Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Message: c:\programdata\IcNuyIgiby.dat failed to load


  • This topic is locked This topic is locked
6 replies to this topic

#1 kenshireen

kenshireen

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 24 May 2014 - 05:41 PM

I use Vista home edition.

When booting up I get the above message.

 

Can someone help me on this one


Edited by Chris Cosgrove, 24 May 2014 - 06:48 PM.
Moved to 'Am I infected?'


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:57 PM

Posted 24 May 2014 - 06:38 PM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer. Make sure that Addition.txt is ticked as well.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 kenshireen

kenshireen
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:02:57 PM

Posted 24 May 2014 - 08:09 PM

Hi,

I have attached logs ofr FRST and Addition.

Thank you for you assistance

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014
Ran by Owner (administrator) on OWNER-PC on 24-05-2014 20:54:04
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PROMGF
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ArcSoft, Inc.) C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Lexmark International, Inc.) C:\WINDOWS\System32\spool\drivers\w32x86\3\lxecserv.exe
( ) C:\WINDOWS\System32\lxeccoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
(Apple Inc.) C:\Program Files\AirPort\APAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett Packard) C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Google Inc.) C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PROMGF\FRST[1].exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM\...\Run: [Google Quick Search Box] => C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [126976 2011-03-25] (Google Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1387288 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [lxecmon.exe] => C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM\...\Run: [AirPort Base Station Agent] => C:\Program Files\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2014-01-30] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [{709876f9-0c08-b274-8550-48431532df5c}] => C:\ProgramData\Microsoft\{709876f9-0c08-b274-8550-48431532df5c}\{709876f9-0c08-b274-8550-48431532df5c}.exe [139310 2014-05-23] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\RunOnce: [Launcher] - %WINDIR%\SMINST\launcher.exe [44136 2006-11-24] (soft thinks)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [{709876f9-0c08-b274-8550-48431532df5c}] => C:\ProgramData\Microsoft\{709876f9-0c08-b274-8550-48431532df5c}\{709876f9-0c08-b274-8550-48431532df5c}.exe [139310 2014-05-23] ( ())
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4205190178-630423112-2301515628-1000\...\Run: [Ovrhics] => regsvr32.exe C:\Users\Owner\AppData\Local\Ovrhics\ep0npp01.dll <===== ATTENTION
HKU\S-1-5-21-4205190178-630423112-2301515628-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-03-24] (Google Inc.)
HKU\S-1-5-21-4205190178-630423112-2301515628-1000\...\Run: [IcnuyIgiby] => regsvr32.exe "C:\ProgramData\IcnuyIgiby.dat"
HKU\S-1-5-21-4205190178-630423112-2301515628-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKU\S-1-5-21-4205190178-630423112-2301515628-1000\...\MountPoints2: {3a535834-a5ea-11e0-a25b-001a920c1333} - K:\HPLauncher.exe
HKU\S-1-5-21-4205190178-630423112-2301515628-1000\...\MountPoints2: {7ee441b2-5665-11e0-bbbb-806e6f6e6963} - E:\wubi.exe --cdmenu
HKU\S-1-5-21-4205190178-630423112-2301515628-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4205190178-630423112-2301515628-1001\...\Run: [HPADVISOR] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1644088 2009-08-05] (Hewlett-Packard)
AppInit_DLLs: c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll => c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver performer.lnk
ShortcutTarget: Driver performer.lnk -> C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGCJGIK7\DriverPerformer_16i[1].exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
ShortcutTarget: HP Connections.lnk -> C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (Hewlett Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {029AFE0F-652D-4DC8-B263-CCF4D16C4361} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {2971D89F-3C90-465A-9B3E-E1BD0F4F9381} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKLM - {2B704BC8-EA1E-4965-95C4-5D5B8D5AFB78} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=3149691101234762&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3325565&octid=EB_ORIGINAL_CTID&ISID=M581EC72A-4ABA-479E-870D-A14D33DC6D2C&SearchSource=58&CUI=&UM=5&UP=SPCB3CBA24-C993-46A2-A13E-9F66FF0E46E7&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0169E633-8781-F882-9BC7-7B014AE4DE4E} URL = http://www.bing.com/search?q={searchTerms}&pc=Z206&form=ZGAIDF&install_date=20111221&iesrc={referrer:source}
SearchScopes: HKCU - {029AFE0F-652D-4DC8-B263-CCF4D16C4361} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002YYUS&apn_uid=31872ddf-5707-47dc-ad79-da53f9b9d956&apn_sauid=3F5DFAB6-9B1F-4068-805F-60BE1B69CF27
SearchScopes: HKCU - {2971D89F-3C90-465A-9B3E-E1BD0F4F9381} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {2B704BC8-EA1E-4965-95C4-5D5B8D5AFB78} URL = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=101&systemid=421&apn_dtid=BND421&apn_ptnrs=AGA&o=APN10649&apn_uid=3149691101234762&q={searchTerms}
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=7086409001CD280007568BA2&install_time=2012-05-02T01:11:09Z&src_id=30664&camp_id=4054&tb_version=1.1.3001.0(B)
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} file:///E:/Scripts/LTOCX14N.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: ZEON/PDF,version=2.0 - C:\Program Files\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\searchplugins\bing-zugo.xml
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: ALOT Appbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\Extensions\appbar@alot.com [2012-05-01]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\Extensions\staged [2012-12-15]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\Extensions\tidynetwork@tidynetwork [2013-08-25]
FF Extension: Define Ext - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\Extensions\umylsm@sqhjcpzmeselzlp.org [2013-08-25]
FF Extension: Yahoo! Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-06-05]
FF Extension: ShopToWin22 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ry5f5v72.default\Extensions\{7cd0c597-24e0-45b0-8bde-2e79b3fc0499} [2011-12-21]
FF Extension: Define Ext - C:\Program Files\Mozilla Firefox\extensions\umylsm@sqhjcpzmeselzlp.org [2013-08-25]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011-04-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-06-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKCU\...\Firefox\Extensions: [{EB132DB0-A4CA-11DF-9732-0E29E0D72085}] - C:\Program Files\Object\facetheme

