4C4CC-C183-4202-99F9-75A6727B0E00} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe [2014-07-03] (Pro PC Cleaner)
Task: {208581A0-B1F2-499E-B02C-8138E15684C8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-11] (AVAST Software)
Task: {48BE4549-4882-4B3A-B824-16D1888219EA} - System32\Tasks\{D78CE59E-604F-40AE-A4FA-7D06AF5A98E5} => pcalua.exe -a "C:\Program Files (x86)\WordBiz\Uninstall.exe"
Task: {5D5C810A-84E9-40C0-B170-2AF7963B2473} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-12] (Intel Corporation)
Task: {614FBAA5-A3A8-4D14-984D-61DE9701C458} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-12] (Intel Corporation)
Task: {6F551ACF-7352-49DA-AF78-E923AA333313} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {755D1DB0-180E-44F7-83CB-BC141F84E84C} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {AD32CE0D-C87A-46A9-8FF3-259B65E2776B} - System32\Tasks\WSE_Taplika => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B06C09F3-1B9A-4A1C-B0D6-C7870E9ED6B7} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {C12D6A58-C8D2-47A2-A1AC-285FA60ED55D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-01-31] (Samsung Electronics CO., LTD.)
Task: {C426A025-8ED8-45E8-A9B8-E7C8893AE6E0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-11] (SEC)
Task: {D8D634B6-30D5-474C-96E3-F0D52C6C2BBF} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {F5921077-B7C3-483C-A534-04EF904DDC1B} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-08-07] (PC Drivers Headquarters)
Task: {FDAC744E-CB0A-4179-BA52-AD25DF1B8089} - System32\Tasks\{A1B19F51-1570-4A78-B857-02297B4C0237} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"
Task: C:\windows\Tasks\WSE_Taplika.job => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-12-11 18:48 - 2014-12-11 18:48 - 00133120 _____ () C:\Users\Connie\AppData\Roaming\VOPackage\VOsrv.exe
2014-12-11 18:48 - 2014-12-11 18:48 - 00524016 _____ () C:\Program Files (x86)\snipsmart\bin\utilsnipsmart.exe
2014-12-11 18:53 - 2014-12-11 18:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-11 18:53 - 2014-12-11 18:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-11 18:50 - 2014-12-11 18:24 - 00353008 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.PurBrowse64.exe
2013-01-31 17:52 - 2013-01-31 17:52 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-01-02 16:50 - 2012-10-31 21:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-12-11 18:50 - 2014-12-11 17:30 - 00114928 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter64.exe
2014-12-11 18:50 - 2014-12-11 17:30 - 00098544 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.BrowserAdapter.exe
2014-12-11 18:50 - 2014-12-11 12:39 - 00101616 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expext.exe
2014-01-07 00:29 - 2014-01-07 00:29 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-07 00:26 - 2014-01-07 00:26 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-07 00:32 - 2014-01-07 00:32 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-01-15 21:27 - 2013-01-15 21:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-08-07 07:57 - 2014-08-07 07:57 - 00440712 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2014-12-11 18:41 - 2013-07-03 14:40 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2014-03-19 10:41 - 2014-03-19 10:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-07-03 00:24 - 2014-07-03 00:24 - 00008704 _____ () C:\Program Files (x86)\Pro PC Cleaner\Logging.dll
2014-07-03 00:24 - 2014-07-03 00:24 - 00058880 _____ () C:\Program Files (x86)\Pro PC Cleaner\Helper.dll
2014-07-03 00:24 - 2014-07-03 00:24 - 00076288 _____ () C:\Program Files (x86)\Pro PC Cleaner\Setup.dll
2014-07-03 00:24 - 2014-07-03 00:24 - 00007680 _____ () C:\Program Files (x86)\Pro PC Cleaner\bo.dll
2014-12-11 15:21 - 2014-12-12 14:23 - 00523504 _____ () C:\Program Files (x86)\snipsmart\updatesnipsmart.exe
2014-12-11 09:30 - 2014-12-11 09:30 - 02905600 _____ () C:\Program Files\AVAST Software\Avast\defs\14121100\algo.dll
2014-12-11 18:53 - 2014-12-11 18:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2013-05-24 20:31 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-12-11 18:50 - 2014-12-11 12:39 - 00082160 _____ () C:\Program Files (x86)\snipsmart\bin\snipsmart.expextdll.dll
2013-05-24 22:40 - 2012-06-07 19:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 18:34 - 2012-06-07 18:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-11 18:54 - 2014-12-11 18:54 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1065951238-459515337-3442329596-500 - Administrator - Disabled)
Connie (S-1-5-21-1065951238-459515337-3442329596-1001 - Administrator - Enabled) => C:\Users\Connie
Guest (S-1-5-21-1065951238-459515337-3442329596-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: snipsmartbho.dll, version: 1.0.0.5, time stamp: 0x548a374c
Exception code: 0xc0000005
Fault offset: 0x00003421
Faulting process id: 0x1bac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/11/2014 06:41:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/11/2014 06:41:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/11/2014 11:48:14 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/11/2014 09:59:12 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/11/2014 08:27:39 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/11/2014 07:33:07 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (12/11/2014 07:33:07 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (12/11/2014 07:33:06 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (12/11/2014 07:33:06 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (12/11/2014 07:33:06 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (12/11/2014 07:33:06 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

