Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Security Pro - won't allow Safe Mode


  • Please log in to reply
28 replies to this topic

#1 happytobeme

happytobeme

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 10:44 AM

A friend brought me a computer because Anitvirus Security Pro would keep running on her laptop. I have had this on different computers and have been able to clean them but this one is really a beast.

 

Her system is running Win 7  the laptop is not allowing the system to boot in Safe Mode and It will also not allow access to Regedit or MSCONFIG. Any suggestions on getting control of the system back?



BC AdBot (Login to Remove)

 


#2 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 11:17 AM

here is my frst fileAttached File  FRST.txt   19.44KB   2 downloads


Edited by happytobeme, 28 November 2013 - 12:20 PM.


#3 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 11:46 AM

here is a copy past of the log

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by SYSTEM on MININT-QAVVRU7 on 28-11-2013 09:02:56
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\3pgVnnXn\3pgVnnXn.exe -sm,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2011-11-03] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-05-31] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296056 2012-06-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SpeetItUpFree] - "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKU\Melissa\...\Run: [DW6] - "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\Melissa\...\Run: [DW7] - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13003448 2012-08-20] (The Weather Channel)
HKU\Melissa\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) =================

S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
S2 DefaultTabUpdate; C:\Users\Melissa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-12-23] ()
S3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
S2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
S2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
S2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S1 wtvlvusb; \??\C:\Windows\system32\drivers\wtvlvusb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 09:02 - 2013-11-28 09:02 - 00000000 ____D C:\FRST
2013-11-28 07:51 - 2013-11-28 07:51 - 00001668 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk
2013-11-28 07:51 - 2013-11-28 07:51 - 00000118 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro support.url
2013-11-26 07:10 - 2013-11-26 21:51 - 00000000 ____D C:\ProgramData\3pgVnnXn
2013-11-21 18:22 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-21 18:22 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-21 18:22 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-21 18:22 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-21 18:22 - 2013-10-12 00:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-21 18:22 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-21 18:22 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-21 18:22 - 2013-10-11 23:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-21 18:22 - 2013-10-11 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-21 18:22 - 2013-10-11 22:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-21 18:22 - 2013-10-11 21:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-21 18:22 - 2013-10-11 21:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 18:57 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-14 18:57 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-14 18:57 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-14 18:57 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:57 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:57 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-14 18:57 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:57 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-14 18:57 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-14 18:57 - 2013-10-03 18:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-14 18:57 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:57 - 2013-10-03 17:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:57 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:57 - 2013-10-02 18:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-14 18:57 - 2013-10-02 18:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:57 - 2013-09-27 17:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-14 18:57 - 2013-09-24 18:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-14 18:57 - 2013-09-24 18:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-14 18:57 - 2013-09-24 18:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-14 18:57 - 2013-09-24 18:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-14 18:57 - 2013-09-24 18:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-14 18:57 - 2013-09-24 18:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-14 18:57 - 2013-09-24 18:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-14 18:57 - 2013-09-24 18:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-14 18:57 - 2013-09-24 17:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:57 - 2013-09-24 17:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:57 - 2013-09-24 17:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:57 - 2013-09-24 17:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:57 - 2013-09-24 17:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-14 18:57 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-08 12:08 - 2013-11-08 12:08 - 00010890 _____ C:\Users\Melissa\Downloads\Ramirez v. Trujillo Case No. FC2013-007002 Settlement.zip