Chrome:
=======
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\gcswf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File
CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Owner\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (RASMapi Class) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-05-03]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (TidyNetwork.com) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmcghbhpbbgonmooapmopcfinokmnpjg [2013-08-25]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Produtools Manuals 2.1 B2) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbhbgnpgkhbpdidkbgbhlmolppnglog [2013-05-22]
CHR Extension: (Define Ext) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh [2013-08-25]
CHR Extension: (RealDownloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKLM\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Owner\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-04-17]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKCU\...\Chrome\Extension: [ghbhbgnpgkhbpdidkbgbhlmolppnglog] - C:\Users\Owner\AppData\Local\CRE\ghbhbgnpgkhbpdidkbgbhlmolppnglog.crx [2013-04-17]
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 BackupService; C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [X]
S2 LexPrintListener; C:\Program Files\Lexmark\LexPrint\lmablpml.dll [X]
S3 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [X]

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13024 2013-01-21] ()
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-24 20:53 - 2014-05-24 20:54 - 00000000 ____D () C:\FRST
2014-05-24 18:07 - 2014-05-24 18:07 - 00019102 _____ () C:\FixitRegBackup.reg
2014-05-24 16:40 - 2014-05-24 16:40 - 00000919 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 14:32 - 2014-05-24 20:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 14:32 - 2014-05-24 14:32 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 14:32 - 2014-05-24 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 14:31 - 2014-05-24 14:32 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 14:31 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-24 14:31 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-24 14:31 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ___RD () C:\Program Files\Skype
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-24 11:55 - 2014-05-24 12:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-24 10:51 - 2014-05-24 10:51 - 00000000 ____D () C:\5c9ed0265b6df129e15803dda3
2014-05-23 14:10 - 2014-05-24 09:53 - 00000000 ____D () C:\Windows\pss
2014-05-23 14:01 - 2014-05-23 14:01 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-23 14:00 - 2014-05-23 14:01 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-23 13:10 - 2010-04-05 16:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-05-23 11:10 - 2014-05-23 11:10 - 00000000 ____D () C:\MATS
2014-05-23 10:16 - 2014-05-23 10:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SearchProtect
2014-05-23 09:44 - 2014-05-23 09:44 - 01581655 _____ () C:\ProgramData\SPLB4E3.tmp
2014-05-23 09:22 - 2014-05-23 09:23 - 00000000 ____D () C:\Windows\Temp5559B36B-5FB7-19AF-A51F-D6018BE57595-Signatures
2014-05-22 16:33 - 2014-05-24 20:37 - 00000066 _____ () C:\Windows\system32\ypjqrhf.qsb
2014-05-22 16:23 - 2014-05-22 16:23 - 00000064 _____ () C:\Windows\system32\nkxajd.csw
2014-05-22 16:23 - 2014-05-22 16:23 - 00000000 _____ () C:\Windows\system32\qulubdu.hgx
2014-05-22 16:07 - 2014-05-22 16:07 - 00245006 ____S () C:\Windows\system32\uoizqb.qyu
2014-05-20 11:08 - 2014-05-20 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-20 11:08 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-20 11:08 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-20 11:04 - 2014-05-20 11:08 - 00004186 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-19 11:36 - 2014-05-19 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-05-19 10:10 - 2014-05-24 16:17 - 00000000 ____D () C:\Program Files\Yula
2014-05-19 10:07 - 2014-05-19 10:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Fixila
2014-05-19 10:06 - 2014-05-19 10:24 - 00005260 _____ () C:\szfixila.log
2014-05-14 19:10 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 19:09 - 2014-05-05 15:31 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 19:09 - 2014-05-05 15:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 19:09 - 2014-05-05 14:47 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 11:35 - 2014-05-07 11:35 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\Optimizer Pro
2014-05-07 11:30 - 2014-05-19 10:11 - 01197158 _____ (Free Software Network ) C:\Users\Owner\Downloads\FreeFlash.exe
2014-05-07 11:30 - 2014-05-07 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update
2014-05-07 11:30 - 2014-05-07 11:30 - 00000000 ____D () C:\Program Files\Flash Update
2014-05-07 11:29 - 2014-05-24 17:02 - 00000000 ____D () C:\Users\Owner\AppData\Local\WeatherAlerts
2014-05-07 11:29 - 2014-05-07 11:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-05-07 11:29 - 2014-05-07 11:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\Local_Weather_LLC
2014-05-07 11:27 - 2014-05-24 16:17 - 00000000 ____D () C:\Program Files\SearchProtect
2014-05-07 11:27 - 2014-05-19 10:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\SearchProtect
2014-05-07 11:27 - 2014-05-19 09:34 - 00000000 _____ () C:\END
2014-05-07 11:14 - 2014-05-07 11:14 - 00000000 ____D () C:\Program Files\Dropbox
2014-05-06 17:40 - 2014-05-24 19:35 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DropboxMaster
2014-05-04 18:21 - 2014-05-04 18:22 - 00691576 _____ (Yahoo! Inc.) C:\Users\Owner\Downloads\msgr11us.exe
2014-05-03 23:20 - 2014-05-03 23:20 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ovrhics