Error: (12/11/2014 07:33:06 PM) (Source: DCOM) (EventID: 10010) (User: CONNIE)
Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}


Microsoft Office Sessions:
=========================
Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2asnipsmartbho.dll1.0.0.5548a374cc0000005000034211bac01d015b8381a59e1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\snipsmart\snipsmartbho.dll9b2a045d-81ab-11e4-bebc-1867b0cc072c

Error: (12/11/2014 06:41:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Error: (12/11/2014 06:41:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 30%
Total physical RAM: 3969.89 MB
Available physical RAM: 2748.35 MB
Total Pagefile: 4865.89 MB
Available Pagefile: 3360.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.89 GB) (Free:394.99 GB) NTFS
Drive e: (Lexar) (Removable) (Total:3.73 GB) (Free:2.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B7AB7DCD)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am

Re: Taplika Search and other programs

Unread postby Blade81 » December 12th, 2014, 7:07 pm

Hi again,

Please download AdwCleaner by Xplode and save to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator to run the tool.
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Taplika Search and other programs

Unread postby mike1127 » December 12th, 2014, 8:06 pm

# AdwCleaner v4.105 - Report created 12/12/2014 at 15:51:22
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 8 Single Language (64 bits)
# Username : Connie - CONNIE
# Running from : C:\Users\Connie\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : servervo
Service Found : Update snipsmart
Service Found : Update snipsmart
Service Found : Util snipsmart
Service Found : {1993b064-46e3-4c7d-8b20-2161564a7685}Gw64

***** [ Files / Folders ] *****

File Found : C:\Users\Connie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Found : C:\Users\Connie\Desktop\Continue Live Installation.lnk
File Found : C:\windows\System32\drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys
Folder Found : C:\Program Files (x86)\Driver Support
Folder Found : C:\Program Files (x86)\Pro PC Cleaner
Folder Found : C:\Program Files (x86)\snipsmart
Folder Found : C:\Program Files (x86)\snipsmart
Folder Found : C:\ProgramData\Driver Support
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
Folder Found : C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\Connie\AppData\Roaming\Pro PC Cleaner
Folder Found : C:\Users\Connie\AppData\Roaming\VOPackage

***** [ Scheduled Tasks ] *****

Task Found : Driver Support-RTMRules
Task Found : Driver Support-RTMScan
Task Found : Driver Support-RTMScanRunOnce
Task Found : Driver Support-RTMUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\DriverSupport
Key Found : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Found : HKCU\Software\snipsmart
Key Found : HKCU\Software\snipsmart
Key Found : [x64] HKCU\Software\DriverSupport
Key Found : [x64] HKCU\Software\snipsmart
Key Found : [x64] HKCU\Software\snipsmart
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0c8e7de5-d3f4-4ff0-be7d-2547ff22a3bb}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\snipsmart
Key Found : HKLM\SOFTWARE\snipsmart
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update snipsmart
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util snipsmart
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Google Chrome v

[C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [5835 octets] - [12/12/2014 15:51:22]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5895 octets] ##########
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am

Re: Taplika Search and other programs

Unread postby Blade81 » December 13th, 2014, 5:59 am

Hi,

Right-click on AdwCleaner.exe and select Run as Administrator to run the tool again.
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Also, re-run FRST and post back contents of its logs.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Taplika Search and other programs

Unread postby mike1127 » December 13th, 2014, 6:55 am

# AdwCleaner v4.105 - Report created 13/12/2014 at 02:39:01
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 8 Single Language (64 bits)
# Username : Connie - CONNIE
# Running from : C:\Users\Connie\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : servervo
[#] Service Deleted : Update snipsmart
[#] Service Deleted : Util snipsmart
Service Deleted : {1993b064-46e3-4c7d-8b20-2161564a7685}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Driver Support
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro PC Cleaner
Folder Deleted : C:\Program Files (x86)\Driver Support
Folder Deleted : C:\Program Files (x86)\snipsmart
Folder Deleted : C:\Program Files (x86)\Pro PC Cleaner
Folder Deleted : C:\Users\Connie\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Connie\AppData\Roaming\Pro PC Cleaner
Folder Deleted : C:\Users\Connie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
File Deleted : C:\windows\System32\drivers\{1993b064-46e3-4c7d-8b20-2161564a7685}Gw64.sys
File Deleted : C:\Users\Connie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Knctr.lnk
File Deleted : C:\Users\Connie\Desktop\Continue Live Installation.lnk

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Support-RTMRules
Task Deleted : Driver Support-RTMScan
Task Deleted : Driver Support-RTMScanRunOnce
Task Deleted : Driver Support-RTMUpdater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update snipsmart
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util snipsmart
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0c8e7de5-d3f4-4ff0-be7d-2547ff22a3bb}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{68261aaa-dc9f-4c2b-a168-c323e304c3a2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4086DF47-C0E9-4EA0-A7E4-FDD954B182A1}
Key Deleted : HKCU\Software\DriverSupport
Key Deleted : HKCU\Software\snipsmart
Key Deleted : HKLM\SOFTWARE\snipsmart
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\snipsmart