==================== One Month Modified Files and Folders =======

2013-11-28 09:02 - 2013-11-28 09:02 - 00000000 ____D C:\FRST
2013-11-28 07:51 - 2013-11-28 07:51 - 00001668 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk
2013-11-28 07:51 - 2013-11-28 07:51 - 00000118 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro support.url
2013-11-28 07:51 - 2012-03-29 20:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-28 07:51 - 2012-03-15 19:11 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 07:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 07:51 - 2009-07-13 20:51 - 00082811 _____ C:\Windows\setupact.log
2013-11-27 20:57 - 2009-07-13 21:13 - 00794482 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-27 20:54 - 2012-03-29 20:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-27 20:38 - 2012-03-15 19:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-27 10:04 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 10:04 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 09:35 - 2011-12-06 16:21 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2013-11-27 09:18 - 2011-12-06 16:19 - 00002264 _____ C:\Windows\System32\AutoRunFilter.ini
2013-11-27 09:16 - 2011-11-03 01:57 - 00179956 _____ C:\Windows\PFRO.log
2013-11-26 21:53 - 2011-12-06 16:04 - 02045977 _____ C:\Windows\WindowsUpdate.log
2013-11-26 21:51 - 2013-11-26 07:10 - 00000000 ____D C:\ProgramData\3pgVnnXn
2013-11-26 21:44 - 2012-03-06 18:16 - 00000000 ___HD C:\ASUS.DAT
2013-11-26 21:06 - 2012-03-15 19:11 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-26 21:06 - 2012-03-15 19:11 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 07:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-22 19:49 - 2012-03-09 18:29 - 00000000 ___RD C:\Users\Melissa\Dropbox
2013-11-22 19:49 - 2012-03-09 18:27 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Dropbox
2013-11-22 19:44 - 2012-12-23 14:24 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-11-22 19:28 - 2012-03-07 22:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-22 19:28 - 2009-07-13 18:34 - 00000478 _____ C:\Windows\win.ini
2013-11-21 18:20 - 2013-08-19 04:25 - 00000000 ____D C:\Windows\System32\MRT
2013-11-21 18:18 - 2012-03-08 13:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-21 18:16 - 2013-08-15 16:56 - 00000258 __RSH C:\Users\Melissa\ntuser.pol
2013-11-21 18:16 - 2012-03-06 18:16 - 00000000 ____D C:\users\Melissa
2013-11-14 19:03 - 2012-03-29 20:05 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-08 12:08 - 2013-11-08 12:08 - 00010890 _____ C:\Users\Melissa\Downloads\Ramirez v. Trujillo Case No. FC2013-007002 Settlement.zip

Alureon:
C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll

Files to move or delete:
====================
C:\Users\Melissa\gotomypc_635.exe


Some content of TEMP:
====================
C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe
C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe
C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\lowproc.exe
C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe
C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll
C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

7
Restore point made on: 2013-09-14 07:13:33
Restore point made on: 2013-09-14 07:16:09
Restore point made on: 2013-09-25 20:17:34
Restore point made on: 2013-10-14 14:23:08
Restore point made on: 2013-11-08 12:49:51
Restore point made on: 2013-11-21 18:16:52
Restore point made on: 2013-11-22 19:22:05

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 5921.14 MB
Available physical RAM: 5240.7 MB
Total Pagefile: 5919.29 MB
Available Pagefile: 5231.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:206.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:394.08 GB) NTFS
Drive f: () (Removable) (Total:0.95 GB) (Free:0.7 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 977 MB) (Disk ID: 58588B17)
Partition 1: (Not Active) - (Size=976 MB) - (Type=06)


LastRegBack: 2013-11-26 07:41

==================== End Of Log ============================



#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:56 PM

Posted 28 November 2013 - 01:28 PM

:welcome: to BC forums, happytobeme!!

 

Lets do the following...

 

Please open notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
Save it to the pen drive where FRST is located, and name it: fixlist.txt

start
HKLM\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
C:\ProgramData\3pgVnnXn
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\3pgVnnXn\3pgVnnXn.exe -sm,
HKU\Melissa\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
2013-11-28 07:51 - 2013-11-28 07:51 - 00001668 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk
2013-11-28 07:51 - 2013-11-28 07:51 - 00000118 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro support.url
C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll
C:\Users\Melissa\gotomypc_635.exe
C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe
C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe
C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\lowproc.exe
C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe
C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll
C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe
end

NOTICE: This script is written specifically for this computer!!!
Running this on another computer may cause damage to the Operating System.
 
Now, please enter System Recovery Options and select the Command Prompt as done before.
Run FRST, and press the Fix button, just once, and wait.
 
When done, the tool creates a report on the Desktop called: Fixlog.txt
>>  Please post the Fixlog.txt in your reply.


Old duck...


#5 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 01:30 PM

do i copy start and end



#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:56 PM

Posted 28 November 2013 - 01:31 PM

Yes!

 

Also, when done with the above, please run FRST once again, and post a new report.

 

See if you can run it from the Desktop.

 

Thanks!


Edited by Aaflac, 28 November 2013 - 01:32 PM.

Old duck...