==================== One Month Modified Files and Folders =======

2014-05-24 20:54 - 2014-05-24 20:53 - 00000000 ____D () C:\FRST
2014-05-24 20:50 - 2011-03-25 18:12 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-24 20:48 - 2011-03-24 18:29 - 01932329 _____ () C:\Windows\WindowsUpdate.log
2014-05-24 20:46 - 2011-03-24 16:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4205190178-630423112-2301515628-1000UA.job
2014-05-24 20:37 - 2014-05-22 16:33 - 00000066 _____ () C:\Windows\system32\ypjqrhf.qsb
2014-05-24 20:26 - 2013-02-11 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-24 20:17 - 2014-05-24 14:32 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-24 19:36 - 2012-01-13 16:50 - 00000000 ___RD () C:\Users\Owner\Dropbox
2014-05-24 19:36 - 2012-01-13 16:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2014-05-24 19:35 - 2014-05-06 17:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\DropboxMaster
2014-05-24 19:34 - 2011-08-27 10:30 - 00064156 _____ () C:\ProgramData\lxecscan.log
2014-05-24 19:29 - 2011-03-25 18:12 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 19:27 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-24 19:27 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-24 19:27 - 2006-11-02 08:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-24 19:03 - 2011-05-09 23:14 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-24 19:03 - 2006-11-02 09:01 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-24 18:07 - 2014-05-24 18:07 - 00019102 _____ () C:\FixitRegBackup.reg
2014-05-24 17:41 - 2011-07-07 08:49 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-05-24 17:02 - 2014-05-07 11:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\WeatherAlerts
2014-05-24 16:40 - 2014-05-24 16:40 - 00000919 _____ () C:\Users\Owner\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 16:21 - 2006-11-02 06:23 - 00000313 _____ () C:\Windows\win.ini
2014-05-24 16:17 - 2014-05-19 10:10 - 00000000 ____D () C:\Program Files\Yula
2014-05-24 16:17 - 2014-05-07 11:27 - 00000000 ____D () C:\Program Files\SearchProtect
2014-05-24 16:17 - 2013-08-25 08:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\DefineExt
2014-05-24 16:17 - 2013-01-17 17:35 - 00000000 ____D () C:\Program Files\Shop to Win 28
2014-05-24 16:17 - 2013-01-17 17:35 - 00000000 ____D () C:\Program Files\Qwiklinx
2014-05-24 15:26 - 2013-12-02 13:26 - 00000000 ____D () C:\Users\Owner\AppData\Local\TBHostSupport
2014-05-24 14:32 - 2014-05-24 14:32 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-24 14:32 - 2014-05-24 14:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-24 14:32 - 2014-05-24 14:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-24 14:31 - 2011-03-24 16:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 13:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-05-24 12:48 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-24 12:40 - 2006-11-02 06:33 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-24 12:33 - 2006-11-02 08:47 - 00306368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-24 12:29 - 2006-12-06 06:40 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-05-24 12:29 - 2006-11-02 08:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ___RD () C:\Program Files\Skype
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-24 12:21 - 2011-03-25 18:13 - 00000000 ____D () C:\ProgramData\Skype
2014-05-24 12:18 - 2011-03-25 18:10 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-05-24 12:01 - 2014-05-24 11:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-24 11:05 - 2006-11-02 08:37 - 00000000 ____D () C:\Program Files\Windows Journal
2014-05-24 11:03 - 2011-09-28 11:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-05-24 10:51 - 2014-05-24 10:51 - 00000000 ____D () C:\5c9ed0265b6df129e15803dda3
2014-05-24 10:50 - 2011-09-28 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-05-24 10:01 - 2012-01-13 16:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 09:53 - 2014-05-23 14:10 - 00000000 ____D () C:\Windows\pss
2014-05-23 14:05 - 2012-06-04 10:35 - 00001595 _____ () C:\ProgramData\lxec.log