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17183


-\\ Google Chrome v

[C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6027 octets] - [12/12/2014 15:51:22]
AdwCleaner[R1].txt - [6087 octets] - [13/12/2014 02:25:44]
AdwCleaner[S0].txt - [5482 octets] - [13/12/2014 02:39:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5542 octets] ##########


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by Connie (administrator) on CONNIE on 13-12-2014 02:44:30
Running from C:\Users\Connie\Desktop
Loaded Profile: Connie (Available profiles: Connie)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-11] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\RunOnce: [Adobe Speed Launcher] => 1418467358
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {E6E76032-1AF9-4C30-B963-2BE1D099B26E} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {E6E76032-1AF9-4C30-B963-2BE1D099B26E} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1065951238-459515337-3442329596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Taplika.com/?f=1&a=tpl_otbrw1_14 ... 909650&ir=
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1065951238-459515337-3442329596-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-12]

Chrome:
=======
CHR Profile: C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-11] (Avast Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-01-31] (Samsung Electronics CO., LTD.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-09] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-09] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-07] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 02:44 - 2014-12-13 02:45 - 00013904 _____ () C:\Users\Connie\Desktop\FRST.txt
2014-12-13 02:43 - 2014-12-13 02:43 - 00000197 _____ () C:\windows\system32\2014-12-13-10-43-26.028-AvastVBoxSVC.exe-2416.log
2014-12-13 02:41 - 2014-12-13 02:41 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-12 15:50 - 2014-12-13 02:39 - 00000000 ____D () C:\AdwCleaner
2014-12-12 15:46 - 2014-12-12 15:46 - 02166272 _____ () C:\Users\Connie\Desktop\AdwCleaner.exe
2014-12-12 14:24 - 2014-12-12 14:19 - 02119680 _____ (Farbar) C:\Users\Connie\Desktop\FRST64.exe
2014-12-11 21:11 - 2014-12-11 21:11 - 00000247 _____ () C:\windows\system32\2014-12-12-05-11-49.020-aswFe.exe-13180.log
2014-12-11 20:27 - 2014-12-11 21:11 - 00000247 _____ () C:\windows\system32\2014-12-12-04-27-18.057-aswFe.exe-5080.log
2014-12-11 20:27 - 2014-12-11 20:27 - 00000197 _____ () C:\windows\system32\2014-12-12-04-27-10.072-AvastVBoxSVC.exe-3984.log
2014-12-11 20:20 - 2014-12-11 20:20 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-11 19:03 - 2014-12-11 19:27 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-11 19:03 - 2014-12-11 19:27 - 00000000 ____D () C:\windows\system32\vbox
2014-12-11 18:55 - 2014-12-11 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-11 18:54 - 2014-12-11 18:54 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-11 18:54 - 2014-12-11 18:54 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-11 18:54 - 2014-12-11 18:54 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-12-11 18:53 - 2014-12-11 18:53 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-12-11 18:45 - 2014-12-11 18:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-11 18:45 - 2014-12-11 18:46 - 00000000 ____D () C:\Users\Connie\AppData\Local\Google
2014-12-11 18:45 - 2014-12-11 18:45 - 00003104 _____ () C:\windows\System32\Tasks\{A1B19F51-1570-4A78-B857-02297B4C0237}
2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Itibiti
2014-12-11 18:41 - 2014-12-12 14:28 - 00000000 ____D () C:\Users\Connie\Documents\ProPCCleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00003194 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Users\Connie\AppData\Local\Pro_PC_Cleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-12-11 18:39 - 2014-12-13 02:39 - 00000310 _____ () C:\windows\Tasks\WSE_Taplika.job
2014-12-11 18:39 - 2014-12-11 18:39 - 00002648 _____ () C:\windows\System32\Tasks\WSE_Taplika
2014-12-11 09:30 - 2014-11-26 13:11 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 09:30 - 2014-11-26 13:11 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 09:28 - 2014-12-11 09:28 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 20:30 - 2014-10-08 20:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-10 20:30 - 2014-10-08 20:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-10 20:30 - 2014-10-08 20:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-10 20:30 - 2014-10-08 19:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-10 20:30 - 2014-10-08 19:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-10 10:44 - 2014-10-10 23:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-10 10:44 - 2014-10-10 21:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-10 10:43 - 2014-11-21 00:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 10:43 - 2014-10-08 19:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-10 10:43 - 2014-10-08 19:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-10 10:43 - 2014-10-08 19:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-10 10:43 - 2014-09-21 21:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-10 10:43 - 2014-09-21 19:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 10:42 - 2014-12-04 17:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 10:42 - 2014-11-21 00:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 10:42 - 2014-11-21 00:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 10:42 - 2014-11-21 00:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 10:42 - 2014-11-21 00:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-10 10:42 - 2014-11-21 00:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 10:42 - 2014-11-21 00:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 10:42 - 2014-11-20 23:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 10:42 - 2014-11-20 23:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 10:42 - 2014-11-20 23:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 10:42 - 2014-11-20 22:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 10:42 - 2014-11-20 20:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-10 10:42 - 2014-11-05 22:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 10:42 - 2014-11-05 21:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:40 - 2014-10-29 23:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 10:40 - 2014-10-29 21:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-11-26 08:44 - 2014-11-18 23:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-26 08:44 - 2014-11-18 23:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-11-18 11:54 - 2014-11-08 03:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 11:54 - 2014-11-08 03:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 11:54 - 2014-11-07 22:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 11:54 - 2014-11-07 22:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-15 20:56 - 2014-11-15 20:56 - 00018944 ___SH () C:\Users\Connie\Downloads\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-13 02:44 - 2014-07-13 00:59 - 00000000 ____D () C:\FRST
2014-12-13 02:44 - 2013-05-24 22:49 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-13 02:40 - 2012-08-05 13:07 - 00891852 _____ () C:\windows\PFRO.log
2014-12-13 02:40 - 2012-07-25 23:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-13 02:40 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-13 02:18 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-12 15:49 - 2012-07-25 21:26 - 00000194 _____ () C:\windows\win.ini
2014-12-12 15:20 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\rescache
2014-12-12 14:40 - 2013-05-24 20:35 - 01801853 _____ () C:\windows\WindowsUpdate.log
2014-12-11 21:32 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\GroupPolicy
2014-12-11 20:58 - 2012-07-25 23:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-11 20:55 - 2012-07-25 23:21 - 00404674 _____ () C:\windows\setupact.log
2014-12-11 20:20 - 2013-05-24 22:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 19:28 - 2014-07-12 19:22 - 00000000 ____D () C:\Users\Connie
2014-12-11 19:04 - 2014-07-15 15:38 - 00000000 ____D () C:\Users\Connie\AppData\Local\CrashDumps
2014-12-11 18:55 - 2014-07-12 19:48 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-11 18:55 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-11 18:54 - 2014-07-12 19:48 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-11 09:28 - 2014-07-20 14:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 09:28 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-11 09:28 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AppCompat
2014-12-10 20:40 - 2012-07-25 23:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-10 20:39 - 2014-07-20 09:01 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 20:34 - 2014-07-20 09:01 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-10 01:42 - 2014-07-12 19:34 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1065951238-459515337-3442329596-1001
2014-12-04 11:05 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-01 20:58 - 2014-07-12 19:22 - 00000000 ____D () C:\Users\Connie\AppData\Local\Packages
2014-11-24 14:21 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Connie\AppData\Local\Temp\Quarantine.exe
C:\Users\Connie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-10 20:13