#7 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 01:39 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013 01
Ran by SYSTEM at 2013-11-28 11:37:26 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
C:\ProgramData\3pgVnnXn
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\3pgVnnXn\3pgVnnXn.exe -sm,
HKU\Melissa\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
2013-11-28 07:51 - 2013-11-28 07:51 - 00001668 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk
2013-11-28 07:51 - 2013-11-28 07:51 - 00000118 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro support.url
C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll
C:\Users\Melissa\gotomypc_635.exe
C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe
C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe
C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\lowproc.exe
C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe
C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll
C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
C:\ProgramData\3pgVnnXn => Moved successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\Melissa\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk => Moved successfully.
C:\Users\Melissa\Desktop\Antivirus Security Pro support.url => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll => Moved successfully.
C:\Users\Melissa\gotomypc_635.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe => Moved successfully.
C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe => Moved successfully.

==== End of Fixlog ====



#8 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 01:42 PM

well the computer will run it on the desktop now



#9 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:56 PM

Posted 28 November 2013 - 01:43 PM

Please post a new FRST report.

Old duck...


#10 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 01:47 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013 01
Ran by Melissa at 2013-11-28 11:45:56 Run:2
Running from F:\
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
C:\ProgramData\3pgVnnXn
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\3pgVnnXn\3pgVnnXn.exe -sm,
HKU\Melissa\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
2013-11-28 07:51 - 2013-11-28 07:51 - 00001668 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk
2013-11-28 07:51 - 2013-11-28 07:51 - 00000118 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro support.url
C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll
C:\Users\Melissa\gotomypc_635.exe
C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe
C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe
C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\lowproc.exe
C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe
C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll
C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found.
"C:\ProgramData\3pgVnnXn" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\Melissa\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found.
"C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk" => File/Directory not found.
"C:\Users\Melissa\Desktop\Antivirus Security Pro support.url" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll" => File/Directory not found.
"C:\Users\Melissa\gotomypc_635.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\lowproc.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe" => File/Directory not found.

==== End of Fixlog ====



#11 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 01:52 PM

from the desktop

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-11-2013 01
Ran by Melissa at 2013-11-28 11:50:14 Run:3
Running from C:\Users\Melissa\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKLM\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
C:\ProgramData\3pgVnnXn
HKLM\...\Winlogon: [Userinit] userinit.exe,C:\ProgramData\3pgVnnXn\3pgVnnXn.exe -sm,
HKU\Melissa\...\Run: [AS2014] - C:\ProgramData\3pgVnnXn\3pgVnnXn.exe [580872 2013-11-26] ()
2013-11-28 07:51 - 2013-11-28 07:51 - 00001668 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk
2013-11-28 07:51 - 2013-11-28 07:51 - 00000118 _____ C:\Users\Melissa\Desktop\Antivirus Security Pro support.url
C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll
C:\Users\Melissa\gotomypc_635.exe
C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe
C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe
C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Melissa\AppData\Local\Temp\lowproc.exe
C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe
C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll
C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe
C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe
end
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found.
"C:\ProgramData\3pgVnnXn" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => Value was restored successfully.
HKU\Melissa\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value not found.
"C:\Users\Melissa\Desktop\Antivirus Security Pro.lnk" => File/Directory not found.
"C:\Users\Melissa\Desktop\Antivirus Security Pro support.url" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll" => File/Directory not found.
"C:\Users\Melissa\gotomypc_635.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\fam-installer.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\IeSearchProvider4743426368720568886.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\lowproc.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\spdttm1.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\stubhelper.dll" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\The_Weather_Channel_Application.exe" => File/Directory not found.
"C:\Users\Melissa\AppData\Local\Temp\updater_uninstall.exe" => File/Directory not found.

==== End of Fixlog ====



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:56 PM

Posted 28 November 2013 - 02:09 PM

My bad!   :blush:   

 

Meant for you to run FRST once again, and do a: Scan

 

Then post the new FRST (Scan) result, like you did initially.


Old duck...