2014-05-23 14:02 - 2011-03-24 16:28 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-05-23 14:01 - 2014-05-23 14:01 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-23 14:01 - 2014-05-23 14:00 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-23 12:42 - 2011-08-27 11:20 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-05-23 11:10 - 2014-05-23 11:10 - 00000000 ____D () C:\MATS
2014-05-23 10:27 - 2011-08-01 18:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Real
2014-05-23 10:16 - 2014-05-23 10:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SearchProtect
2014-05-23 09:44 - 2014-05-23 09:44 - 01581655 _____ () C:\ProgramData\SPLB4E3.tmp
2014-05-23 09:23 - 2014-05-23 09:22 - 00000000 ____D () C:\Windows\Temp5559B36B-5FB7-19AF-A51F-D6018BE57595-Signatures
2014-05-23 04:46 - 2011-03-24 16:16 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4205190178-630423112-2301515628-1000Core.job
2014-05-22 16:23 - 2014-05-22 16:23 - 00000064 _____ () C:\Windows\system32\nkxajd.csw
2014-05-22 16:23 - 2014-05-22 16:23 - 00000000 _____ () C:\Windows\system32\qulubdu.hgx
2014-05-22 16:07 - 2014-05-22 16:07 - 00245006 ____S () C:\Windows\system32\uoizqb.qyu
2014-05-22 15:23 - 2011-03-25 17:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\HpUpdate
2014-05-22 11:34 - 2013-01-23 09:45 - 00000517 _____ () C:\Users\Owner\Desktop\quikcbooks.url
2014-05-22 03:00 - 2011-07-06 23:25 - 00000382 _____ () C:\Windows\Tasks\RegSERVO.job
2014-05-22 03:00 - 2011-06-10 21:44 - 00000382 _____ () C:\Windows\Tasks\ErrorEND.job
2014-05-20 11:09 - 2014-01-25 11:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-20 11:08 - 2014-05-20 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-20 11:08 - 2014-05-20 11:04 - 00004186 _____ () C:\Windows\system32\jupdate-1.7.0_55-b14.log
2014-05-20 11:08 - 2011-04-04 11:00 - 00000000 ____D () C:\Program Files\Java
2014-05-19 11:36 - 2014-05-19 11:36 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2014-05-19 11:36 - 2006-12-06 06:47 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-05-19 11:35 - 2014-05-19 11:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-05-19 11:35 - 2006-12-06 06:47 - 00000000 ____D () C:\Program Files\Adobe
2014-05-19 11:34 - 2011-03-25 16:56 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2014-05-19 10:24 - 2014-05-19 10:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Fixila
2014-05-19 10:24 - 2014-05-19 10:06 - 00005260 _____ () C:\szfixila.log
2014-05-19 10:11 - 2014-05-07 11:30 - 01197158 _____ (Free Software Network ) C:\Users\Owner\Downloads\FreeFlash.exe
2014-05-19 10:06 - 2014-05-07 11:27 - 00000000 ____D () C:\Users\Owner\AppData\Local\SearchProtect
2014-05-19 09:34 - 2014-05-07 11:27 - 00000000 _____ () C:\END
2014-05-15 09:43 - 2014-02-11 12:45 - 00014336 _____ () C:\Users\Owner\Desktop\Documents\2014 medical mileage.xls
2014-05-14 17:26 - 2013-02-11 21:07 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-14 17:26 - 2013-02-11 21:07 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 20:32 - 2013-04-11 22:31 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-13 20:32 - 2013-04-11 22:30 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-12 07:26 - 2014-05-24 14:31 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-24 14:31 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-24 14:31 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-07 11:35 - 2014-05-07 11:35 - 00000000 ____D () C:\Users\Owner\Desktop\Documents\Optimizer Pro
2014-05-07 11:30 - 2014-05-07 11:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Update
2014-05-07 11:30 - 2014-05-07 11:30 - 00000000 ____D () C:\Program Files\Flash Update
2014-05-07 11:29 - 2014-05-07 11:29 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-05-07 11:29 - 2014-05-07 11:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\Local_Weather_LLC
2014-05-07 11:14 - 2014-05-07 11:14 - 00000000 ____D () C:\Program Files\Dropbox
2014-05-05 15:31 - 2014-05-14 19:09 - 06021120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 15:31 - 2014-05-14 19:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-05 14:47 - 2014-05-14 19:09 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 18:22 - 2014-05-04 18:21 - 00691576 _____ (Yahoo! Inc.) C:\Users\Owner\Downloads\msgr11us.exe
2014-05-04 17:14 - 2006-11-02 06:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-03 23:20 - 2014-05-03 23:20 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ovrhics