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by Connie at 2014-12-13 02:46:14
Running from C:\Users\Connie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5.43 - Pro PC Cleaner)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{5422229D-6131-404C-8107-9B3F87EF65BB}) (Version: 2.1.90 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{029A9E80-E460-4108-8825-3A449EC9A26A}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WordBiz 1.8.7 (HKLM-x32\...\WordBiz_0) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

26-11-2014 17:21:03 Windows Update
11-12-2014 04:11:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {19F4C4CC-C183-4202-99F9-75A6727B0E00} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {208581A0-B1F2-499E-B02C-8138E15684C8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-11] (AVAST Software)
Task: {48BE4549-4882-4B3A-B824-16D1888219EA} - System32\Tasks\{D78CE59E-604F-40AE-A4FA-7D06AF5A98E5} => pcalua.exe -a "C:\Program Files (x86)\WordBiz\Uninstall.exe"
Task: {5D5C810A-84E9-40C0-B170-2AF7963B2473} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-12] (Intel Corporation)
Task: {614FBAA5-A3A8-4D14-984D-61DE9701C458} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-12] (Intel Corporation)
Task: {6F551ACF-7352-49DA-AF78-E923AA333313} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {AD32CE0D-C87A-46A9-8FF3-259B65E2776B} - System32\Tasks\WSE_Taplika => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B06C09F3-1B9A-4A1C-B0D6-C7870E9ED6B7} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {C12D6A58-C8D2-47A2-A1AC-285FA60ED55D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-01-31] (Samsung Electronics CO., LTD.)
Task: {C426A025-8ED8-45E8-A9B8-E7C8893AE6E0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-11] (SEC)
Task: {FDAC744E-CB0A-4179-BA52-AD25DF1B8089} - System32\Tasks\{A1B19F51-1570-4A78-B857-02297B4C0237} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"
Task: C:\windows\Tasks\WSE_Taplika.job => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2014-12-11 18:53 - 2014-12-11 18:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-11 18:53 - 2014-12-11 18:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-01-07 00:29 - 2014-01-07 00:29 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-07 00:26 - 2014-01-07 00:26 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-07 00:32 - 2014-01-07 00:32 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-01-15 21:27 - 2013-01-15 21:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-11 18:41 - 2013-07-03 14:40 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
2014-03-19 10:41 - 2014-03-19 10:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-12-11 09:30 - 2014-12-11 09:30 - 02905600 _____ () C:\Program Files\AVAST Software\Avast\defs\14121100\algo.dll
2014-12-11 18:53 - 2014-12-11 18:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-05-24 22:40 - 2012-06-07 19:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 18:34 - 2012-06-07 18:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-11 18:54 - 2014-12-11 18:54 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-24 20:31 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1065951238-459515337-3442329596-500 - Administrator - Disabled)
Connie (S-1-5-21-1065951238-459515337-3442329596-1001 - Administrator - Enabled) => C:\Users\Connie
Guest (S-1-5-21-1065951238-459515337-3442329596-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: snipsmartbho.dll, version: 1.0.0.5, time stamp: 0x548a374c
Exception code: 0xc0000005
Fault offset: 0x00003421
Faulting process id: 0x1bac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/11/2014 06:41:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/11/2014 06:41:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/13/2014 02:40:26 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update snipsmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Active File Monitor V11 service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SW Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util snipsmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2asnipsmartbho.dll1.0.0.5548a374cc0000005000034211bac01d015b8381a59e1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\snipsmart\snipsmartbho.dll9b2a045d-81ab-11e4-bebc-1867b0cc072c