#13 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 02:19 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Melissa (administrator) on MELISSA-PC on 28-11-2013 12:13:48
Running from C:\Users\Melissa\Desktop\New folder
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Users\Melissa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUS) C:\Program Files\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Dropbox, Inc.) C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingApp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\bingsurrogate.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\bingsurrogate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [VizorHtmlDialog.exe] - C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe [1123664 2010-10-08] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Titanium] - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe [322384 2010-09-17] (Trend Micro Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [DW6] - "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKCU\...\Run: [DW7] - C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe [13003448 2012-08-20] (The Weather Channel)
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll ATTENTION! ====> ZeroAccess?
MountPoints2: {d635cd3c-72b3-11e1-83b5-5404a64c3c34} - F:\LaunchU3.exe -a
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2011-11-03] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-05-31] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296056 2012-06-16] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SpeetItUpFree] - "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Melissa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=2e8ada38-652f-4383-bec4-954a109ce699&searchtype=ds&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=2651&t=01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=2e8ada38-652f-4383-bec4-954a109ce699&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=2e8ada38-652f-4383-bec4-954a109ce699&searchtype=ds&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=2e8ada38-652f-4383-bec4-954a109ce699&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=2e8ada38-652f-4383-bec4-954a109ce699&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=2e8ada38-652f-4383-bec4-954a109ce699&searchtype=ds&q={searchTerms}
SearchScopes: HKCU - {4AAD127F-1610-4879-8907-C4754FFFB1C4} URL = http://www.mysearchresults.com/search?&c=2651&t=03&q={searchTerms}
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: SearchDonkey - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\Program Files (x86)\SearchDonkey\IE\common.dll (WebAppTech Coding, LLC)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Melissa\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25

Chrome:
=======
CHR HomePage: hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20130522,17093,0,73,0
CHR RestoreOnStartup: "hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20130522,17093,0,73,0", "hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=US&userid=2e8ada38-652f-4383-bec4-954a109ce699&searchtype=hp"
CHR DefaultSearchURL: (Yahoo! Search) - http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,202,0_0,Search,20130522,17094,0,73,0
CHR DefaultSuggestURL: (Yahoo! Search) - http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: () - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.14_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (DefaultTab) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0
CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [kdidombaedgpfiiedeimiebkmbilgmlc] - C:\Program Files (x86)\DefaultTab\DefaultTab.crx

==================== Services (Whitelisted) =================

S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [573952 2013-10-07] ()
R2 DefaultTabUpdate; C:\Users\Melissa\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2012-12-23] ()
R3 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [x]
S2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S1 wtvlvusb; \??\C:\Windows\system32\drivers\wtvlvusb.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-28 12:10 - 2013-11-28 12:10 - 01959024 _____ (Farbar) C:\Users\Melissa\Downloads\FRST64.exe
2013-11-28 11:47 - 2013-11-28 12:13 - 00000000 ____D C:\Users\Melissa\Desktop\New folder
2013-11-28 10:02 - 2013-11-28 10:02 - 00000000 ____D C:\FRST
2013-11-28 08:51 - 2013-11-28 08:51 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-21 19:22 - 2013-10-12 01:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-21 19:22 - 2013-10-12 01:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-21 19:22 - 2013-10-12 01:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-21 19:22 - 2013-10-12 01:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-21 19:22 - 2013-10-12 01:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-21 19:22 - 2013-10-12 00:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-21 19:22 - 2013-10-12 00:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-21 19:22 - 2013-10-12 00:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-21 19:22 - 2013-10-11 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-21 19:22 - 2013-10-11 23:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-21 19:22 - 2013-10-11 22:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-21 19:22 - 2013-10-11 22:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 19:57 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 19:57 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 19:57 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 19:57 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 19:57 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 19:57 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 19:57 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 19:57 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 19:57 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 19:57 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 19:57 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 19:57 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 19:57 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 19:57 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 19:57 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 19:57 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 19:57 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 19:57 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 19:57 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 19:57 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 19:57 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 19:57 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 19:57 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 19:57 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 19:57 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 19:57 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 19:57 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 19:57 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 19:57 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 19:57 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-08 13:08 - 2013-11-08 13:08 - 00010890 _____ C:\Users\Melissa\Downloads\Ramirez v. Trujillo Case No. FC2013-007002 Settlement.zip