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo7fi6u.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2011-07-07 17:35] - [2009-04-10 23:28] - 0557056 ____A (Microsoft Corporation) F92A3D125BC31D83CFDB81CFDE1DBD9E

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-24 19:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014
Ran by Owner at 2014-05-24 20:55:11
Running from C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PROMGF
Boot Mode: Normal
=============================When I boot up vista I get the above error message saying that it may not be compatible with the version of windows I am running. Check to see if the module is compatible with a 32 or 64 bit version of regsvr32.exe

 

=============================

==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
AirPort (HKLM\...\{40184457-4514-4B18-84A8-6BB8A3AB6A81}) (Version: 5.5.3.2 - Apple Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Define Ext (HKCU\...\Define Ext) (Version: 8 - DefineExt.com)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVDFab 8.2.2.0 (16/11/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Quick Search Box (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4262.12 - PC-Doctor, Inc.)
HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
HP Connections (remove only) (HKLM\...\HPOOVClient-6811507 Uninstaller) (Version:  - )
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 1.00.0000 - Hewlett-Packard)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.00.0000 - Hewlett-Packard)
HP Picasso Media Center Add-In (Version: 1.0.0 - HP) Hidden
HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark Pro800-Pro900 Series (HKLM\...\Lexmark Pro800-Pro900 Series) (Version:  - Lexmark International, Inc.)
Lexmark Software Uninstall (HKLM\...\Lexmark_iListener) (Version:  - Lexmark International, Inc.)
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Logitech SetPoint 6.32 (HKLM\...\sp6) (Version: 6.32.20 - Logitech)
Magic ISO Maker v5.5 (build 0281) (HKLM\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Windows Journal Viewer (HKLM\...\{43DCF766-6838-4F9A-8C91-D92DA586DFA8}) (Version: 1.5.2316.0 - Microsoft)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 4.0 (x86 en-US) (HKLM\...\Mozilla Firefox 4.0 (x86 en-US)) (Version: 4.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PDF Reader (HKLM\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
NVIDIA Control Panel 306.97 (Version: 306.97 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.97 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OcxSetup (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
Spotify (HKLM\...\Spotify) (Version: 0.5.2 - )
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 wgaiper (Version: 010.000.1530 - Intuit Inc.) Hidden
TurboTax 2010 WinPerFedFormset (Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wnjiper (Version: 010.000.1431 - Intuit Inc.) Hidden
TurboTax 2010 wokiper (Version: 010.000.1809 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 wgaiper (Version: 011.000.1699 - Intuit Inc.) Hidden
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0474 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wgaiper (Version: 012.000.1371 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 wgaiper (Version: 013.000.1300 - Intuit Inc.) Hidden
TurboTax 2013 WinPerFedFormset (Version: 013.000.1953 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (Version: 013.000.0135 - Intuit Inc.) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