Error: (12/11/2014 06:41:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Error: (12/11/2014 06:41:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 25%
Total physical RAM: 3969.89 MB
Available physical RAM: 2938.78 MB
Total Pagefile: 4865.89 MB
Available Pagefile: 3824.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.89 GB) (Free:397.42 GB) NTFS
Drive e: (Lexar) (Removable) (Total:3.73 GB) (Free:2.83 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B7AB7DCD)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am

Re: Taplika Search and other programs

Unread postby Blade81 » December 13th, 2014, 10:51 am

Hi,

  • Click Start
  • Type notepad.exe in the search text box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
    HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1065951238-459515337-3442329596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Taplika.com/?f=1&a=tpl_otbrw1_14 ... 909650&ir= 
    2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Itibiti
    2014-12-11 18:41 - 2014-12-12 14:28 - 00000000 ____D () C:\Users\Connie\Documents\ProPCCleaner
    2014-12-11 18:41 - 2014-12-11 18:41 - 00003194 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
    2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Users\Connie\AppData\Local\Pro_PC_Cleaner
    2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
    2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
    2014-12-11 18:39 - 2014-12-13 02:39 - 00000310 _____ () C:\windows\Tasks\WSE_Taplika.job
    2014-12-11 18:39 - 2014-12-11 18:39 - 00002648 _____ () C:\windows\System32\Tasks\WSE_Taplika
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Task: {19F4C4CC-C183-4202-99F9-75A6727B0E00} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
    Task: {AD32CE0D-C87A-46A9-8FF3-259B65E2776B} - System32\Tasks\WSE_Taplika => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\windows\Tasks\WSE_Taplika.job => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    2014-12-11 18:41 - 2013-07-03 14:40 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    
  • Save it next to FRST64.exe as filename fixlist.txt
  • NOTE: It's important that both files, FRST64.exe and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST64.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Taplika Search and other programs

Unread postby mike1127 » December 13th, 2014, 10:28 pm

Continued thanks....

Note that the computer restarted after the fixlist was applied.

Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-12-2014
Ran by Connie at 2014-12-13 18:24:26 Run:3
Running from C:\Users\Connie\Desktop
Loaded Profile: Connie (Available profiles: Connie)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe [7342080 2013-07-03] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://Taplika.com/?f=1&a=tpl_otbrw1_14 ... 909650&ir=
2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\Users\Connie\AppData\Roaming\Itibiti
2014-12-11 18:41 - 2014-12-12 14:28 - 00000000 ____D () C:\Users\Connie\Documents\ProPCCleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00003194 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Users\Connie\AppData\Local\Pro_PC_Cleaner
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2014-12-11 18:39 - 2014-12-13 02:39 - 00000310 _____ () C:\windows\Tasks\WSE_Taplika.job
2014-12-11 18:39 - 2014-12-11 18:39 - 00002648 _____ () C:\windows\System32\Tasks\WSE_Taplika
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Task: {19F4C4CC-C183-4202-99F9-75A6727B0E00} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {AD32CE0D-C87A-46A9-8FF3-259B65E2776B} - System32\Tasks\WSE_Taplika => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\windows\Tasks\WSE_Taplika.job => C:\Users\Connie\AppData\Roaming\WSE_TA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
2014-12-11 18:41 - 2013-07-03 14:40 - 07342080 _____ () C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

*****************

[3996] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe => Process closed successfully.
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Driver Support => value deleted successfully.
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe => value deleted successfully.
C:\windows\system32\GroupPolicy\Machine => Moved successfully.
C:\windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Users\Connie\AppData\Roaming\Itibiti => Moved successfully.
C:\Users\Connie\Documents\ProPCCleaner => Moved successfully.
C:\windows\System32\Tasks\ProPCCleaner_Start => Moved successfully.
C:\Users\Connie\AppData\Local\Pro_PC_Cleaner => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR => Moved successfully.
C:\Program Files (x86)\Itibiti Soft Phone => Moved successfully.
C:\windows\Tasks\WSE_Taplika.job => Moved successfully.
C:\windows\System32\Tasks\WSE_Taplika => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}\\SystemComponent => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19F4C4CC-C183-4202-99F9-75A6727B0E00}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19F4C4CC-C183-4202-99F9-75A6727B0E00}" => Key deleted successfully.
C:\Windows\System32\Tasks\ProPCCleaner_Start not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD32CE0D-C87A-46A9-8FF3-259B65E2776B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD32CE0D-C87A-46A9-8FF3-259B65E2776B}" => Key deleted successfully.
C:\Windows\System32\Tasks\WSE_Taplika not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Taplika" => Key deleted successfully.
C:\windows\Tasks\WSE_Taplika.job not found.
"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am

Re: Taplika Search and other programs

Unread postby Blade81 » December 14th, 2014, 2:17 pm

Hi,

Good, seems that some bad items were removed successfully. Please re-run FRST (with scan option this time) and post back contents of its logs.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Taplika Search and other programs