==================== One Month Modified Files and Folders =======

2013-11-28 12:37 - 2012-03-06 19:16 - 00000000 ____D C:\Users\Melissa
2013-11-28 12:13 - 2013-11-28 11:47 - 00000000 ____D C:\Users\Melissa\Desktop\New folder
2013-11-28 12:11 - 2012-03-15 20:11 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-28 12:10 - 2013-11-28 12:10 - 01959024 _____ (Farbar) C:\Users\Melissa\Downloads\FRST64.exe
2013-11-28 12:08 - 2012-03-09 19:29 - 00000000 ___RD C:\Users\Melissa\Dropbox
2013-11-28 12:08 - 2012-03-09 19:27 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Dropbox
2013-11-28 11:51 - 2009-07-13 22:13 - 00794482 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-28 11:48 - 2012-03-29 21:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-28 11:48 - 2012-03-29 21:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-28 11:47 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 11:47 - 2009-07-13 21:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 11:41 - 2013-10-17 20:06 - 00074752 ___SH C:\Users\Melissa\Desktop\Thumbs.db
2013-11-28 11:41 - 2012-03-06 19:16 - 00000000 ___HD C:\ASUS.DAT
2013-11-28 11:40 - 2012-03-15 20:11 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-28 11:40 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 11:40 - 2009-07-13 21:51 - 00082923 _____ C:\Windows\setupact.log
2013-11-28 10:02 - 2013-11-28 10:02 - 00000000 ____D C:\FRST
2013-11-28 08:51 - 2013-11-28 08:51 - 00000000 ____D C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-11-27 10:35 - 2011-12-06 17:21 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2013-11-27 10:18 - 2011-12-06 17:19 - 00002264 _____ C:\Windows\system32\AutoRunFilter.ini
2013-11-27 10:16 - 2011-11-03 02:57 - 00179956 _____ C:\Windows\PFRO.log
2013-11-26 22:53 - 2011-12-06 17:04 - 02045977 _____ C:\Windows\WindowsUpdate.log
2013-11-26 22:06 - 2012-03-15 20:11 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-26 22:06 - 2012-03-15 20:11 - 00003644 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-26 08:48 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-11-22 20:44 - 2012-12-23 15:24 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-11-22 20:28 - 2012-03-07 23:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-22 20:28 - 2009-07-13 19:34 - 00000478 _____ C:\Windows\win.ini
2013-11-21 19:20 - 2013-08-19 05:25 - 00000000 ____D C:\Windows\system32\MRT
2013-11-21 19:18 - 2012-03-08 14:08 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-21 19:16 - 2013-08-15 17:56 - 00000258 __RSH C:\Users\Melissa\ntuser.pol
2013-11-14 20:03 - 2012-03-29 21:05 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-08 13:08 - 2013-11-08 13:08 - 00010890 _____ C:\Users\Melissa\Downloads\Ramirez v. Trujillo Case No. FC2013-007002 Settlement.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 08:41

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by Melissa at 2013-11-28 12:14:25
Running from C:\Users\Melissa\Desktop\New folder
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Trend Micro Titanium Internet Security (Disabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}
AS: Trend Micro Titanium Internet Security (Disabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 10 Plugin (x32 Version: 10.0.32.18)
Adobe Flash Player 11 ActiveX (x32 Version: 11.2.202.228)
Adobe Reader X (10.1.2) (x32 Version: 10.1.2)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.12.5.0)
ASUS AI Recovery (x32 Version: 1.0.13)
ASUS FancyStart (x32 Version: 1.1.0)
ASUS LifeFrame3 (x32 Version: 3.0.22)
ASUS Live Update (x32 Version: 2.5.9)
ASUS Power4Gear Hybrid (Version: 1.1.45)
ASUS SmartLogon (x32 Version: 1.0.0011)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0033)
ASUS Virtual Camera (x32 Version: 1.0.21)
ASUS WebStorage (x32 Version: 3.0.108.222)
AsusScr_K3 Series_ENG (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.7.142)
Atheros Driver Installation Program (x32 Version: 9.0)
ATK Package (x32 Version: 1.0.0010)
Bing Bar (x32 Version: 7.2.241.0)
Bonjour (Version: 3.0.0.10)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink Media Suite (x32 Version: 8.0.2926)
CyberLink Power2Go (x32 Version: 7.0.0.1126)
D3DX10 (x32 Version: 15.4.2368.0902)
DefaultTab (x32 Version: 1.3.1.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.0.22)
Fast Boot (Version: 1.0.10)
File Association Manager (x32 Version: 0.5)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Chrome (x32 Version: 31.0.1650.57)
Google Update Helper (x32 Version: 1.3.22.3)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2405)
Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0)
iTunes (Version: 11.0.5.5)
Java Auto Updater (x32 Version: 2.0.7.1)
Java™ 6 Update 33 (x32 Version: 6.0.330)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0)
Nuance PDF Reader (x32 Version: 6.00.0041)
PDFlite 0.9.0.0 (x32 Version: 0.9.0.0)
QuickBooks (x32 Version: 22.0.4014.2206)
QuickBooks Pro 2012 (x32 Version: 22.0.4014.2206)
QuickTime (x32 Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.4)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6304)
RealUpgrade 1.1 (x32 Version: 1.1.0)
SearchDonkey (x32 Version: 2.6.14)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Sonic Focus (x32 Version: 1.00.0000)
Synaptics Pointing Device Driver (Version: 15.3.6.0)
The Weather Channel Desktop 6 (x32)
Trend Micro Titanium Internet Security (Version: 3.0)
Trend Micro Titanium Internet Security (Version: 3.00)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.31.1)
Wireless Console 3 (x32 Version: 3.0.19)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