==================== Restore Points  =========================

23-04-2014 21:33:57 Windows Update
27-04-2014 21:34:41 Windows Update
01-05-2014 21:34:25 Windows Update
05-05-2014 21:31:50 Windows Update
09-05-2014 15:08:39 Windows Update
13-05-2014 15:08:11 Windows Update
18-05-2014 01:16:09 Windows Update
19-05-2014 14:27:23 Removed WebSlingPlayer ActiveX
19-05-2014 14:31:19 Removed WebSlingPlayer ActiveX
19-05-2014 14:33:43 Removed WebSlingPlayer ActiveX
19-05-2014 14:34:27 Removed WebSlingPlayer ActiveX
19-05-2014 14:36:14 Removed WebSlingPlayer ActiveX
19-05-2014 14:50:03 Removed WebSlingPlayer ActiveX
20-05-2014 15:01:33 Installed Java 7 Update 55
21-05-2014 12:47:40 Removed Zoosk Messenger
21-05-2014 13:25:18 Windows Update
22-05-2014 16:47:55 Restore Operation
22-05-2014 17:31:24 Restore Operation
23-05-2014 13:37:01 Restore Operation
23-05-2014 14:58:43 Restore Point before Corrupt Patch Registry keys
23-05-2014 15:10:26  Microsoft Security Client
23-05-2014 17:09:57 Windows Update
24-05-2014 14:03:49 Windows Update
24-05-2014 14:31:12 Windows Update
24-05-2014 15:16:28 Windows Update
24-05-2014 22:05:40 Installed Microsoft Fix it 50535
24-05-2014 22:08:14 Installed Microsoft Fix it 50535
24-05-2014 23:01:52 Restore Operation

==================== Hosts content: ==========================

2006-11-02 06:23 - 2006-09-18 17:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {08CD6BD1-22CE-418C-A1CF-A54F6C653108} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Owner => C:\Program Files\Windows Calendar\wincal.exe [2009-04-10] (Microsoft Corporation)
Task: {099E62D0-952F-463D-99A4-90B46FB25095} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {299A0CB0-E854-4E4D-AA2C-E098A4A1B364} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4205190178-630423112-2301515628-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24] (Google Inc.)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {40A0994B-3479-4951-9F2D-D90E132B7EFB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4205190178-630423112-2301515628-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {40D9A49A-DA15-42EA-A555-F82EE57155B6} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4205190178-630423112-2301515628-500 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {47CEF249-BDBC-4C13-A4E7-07515FC66C33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4205190178-630423112-2301515628-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24] (Google Inc.)
Task: {4C2794A5-C3BF-41D7-AAF7-C0FD8432D7B8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4205190178-630423112-2301515628-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4CE261C4-FE81-4D3A-B072-514B6F444440} - System32\Tasks\ErrorEND => C:\Program Files\ErrorEND\ErrorEND.exe
Task: {4F1C082C-81F2-4836-AB36-7F453A77B183} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {5A2526B7-23D7-465F-B114-A677B13D3486} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {5DF15EA5-4067-4A80-8CC9-5A7F1EE19C58} - System32\Tasks\{0C19F195-9DC5-46F2-9F4D-16BC43C1F9BC} => Iexplore.exe http://ui.skype.com/ui/0/5.5.0.124.180/en/abandoninstall?page=tsPlugin&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {6A302DD7-EF8E-43E7-8EC1-F6993827CAA3} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {6A3D22D9-DB37-43F2-B52E-280DEDE7697F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4205190178-630423112-2301515628-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {725C5DFB-8A69-48F3-B7D1-D954ECFB6CE5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4205190178-630423112-2301515628-500 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {78FDA4BA-C3DB-47E6-8F5E-B963339D3CF1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {7B368201-2D55-49AB-B38A-C9017E4453F8} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4205190178-630423112-2301515628-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {82B1CDC3-DF1C-4C75-93B0-591933D23848} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4205190178-630423112-2301515628-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8C2A03D5-6F68-4176-A97D-F907AEDC7950} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4205190178-630423112-2301515628-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8E67184F-1493-4556-AE08-2B0F5FF241A6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {941E680B-F89A-4D52-B375-980699860ABE} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-15] (Google)
Task: {A5511075-5A26-40F3-AAEC-576A476AE3DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-25] (Google Inc.)
Task: {A6DFAF8E-2689-4F30-8757-C3D76CB64B27} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4205190178-630423112-2301515628-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {B5CA4B23-3EF4-42BB-9EA3-640331DD136C} - System32\Tasks\RegSERVO => C:\Program Files\REGSERVO\RegSERVO.exe
Task: {C5103435-A2E3-4709-B84B-96C43343606B} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4205190178-630423112-2301515628-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {C60E4B26-2CF7-4B99-9CEB-42F89F097B64} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4205190178-630423112-2301515628-500 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CE806B37-00A9-4AF3-90B8-362F5B073A5B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4205190178-630423112-2301515628-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {D723EE0C-3018-414F-A907-5D5C3C00AFFC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4205190178-630423112-2301515628-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E24276EA-E0E0-4258-8F30-9FD141BB0E1A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4205190178-630423112-2301515628-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-03-26] ()
Task: {EAAC9CDD-D0A6-48CD-9730-6F8A8BE38B6B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EED730AF-C7C3-4231-BF0B-6C650FC2BBCC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ErrorEND.job => C:\Program Files\ErrorEND\ErrorEND.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4205190178-630423112-2301515628-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4205190178-630423112-2301515628-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegSERVO.job => C:\Program Files\REGSERVO\REGSERVO.exe