Unread postby mike1127 » December 14th, 2014, 7:38 pm

Thanks! Yes I see that the adware and Taplika hijack are gone.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2014
Ran by Connie (administrator) on CONNIE on 14-12-2014 14:55:12
Running from C:\Users\Connie\Desktop
Loaded Profile: Connie (Available profiles: Connie)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17074_none_6233bc1f5106b696\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-11] (AVAST Software)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [133760 2014-01-07] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-1065951238-459515337-3442329596-1001\...\RunOnce: [Adobe Speed Launcher] => 1418524016
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {E6E76032-1AF9-4C30-B963-2BE1D099B26E} => C:\windows\SYSTEM32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll (Bitcasa, Inc)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {E6E76032-1AF9-4C30-B963-2BE1D099B26E} => C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1065951238-459515337-3442329596-1001 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-12]

Chrome:
=======
CHR Profile: C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Connie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [318592 2014-01-07] (Windows (R) Win 7 DDK provider)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-11] (Avast Software)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-01-31] (Samsung Electronics CO., LTD.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-09] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-09] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-01-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-11] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-11] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-11] ()
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-01-07] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-07] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 14:55 - 2014-12-14 14:56 - 00013500 _____ () C:\Users\Connie\Desktop\FRST.txt
2014-12-13 18:26 - 2014-12-13 18:27 - 00000197 _____ () C:\windows\system32\2014-12-14-02-26-18.039-AvastVBoxSVC.exe-2632.log
2014-12-13 18:24 - 2014-12-13 18:24 - 00000000 ____D () C:\Users\Connie\Desktop\FRST-OlderVersion
2014-12-13 02:43 - 2014-12-13 02:43 - 00000197 _____ () C:\windows\system32\2014-12-13-10-43-26.028-AvastVBoxSVC.exe-2416.log
2014-12-13 02:41 - 2014-12-13 18:25 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-12 15:50 - 2014-12-13 02:39 - 00000000 ____D () C:\AdwCleaner
2014-12-12 15:46 - 2014-12-12 15:46 - 02166272 _____ () C:\Users\Connie\Desktop\AdwCleaner.exe
2014-12-12 14:24 - 2014-12-13 18:24 - 02119168 _____ (Farbar) C:\Users\Connie\Desktop\FRST64.exe
2014-12-11 21:11 - 2014-12-11 21:11 - 00000247 _____ () C:\windows\system32\2014-12-12-05-11-49.020-aswFe.exe-13180.log
2014-12-11 20:27 - 2014-12-11 21:11 - 00000247 _____ () C:\windows\system32\2014-12-12-04-27-18.057-aswFe.exe-5080.log
2014-12-11 20:27 - 2014-12-11 20:27 - 00000197 _____ () C:\windows\system32\2014-12-12-04-27-10.072-AvastVBoxSVC.exe-3984.log
2014-12-11 20:20 - 2014-12-11 20:20 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-11 19:03 - 2014-12-11 19:27 - 00000000 ____D () C:\windows\SysWOW64\vbox
2014-12-11 19:03 - 2014-12-11 19:27 - 00000000 ____D () C:\windows\system32\vbox
2014-12-11 18:55 - 2014-12-11 18:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-11 18:54 - 2014-12-11 18:54 - 00364512 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-12-11 18:54 - 2014-12-11 18:54 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-12-11 18:54 - 2014-12-11 18:54 - 00028184 _____ (AVAST Software) C:\windows\system32\Drivers\aswKbd.sys
2014-12-11 18:53 - 2014-12-11 18:53 - 00449936 _____ (AVAST Software) C:\windows\system32\Drivers\aswNdisFlt.sys
2014-12-11 18:45 - 2014-12-11 18:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-11 18:45 - 2014-12-11 18:46 - 00000000 ____D () C:\Users\Connie\AppData\Local\Google
2014-12-11 18:45 - 2014-12-11 18:45 - 00003104 _____ () C:\windows\System32\Tasks\{A1B19F51-1570-4A78-B857-02297B4C0237}
2014-12-11 18:41 - 2014-12-11 18:41 - 00000000 __SHD () C:\windows\SysWOW64\AI_RecycleBin
2014-12-11 09:30 - 2014-11-26 13:11 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-11 09:30 - 2014-11-26 13:11 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-11 09:28 - 2014-12-11 09:28 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 20:30 - 2014-10-08 20:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-10 20:30 - 2014-10-08 20:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-10 20:30 - 2014-10-08 20:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-10 20:30 - 2014-10-08 19:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-10 20:30 - 2014-10-08 19:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-10 10:44 - 2014-10-10 23:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-10 10:44 - 2014-10-10 21:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-10 10:43 - 2014-11-21 00:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 10:43 - 2014-10-08 19:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-10 10:43 - 2014-10-08 19:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-10 10:43 - 2014-10-08 19:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-10 10:43 - 2014-09-21 21:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-10 10:43 - 2014-09-21 19:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00830464 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00740864 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 10:42 - 2014-12-04 17:41 - 00396288 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 10:42 - 2014-12-04 17:40 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 00412672 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 10:42 - 2014-12-02 17:48 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 10:42 - 2014-11-21 00:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 10:42 - 2014-11-21 00:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 10:42 - 2014-11-21 00:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 10:42 - 2014-11-21 00:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-10 10:42 - 2014-11-21 00:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 10:42 - 2014-11-21 00:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 10:42 - 2014-11-21 00:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 10:42 - 2014-11-20 23:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 10:42 - 2014-11-20 23:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 10:42 - 2014-11-20 23:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 10:42 - 2014-11-20 23:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 10:42 - 2014-11-20 23:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 10:42 - 2014-11-20 22:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 10:42 - 2014-11-20 20:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-10 10:42 - 2014-11-05 22:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 10:42 - 2014-11-05 21:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 10:40 - 2014-10-29 23:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-10 10:40 - 2014-10-29 21:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-08 11:36 - 2014-02-10 09:04 - 00430080 _____ (Farbar) C:\windows\mod_frst.exe
2014-11-26 08:44 - 2014-11-18 23:29 - 00582552 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-11-26 08:44 - 2014-11-18 23:29 - 00462760 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-11-18 11:54 - 2014-11-08 03:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-18 11:54 - 2014-11-08 03:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-18 11:54 - 2014-11-07 22:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-18 11:54 - 2014-11-07 22:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-15 20:56 - 2014-11-15 20:56 - 00018944 ___SH () C:\Users\Connie\Downloads\Thumbs.db