14-09-2013 15:13:18 Windows Modules Installer
14-09-2013 15:15:59 Windows Modules Installer
26-09-2013 04:17:20 Scheduled Checkpoint
14-10-2013 22:22:40 Windows Update
08-11-2013 20:49:32 Scheduled Checkpoint
22-11-2013 02:16:33 Windows Update
23-11-2013 03:21:52 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05D2E1CD-4DD2-4908-9077-956F2F39B1B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {16E8BEC9-2A52-443E-A75C-22C631621C04} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {1A6D72A9-ECCD-4A18-9A6F-76E07FA8EDA1} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {53A10CD7-825C-45C5-9E18-05FD69A6C595} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15] (Google Inc.)
Task: {65C97FFD-FEAC-4E86-9CAA-824A8E9357D6} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {76CC7B22-2636-40F4-991B-CD30254A97C7} - System32\Tasks\FileAssociationManagerUpdater => C:\Program Files (x86)\FileAssociationManager\Updater.exe
Task: {8FC79660-E506-48AB-A914-59165EE1FAC4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3911828577-1647038322-1525200751-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {98281366-AA81-445D-BC51-371804652B5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-15] (Google Inc.)
Task: {9CBA45B6-F336-4467-B9ED-F4731723E1B8} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {B35A8568-3F2A-456A-8B0E-53142001747B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29] (Adobe Systems Incorporated)
Task: {E1406E6E-5936-4618-B0A5-203957DBB83C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E163CE6C-36AC-49B6-8E8B-16DE2D0B79D1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3911828577-1647038322-1525200751-1000 => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {E76BA736-DBBE-4736-BCFF-A8A35FBECA6F} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2011-05-31] (ASUS)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-23 15:26 - 2005-03-11 11:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll
2011-07-06 05:51 - 2011-05-23 17:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-06 05:52 - 2011-05-05 05:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-11-03 03:33 - 2010-09-17 01:52 - 00047104 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
2011-11-03 03:33 - 2010-09-17 01:52 - 00042496 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-30 14:48 - 2011-05-30 14:48 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2013-03-13 13:48 - 2013-03-13 13:48 - 24978944 _____ () C:\Users\Melissa\AppData\Roaming\Dropbox\bin\libcef.dll
2010-08-20 10:57 - 2010-08-20 10:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 10:57 - 2010-08-20 10:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2013 11:57:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3276

Error: (11/28/2013 11:57:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3276

Error: (11/28/2013 11:57:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/28/2013 11:41:49 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/28/2013 11:41:49 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/28/2013 11:41:49 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (11/28/2013 11:41:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: TWCApp.exe, version: 7.3.2.0, time stamp: 0x4ffc7afc
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xe0434352
Fault offset: 0x0000c41f
Faulting process id: 0xe60
Faulting application start time: 0xTWCApp.exe0
Faulting application path: TWCApp.exe1
Faulting module path: TWCApp.exe2
Report Id: TWCApp.exe3

Error: (11/28/2013 11:41:17 AM) (Source: .NET Runtime) (User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at DW.UI.App.Main()

Error: (11/28/2013 11:40:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Exception code: 0xc0000005
Fault offset: 0x00002c60
Faulting process id: 0x790
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3

Error: (11/28/2013 09:30:18 AM) (Source: Application Error) (User: )
Description: Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0, time stamp: 0x5252e730
Exception code: 0xc0000005
Fault offset: 0x00002c60
Faulting process id: 0x778
Faulting application start time: 0xDefaultTabSearch.exe0
Faulting application path: DefaultTabSearch.exe1
Faulting module path: DefaultTabSearch.exe2
Report Id: DefaultTabSearch.exe3


System errors:
=============
Error: (11/28/2013 11:40:37 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/28/2013 11:40:32 AM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error:
%%2

Error: (11/28/2013 09:30:18 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/28/2013 09:30:13 AM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error:
%%2

Error: (11/28/2013 08:51:21 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/28/2013 08:51:17 AM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error:
%%2

Error: (11/27/2013 10:57:25 AM) (Source: Service Control Manager) (User: )
Description: The DefaultTabSearch service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/27/2013 10:57:12 AM) (Source: Service Control Manager) (User: )
Description: The WajamUpdater service failed to start due to the following error:
%%2

Error: (11/27/2013 10:56:07 AM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/27/2013 10:55:49 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
ATKWMIACPIIO
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
tmtdi
vwififlt
Wanarpv6
WfpLwf


Microsoft Office Sessions:
=========================
Error: (11/28/2013 11:57:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3276

Error: (11/28/2013 11:57:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3276

Error: (11/28/2013 11:57:22 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/28/2013 11:41:49 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/28/2013 11:41:49 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/28/2013 11:41:49 AM) (Source: QuickBooks)(User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (11/28/2013 11:41:21 AM) (Source: Application Error)(User: )
Description: TWCApp.exe7.3.2.04ffc7afcKERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41fe6001ceec695b099c00C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exeC:\Windows\syswow64\KERNELBASE.dllac7f4907-585c-11e3-84e7-5404a64c3c34

Error: (11/28/2013 11:41:17 AM) (Source: .NET Runtime)(User: )
Description: Application: TWCApp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.DispatcherOperation.InvokeImpl()
   at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
   at System.Threading.ExecutionContext.runTryCode(System.Object)
   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode, CleanupCode, System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Windows.Threading.DispatcherOperation.Invoke()
   at System.Windows.Threading.Dispatcher.ProcessQueue()
   at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
   at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
   at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
   at System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef)
   at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame)
   at System.Windows.Application.RunDispatcher(System.Object)
   at System.Windows.Application.RunInternal(System.Windows.Window)
   at System.Windows.Application.Run(System.Windows.Window)
   at DW.UI.App.Main()

Error: (11/28/2013 11:40:35 AM) (Source: Application Error)(User: )
Description: DefaultTabSearch.exe0.0.0.05252e730DefaultTabSearch.exe0.0.0.05252e730c000000500002c6079001ceec695173fdf2C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe91173880-585c-11e3-84e7-5404a64c3c34

Error: (11/28/2013 09:30:18 AM) (Source: Application Error)(User: )
Description: DefaultTabSearch.exe0.0.0.05252e730DefaultTabSearch.exe0.0.0.05252e730c000000500002c6077801ceec571ccab82fC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exeC:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe5d771dab-584a-11e3-97a5-5404a64c3c34


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 5921.14 MB
Available physical RAM: 3995.41 MB
Total Pagefile: 11840.46 MB
Available Pagefile: 9591.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:206.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:394.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:56 PM

Posted 28 November 2013 - 02:45 PM

Please go back to Post #4.

This time run a fixlist with the text inside the codebox below.
However, make sure it is saved to the same location where FRST is, otherwise it will not work.
FRST is running from C:\Users\Melissa\Desktop\New folder
 
start
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll 
MountPoints2: {d635cd3c-72b3-11e1-83b5-5404a64c3c34} - F:\LaunchU3.exe -a
end
Run FRST, press the Fix button, just once, and wait.

When done, the tool creates a report on the called: Fixlog.txt
>> Please post the new Fixlog.txt in your reply.

Old duck...


#15 happytobeme

happytobeme
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:56 AM

Posted 28 November 2013 - 02:54 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013
Ran by Melissa at 2013-11-28 12:51:30 Run:4
Running from C:\Users\Melissa\Desktop\New folder
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\Melissa\AppData\Local\Temp\snitpqn\sarmdxf\wow.dll
MountPoints2: {d635cd3c-72b3-11e1-83b5-5404a64c3c34} - F:\LaunchU3.exe -a
end
*****************

HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d635cd3c-72b3-11e1-83b5-5404a64c3c34} => Key deleted successfully.
HKCR\CLSID\{d635cd3c-72b3-11e1-83b5-5404a64c3c34} => Key not found.

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users