==================== Loaded Modules (whitelisted) =============

2011-09-02 14:33 - 2009-05-18 08:39 - 00049152 _____ () C:\Windows\System32\LXECPMON.DLL
2011-09-02 14:33 - 2009-01-13 09:15 - 04485120 _____ () C:\Windows\System32\LXECOEM.DLL
2012-06-04 10:59 - 2009-11-04 08:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxecdrpp.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-03-25 18:58 - 2011-03-25 18:58 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2011-03-25 18:58 - 2011-03-25 18:58 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2011-03-25 18:11 - 2011-11-13 00:25 - 00103424 _____ () C:\Program Files\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
2011-10-07 05:41 - 2011-10-07 05:41 - 00879896 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-06-04 10:49 - 2011-01-23 20:47 - 00770728 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
2012-06-04 10:49 - 2010-04-01 13:23 - 00389120 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
2012-06-04 10:52 - 2009-05-27 07:16 - 00192512 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxecdatr.dll
2012-06-04 10:49 - 2010-04-01 13:24 - 01159168 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2012-06-04 10:49 - 2009-03-10 01:43 - 00155648 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2011-08-27 10:22 - 2009-02-20 03:48 - 00299008 _____ () C:\Windows\system32\lxecsm.dll
2011-08-27 10:22 - 2009-02-20 03:48 - 00023552 _____ () C:\Windows\system32\lxecsmr.dll
2012-06-04 10:49 - 2011-01-23 20:47 - 00148280 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
2012-06-04 10:49 - 2010-04-05 06:56 - 00716954 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2012-06-04 10:49 - 2010-04-05 06:55 - 00159890 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
2012-06-04 10:49 - 2010-04-05 06:54 - 00123033 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Eputil.DLL
2012-06-04 10:49 - 2010-04-05 06:54 - 00143502 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2012-06-04 10:49 - 2010-04-05 06:55 - 00061604 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2012-06-04 10:49 - 2010-04-05 06:56 - 02203803 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2012-06-04 10:49 - 2010-04-05 06:56 - 00045221 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
2012-06-04 10:49 - 2010-04-05 06:56 - 00094359 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2012-06-04 10:49 - 2009-04-07 15:25 - 00409600 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
2012-06-04 10:49 - 2009-03-02 10:25 - 00151552 _____ () C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
2006-12-06 06:49 - 2006-12-06 06:49 - 00061496 _____ () C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\clntutil.dll
2006-12-06 06:49 - 2006-12-06 06:49 - 00151589 _____ () C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\BWfiles.dll
2006-12-06 06:49 - 2006-12-06 06:49 - 00098339 _____ () C:\Program Files\HP Connections\6811507\6.3.2.139-6811507\Program\frext.dll
2006-12-06 06:49 - 2006-12-06 06:49 - 00135168 _____ () C:\Program Files\HP Connections\6811507\Program\HPClientExt.dll
2014-05-24 19:35 - 2014-05-24 19:35 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo7fi6u.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libcef.dll
2011-07-04 18:41 - 2011-05-26 14:14 - 00477080 _____ () C:\Users\Owner\AppData\Roaming\HP SimpleSave Application\StartHelper.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Owner\Desktop\Documents\Is College a Lousy Investment.doc:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2014 07:52:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GZB4NEHB\DESKTOP.INI> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (05/24/2014 07:37:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2014 07:37:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2014 07:36:16 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: .

Error: (05/24/2014 04:28:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2014 04:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Yulasee.BrowserAdapter.exe, version 0.0.0.0, time stamp 0x537fdf6f, faulting module ep0npp01.dll, version 0.0.0.0, time stamp 0x530dff94, exception code 0xc0000005, fault offset 0x00002391,
process id 0x2cb0, application start time 0xYulasee.BrowserAdapter.exe0.