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-14 14:55 - 2014-07-13 00:59 - 00000000 ____D () C:\FRST
2014-12-14 14:55 - 2013-05-24 20:35 - 01869561 _____ () C:\windows\WindowsUpdate.log
2014-12-14 14:55 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\sru
2014-12-13 18:28 - 2013-05-24 22:49 - 00000000 ____D () C:\ProgramData\WinClon
2014-12-13 18:25 - 2012-07-25 23:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-13 18:24 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\GroupPolicy
2014-12-13 18:24 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-13 02:47 - 2012-07-25 23:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-13 02:40 - 2012-08-05 13:07 - 00891852 _____ () C:\windows\PFRO.log
2014-12-12 15:49 - 2012-07-25 21:26 - 00000194 _____ () C:\windows\win.ini
2014-12-12 15:20 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\rescache
2014-12-11 20:55 - 2012-07-25 23:21 - 00404674 _____ () C:\windows\setupact.log
2014-12-11 20:20 - 2013-05-24 22:54 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-11 19:28 - 2014-07-12 19:22 - 00000000 ____D () C:\Users\Connie
2014-12-11 19:04 - 2014-07-15 15:38 - 00000000 ____D () C:\Users\Connie\AppData\Local\CrashDumps
2014-12-11 18:55 - 2014-07-12 19:48 - 01050432 _____ (AVAST Software) C:\windows\system32\Drivers\aswsnx.sys
2014-12-11 18:55 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-11 18:54 - 2014-07-12 19:48 - 00436624 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00267632 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00116728 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00083280 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-12-11 18:54 - 2014-07-12 19:48 - 00003924 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-12-11 09:28 - 2014-07-20 14:35 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-11 09:28 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-11 09:28 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AppCompat
2014-12-10 20:40 - 2012-07-25 23:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-10 20:39 - 2014-07-20 09:01 - 00000000 ____D () C:\windows\system32\MRT
2014-12-10 20:34 - 2014-07-20 09:01 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-10 01:42 - 2014-07-12 19:34 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1065951238-459515337-3442329596-1001
2014-12-04 11:05 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-01 20:58 - 2014-07-12 19:22 - 00000000 ____D () C:\Users\Connie\AppData\Local\Packages
2014-11-24 14:21 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\NDF

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe


Some content of TEMP:
====================
C:\Users\Connie\AppData\Local\Temp\Quarantine.exe
C:\Users\Connie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-10 20:13

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2014
Ran by Connie at 2014-12-14 14:57:16
Running from C:\Users\Connie\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2963 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc)
KNCTR (HKLM-x32\...\Itibiti_is1) (Version: - Itibiti Inc.)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Pro PC Cleaner (HKLM-x32\...\{C3060724-6AC7-4BEF-B516-4F6B1D90887D}) (Version: 2.5.5.43 - Pro PC Cleaner)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{5422229D-6131-404C-8107-9B3F87EF65BB}) (Version: 2.1.90 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.14 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{029A9E80-E460-4108-8825-3A449EC9A26A}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WordBiz 1.8.7 (HKLM-x32\...\WordBiz_0) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

26-11-2014 17:21:03 Windows Update
11-12-2014 04:11:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2012-07-25 21:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {208581A0-B1F2-499E-B02C-8138E15684C8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-11] (AVAST Software)
Task: {47A7BA89-845A-48F3-8D31-50D4DA7C7766} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {48BE4549-4882-4B3A-B824-16D1888219EA} - System32\Tasks\{D78CE59E-604F-40AE-A4FA-7D06AF5A98E5} => pcalua.exe -a "C:\Program Files (x86)\WordBiz\Uninstall.exe"
Task: {5D5C810A-84E9-40C0-B170-2AF7963B2473} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-12] (Intel Corporation)
Task: {614FBAA5-A3A8-4D14-984D-61DE9701C458} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-12] (Intel Corporation)
Task: {B06C09F3-1B9A-4A1C-B0D6-C7870E9ED6B7} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {C12D6A58-C8D2-47A2-A1AC-285FA60ED55D} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-01-31] (Samsung Electronics CO., LTD.)
Task: {C426A025-8ED8-45E8-A9B8-E7C8893AE6E0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-11] (SEC)
Task: {FDAC744E-CB0A-4179-BA52-AD25DF1B8089} - System32\Tasks\{A1B19F51-1570-4A78-B857-02297B4C0237} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe"