Error: (05/24/2014 04:20:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Yulasee.BrowserAdapter.exe, version 0.0.0.0, time stamp 0x537fdf6f, faulting module ep0npp01.dll, version 0.0.0.0, time stamp 0x530dff94, exception code 0xc0000005, fault offset 0x00002391,
process id 0x16dc, application start time 0xYulasee.BrowserAdapter.exe0.

Error: (05/24/2014 04:19:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19518, time stamp 0x5309a2be, faulting module ep0npp01.dll, version 0.0.0.0, time stamp 0x530dff94, exception code 0xc0000005, fault offset 0x00002391,
process id 0x2e80, application start time 0xiexplore.exe0.

Error: (05/24/2014 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.19518, time stamp 0x5309a2be, faulting module ep0npp01.dll, version 0.0.0.0, time stamp 0x530dff94, exception code 0xc0000005, fault offset 0x0000238e,
process id 0x2cf8, application start time 0xiexplore.exe0.

Error: (05/24/2014 04:18:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application Yulasee.BrowserAdapter.exe, version 0.0.0.0, time stamp 0x537fdf6f, faulting module ep0npp01.dll, version 0.0.0.0, time stamp 0x530dff94, exception code 0xc0000005, fault offset 0x0000238e,
process id 0x2784, application start time 0xYulasee.BrowserAdapter.exe0.

System errors:
=============
Error: (05/24/2014 07:34:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Media Player Network Sharing Service%%1053

Error: (05/24/2014 07:34:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Media Player Network Sharing Service

Error: (05/24/2014 07:30:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Intuit Update Service v4%%1053

Error: (05/24/2014 07:30:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Intuit Update Service v4

Error: (05/24/2014 07:28:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (05/24/2014 07:28:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: LexPrint Listener%%126

Error: (05/24/2014 07:28:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (05/24/2014 07:28:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Microsoft Antimalware Service%%2147942402

Error: (05/24/2014 06:14:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (05/24/2014 06:14:53 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: LexPrint Listener%%126

Microsoft Office Sessions:
=========================
Error: (05/24/2014 07:52:34 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\USERS\OWNER\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\GZB4NEHB\DESKTOP.INI

Error: (05/24/2014 07:37:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/24/2014 07:37:06 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/24/2014 07:36:16 PM) (Source: System Restore) (EventID: 8209) (User: )
Description: Windows Update

Error: (05/24/2014 04:28:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\WINDOWS\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

Error: (05/24/2014 04:20:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Yulasee.BrowserAdapter.exe0.0.0.0537fdf6fep0npp01.dll0.0.0.0530dff94c0000005000023912cb001cf778d9c8776b1

Error: (05/24/2014 04:20:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Yulasee.BrowserAdapter.exe0.0.0.0537fdf6fep0npp01.dll0.0.0.0530dff94c00000050000239116dc01cf778d89de6501

Error: (05/24/2014 04:19:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.195185309a2beep0npp01.dll0.0.0.0530dff94c0000005000023912e8001cf778d81705811

Error: (05/24/2014 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe8.0.6001.195185309a2beep0npp01.dll0.0.0.0530dff94c00000050000238e2cf801cf778d792f75a1

Error: (05/24/2014 04:18:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Yulasee.BrowserAdapter.exe0.0.0.0537fdf6fep0npp01.dll0.0.0.0530dff94c00000050000238e278401cf778d641dc861

CodeIntegrity Errors:
===================================
  Date: 2014-05-24 20:54:48.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:54:48.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:54:47.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:54:47.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:54:47.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:54:46.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:54:46.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:54:45.986
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:18:26.222
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-05-24 20:18:25.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 56%
Total physical RAM: 1917.82 MB
Available physical RAM: 832.85 MB
Total Pagefile: 4084.19 MB
Available Pagefile: 2627.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.32 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:226.63 GB) (Free:69.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:6.25 GB) (Free:0.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Removable) (Total:1.89 GB) (Free:1.76 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=227 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:57 PM

Posted 24 May 2014 - 08:21 PM

Hello, just letting you know I moved this topic o here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:57 PM

Posted 24 May 2014 - 09:05 PM

Hello,

 

Your computer is badly infected...

 

 

Click on Start > type in appwiz.cpl in the search box and press Enter
Find and uninstall the following programs from the list
 

Define Ext

 

 

Next please download FRST again but make sure that you save it to your desktop <= IMPORTANT (don't run it through your browser)!

Re-run FRST by double-clicking the desktop icon and type the following in the edit box after Search: rpcss.dll

Click the Search button

It will make a log (Search.txt)- please post the log into your reply to me.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:57 PM

Posted 03 June 2014 - 02:58 PM

Hello,

 

Do you still need assistance?

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:57 PM

Posted 08 June 2014 - 08:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users