==================== Loaded Modules (whitelisted) =============

2014-12-11 18:53 - 2014-12-11 18:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-11 18:53 - 2014-12-11 18:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-01-02 16:50 - 2012-10-31 21:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-01-07 00:29 - 2014-01-07 00:29 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-07 00:26 - 2014-01-07 00:26 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-07 00:32 - 2014-01-07 00:32 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-01-15 21:27 - 2013-01-15 21:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-19 10:41 - 2014-03-19 10:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-09-13 00:24 - 2012-09-13 00:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
2014-12-13 18:21 - 2014-12-13 18:21 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121301\algo.dll
2014-12-11 18:53 - 2014-12-11 18:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-01-31 17:52 - 2013-01-31 17:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-05-24 22:40 - 2012-06-07 19:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 18:34 - 2012-06-07 18:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-11 18:54 - 2014-12-11 18:54 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-24 20:31 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-08-15 03:12 - 2011-08-15 03:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2012-09-12 23:14 - 2012-09-12 23:14 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-15 03:12 - 2011-08-15 03:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 03:15 - 2011-08-15 03:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-16 23:41 - 2011-08-16 23:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-16 23:48 - 2011-08-16 23:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-08-16 23:48 - 2011-08-16 23:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 02:23 - 2011-08-15 02:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2012-09-12 23:13 - 2012-09-12 23:13 - 00473088 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2012-09-12 23:23 - 2012-09-12 23:23 - 00499552 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-09-12 23:12 - 2012-09-12 23:12 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2011-07-18 23:05 - 2011-07-18 23:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 03:17 - 2011-08-15 03:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtGui4.dll
2011-07-18 23:04 - 2011-07-18 23:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\phonon4.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1065951238-459515337-3442329596-500 - Administrator - Disabled)
Connie (S-1-5-21-1065951238-459515337-3442329596-1001 - Administrator - Enabled) => C:\Users\Connie
Guest (S-1-5-21-1065951238-459515337-3442329596-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/11/2014 07:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: snipsmartbho.dll, version: 1.0.0.5, time stamp: 0x548a374c
Exception code: 0xc0000005
Fault offset: 0x00003421
Faulting process id: 0x1bac
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/11/2014 06:41:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/11/2014 06:41:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (12/13/2014 09:00:25 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/13/2014 06:44:15 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/13/2014 06:25:07 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/13/2014 02:53:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (12/13/2014 02:40:26 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/13/2014 02:39:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update snipsmart service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:27:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:26:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CONNIE)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (12/11/2014 07:04:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2asnipsmartbho.dll1.0.0.5548a374cc0000005000034211bac01d015b8381a59e1C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\snipsmart\snipsmartbho.dll9b2a045d-81ab-11e4-bebc-1867b0cc072c

Error: (12/11/2014 06:41:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Error: (12/11/2014 06:41:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
Percentage of memory in use: 38%
Total physical RAM: 3969.89 MB
Available physical RAM: 2448.89 MB
Total Pagefile: 4865.89 MB
Available Pagefile: 3264.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.89 GB) (Free:397.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B7AB7DCD)

Partition: GPT Partition Type.

==================== End Of Log ============================
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am

Re: Taplika Search and other programs

Unread postby Blade81 » December 15th, 2014, 4:30 am

Good to hear we've made progress with cleaning :)

Please uninstall these items if visible (instructions below if needed):
Itibiti RTC
KNCTR
Pro PC Cleaner


1. Swipe in from the right edge of the screen, and then tap Search.
(If you're using a mouse, point to the upper-right corner of the screen, move the mouse pointer down, and then click Search.)
2. Enter control panel in the search box, and then tap or click Control Panel.
3. Under View by:, select Large Icons, and then tap or click Programs and features.
4. Tap or click the program, and then tap or click Uninstall.
5. Follow the instructions on the screen.


Let me know how it goes and if there are any symptoms left.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Taplika Search and other programs

Unread postby mike1127 » December 15th, 2014, 4:54 am

Uninstalling Itibiti RTC went fine.

In uninstalling KNCTR, I got the message saying that something went wrong and suggesting it may have been uninstalled already-- (sorry I forgot to write down the message) -- then it asked me if I just wanted to remove it from the Programs and Features list and I said yes.

In unintalling Pro PC Cleaner, I got the following message:

"There is a problem with this Windows Installer package. a DLL required for this install to complete could not be run. Contact your support personnel or package vendor"
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am

Re: Taplika Search and other programs

Unread postby Blade81 » December 15th, 2014, 5:05 am

Hi,

Please see if this helps with the problem you're having with Pro PC Cleaner entry.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Taplika Search and other programs

Unread postby mike1127 » December 15th, 2014, 6:29 am

That worked. So those three programs are now uninstalled and I don't see any symptoms any more.
mike1127
Active Member
 
Posts: 9
Joined: December 12th, 2014, 1:03 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 31 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware