Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015 Ran by ron at 2015-02-02 08:53:25 Running from C:\Users\ron\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4shared Desktop (HKLM\...\4shared Desktop) (Version: - ) Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated) Adobe Acrobat Connect Add-in (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Adobe Acrobat Connect Add-in) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.) Adobe Connect Add-in (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Adobe Connect Add-in) (Version: - ) Adobe Flash Player 11 Plugin (HKLM\...\{3D3085B0-BC4D-4559-B0AE-F5C879DEFFC4}) (Version: 11.3.300.257 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software) Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation) Bing Bar Platform (Version: 6.3.2322.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Canon MF Toolbox 4.9.1.1.mf14 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.) Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - ) Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.) Canon MG2200 series On-screen Manual (HKLM\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG2200 series User Registration (HKLM\...\Canon MG2200 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.3) (Version: 5.0.1.3 - Coupons.com Incorporated) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Driver Download Manager (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.) Dell Toolbar (HKLM\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - ) Dropbox (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) GoToMeeting 5.3.0.1009 (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline) HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden jZip (HKLM\...\jZip) (Version: - Discordia Limited.) Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.) Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - ) Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: - ) Logitech Print Service (HKLM\...\Logitech Print Service) (Version: - ) Matrox Graphics Software (remove only) (HKLM\...\Matrox Graphics Uninstaller) (Version: - ) Matrox PowerDesk-SE (HKLM\...\{22DC3166-47B6-4B9E-A163-AB0F50C91829}) (Version: 11.12.0000.0045 - Matrox Graphics Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden MOTOROLA MEDIA LINK (HKLM\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola) Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PC Pitstop Optimize3 3.0 (HKLM\...\PC Pitstop Optimize3_is1) (Version: 3.0.0.42 - PC Pitstop) QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) StreetSmart Pro (HKLM\...\{664708B3-C730-11D5-ADE7-00B0D07D157A}) (Version: 4.32 - ) TaxACT 2011 - 1040 Edition (HKLM\...\TaxACT 2011 - 1040 Edition) (Version: - 2nd Story Software, Inc.) TD AMERITRADE StrategyDesk 3.3 (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\{CDA84216-5817-4DB8-A15E-D928E85E23B2}) (Version: 3.3 - TD AMERITRADE) thinkorswim from TD AMERITRADE (HKLM\...\thinkorswim from TD AMERITRADE) (Version: - TD AMERITRADE, Inc.) TradeManager 2013 Beta2 (HKLM\...\TradeManager) (Version: - Alibaba (China) Network Technology Co., Ltd.) TradeStation 9.0 (HKLM\...\{6EF11260-2361-409D-B91C-373D8732EED8}) (Version: 9.0.0.8997 - TradeStation Technologies) TradeStation 9.1 (HKLM\...\{B948B39D-214F-486E-BCD9-8AB691F8762A}) (Version: 9.01.00.12191 - TradeStation Technologies) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. ) Wisdom-soft ScreenHunter 5.0 Free (HKLM\...\Wisdom-soft ScreenHunter 5.0 Free) (Version: - Wisdom Software Inc.) Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{017CE1A6-416F-4684-AE6A-02064420B30A}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{26C3F8B0-0217-46A1-AB2D-A1B494E71402}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files\trademanager\AliIMX.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\trademanager\AliIMX.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkTDAL\npthinkorswim.dll (TD Ameritrade) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1009\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\trademanager\modules\8003\GraffitiGUI.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{CFCA933E-4C70-4FB2-B411-70C2CAF2B9F8}\localserver32 -> C:\Program Files\trademanager\aliapploader.exe (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkTDAL\nptossc.dll (TD Ameritrade) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{E81FB43C-B144-4D30-8033-C9338AA0ECB8}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\tsmf.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 12-12-2014 09:49:45 Removed Java 8 Update 25 18-12-2014 13:23:47 Scheduled Checkpoint 23-12-2014 19:24:34 Scheduled Checkpoint 22-01-2015 18:32:28 Scheduled Checkpoint 28-01-2015 12:44:04 new 29-01-2015 08:38:23 avast! antivirus system restore point 29-01-2015 13:02:32 Removed ECHOpro 30-01-2015 08:26:20 Restore Point Created by FRST 30-01-2015 08:40:58 Restore Point Created by FRST 30-01-2015 08:45:58 Restore Point Created by FRST 30-01-2015 09:56:12 1-30-15 after virus 02-02-2015 08:31:25 Restore Point Created by FRST 02-02-2015 08:33:58 Restore Point Created by FRST 02-02-2015 08:35:40 Restore Point Created by FRST ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2011-05-18 07:19 - 00000734 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0080996F-F167-4F3C-B564-02F0EC33E761} - System32\Tasks\Driver Robot => C:\Program Files\Driver Robot\1.0.7.3\DriverRobot.exe Task: {075BCB77-210B-4DBB-AB89-A5B013B4137E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {0CEB8EBB-3739-4972-A998-AC711A31DB0C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {11651B12-8847-4966-99D0-1D929B9151D9} - System32\Tasks\{D1BFA6FF-41A0-43C1-8066-59F23B8BCAC8} => pcalua.exe -a C:\Users\ron\AppData\Local\Temp\InstallFlashPlayer.exe -d C:\Users\ron\Desktop Task: {2FD63CB2-E0A1-45FC-AC37-CCE8E845D0AF} - System32\Tasks\{7EE89D9E-2EC9-419D-9E9E-63942478420F} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.169/en/abandoninstall?page=tsGoogle&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered Task: {4ADDFFC8-0509-4985-A7F9-96F65443DFD3} - System32\Tasks\{67CFC914-29A9-4A9A-80F9-B0A4C858A3F7} => Iexplore.exe http://ui.skype.com/ui/0/5.3.0.120/en/abandoninstall?page=tsGoogle&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered Task: {4E7F1733-CC6A-4813-B25A-7AE5D5ECEBB3} - System32\Tasks\{450EFA0A-4048-4002-9B3C-B6CCEC831CE2} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;systemlevelpresent Task: {611154C7-C225-422D-8C46-5C036898BE31} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software) Task: {66DDE1DE-FB23-43BF-A0B1-0C08971B7A16} - System32\Tasks\GoogleUpdater => Rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write((new%20ActiveXObject("WScript.Shell")).RegRead("HKCU\\software\\microsoft\\internet explorer\\zergling_rush")) Task: {6EA31722-B842-4803-954A-5532E1ED75E8} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {7AB943AB-95FA-46D0-AE5E-4C146C89B1BA} - System32\Tasks\{274A29E0-5B3C-4986-B01C-BA97FA88C6AA} => Iexplore.exe http://ui.skype.com/ui/0/5.1.0.104/en/abandoninstall?page=tsMain&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered Task: {7BC9103D-6507-4E34-9A16-569ED4EBE144} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {98E2194B-983D-4012-9BFA-FD38FF8051C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A79C2D6E-C427-48E5-B61E-DFE31BDDCAEC} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2008-09-10] () Task: {B4A898C8-2757-4791-93AA-9B73AAA240D6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {BF910EB6-346B-4572-A76D-A4C929ACA776} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {CB92EF55-9E46-4EA6-82B7-55B71D9C5785} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {D0657E5C-C90E-4EFA-BB2F-56FBC11E507E} - System32\Tasks\{6DFD3BEF-D7C0-4BF7-A3BA-A975EB88DA5F} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {D87748AB-3542-4701-B230-873E2676E464} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated) Task: {E7F1B31F-C9EB-4BFB-80F1-8D125868101D} - System32\Tasks\{2FF53E40-C08D-440D-83BA-3FA3BAB0540D} => pcalua.exe -a "C:\Users\ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPW7MLZA\download[1].exe" -d C:\Users\ron\Desktop Task: {F75B7910-6D0C-4881-90A8-EF7155E4E04E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {FA37036E-087E-4DEF-8EB3-9FBDA8C3C529} - System32\Tasks\{DF1DE8C6-073B-4FEB-9F21-FC71E50E3B4A} => pcalua.exe -a D:\setup.EXE -d D:\ -c /AUTORUN (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.0.7.3\DriverRobot.exe ==================== Loaded Modules (whitelisted) ============= 2015-02-02 08:19 - 2015-02-02 08:19 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020200\algo.dll 2009-07-08 10:30 - 2008-04-30 19:41 - 00045056 _____ () C:\Windows\System32\LXDUPMON.DLL 2009-07-08 10:30 - 2008-09-10 04:43 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL 2009-07-08 10:30 - 2008-09-10 04:41 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll 2009-07-08 10:35 - 2008-05-23 07:17 - 00121856 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdudrpp.dll 2010-03-22 08:07 - 2010-03-22 08:07 - 00175104 _____ () C:\Program Files\4shared Desktop\CMenu.dll 2014-06-06 07:49 - 2014-11-26 12:27 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2011-09-19 15:57 - 2011-09-19 15:57 - 00128336 _____ () C:\Program Files\Motorola Media Link\Lite\liveupdatetactics.dll 2011-09-19 15:57 - 2011-09-19 15:57 - 00023872 _____ () C:\Program Files\Motorola Media Link\Lite\DbAccess.dll 2011-09-19 15:59 - 2011-09-19 15:59 - 00465632 _____ () C:\Program Files\Motorola Media Link\Lite\sqlite3.dll 2011-09-19 15:57 - 2011-09-19 15:57 - 00045368 _____ () C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll 2011-09-19 15:57 - 2011-09-19 15:57 - 00034128 _____ () C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll 2011-12-06 16:00 - 2011-12-06 16:00 - 00214896 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe 2011-12-06 16:00 - 2011-12-06 16:00 - 00784240 _____ () C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:19F60666 AlternateDataStreams: C:\Users\ron\Local Settings:init AlternateDataStreams: C:\Users\ron\Desktop\Webx1669.mp4:TOC.WMV AlternateDataStreams: C:\Users\ron\Desktop\Wild_KittyCat.07.09.13.mp4:TOC.WMV AlternateDataStreams: C:\Users\ron\AppData\Local:init AlternateDataStreams: C:\Users\ron\AppData\Local\Application Data:init ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^conhost.exe => C:\Windows\pss\conhost.exe.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: aliim => "C:\Program Files\TradeManager\AliIM.exe" /autorun MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon MSCONFIG\startupreg: EzPrint => "C:\Program Files\Dell V310-V510 Series\ezprint.exe" MSCONFIG\startupreg: iLivid => "C:\Users\ron\AppData\Local\iLivid\iLivid.exe" -autorun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Jing => C:\Program Files\TechSmith\Jing\Jing.exe MSCONFIG\startupreg: LDM => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe MSCONFIG\startupreg: Lexmark 5600-6600 Series Fax Server => "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: mgsft => "C:\Windows\System32\rundll32.exe" "C:\Users\ron\AppData\Roaming\mgsft.dll",Long_FromLong MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: MSConfig => "C:\Users\ron\clirjiuz.exe" MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: PC Pitstop Optimize Reminder => C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot MSCONFIG\startupreg: Wisdom-soft ScreenHunter 5.1 Pro => 0 ========================= Accounts: ========================== Administrator (S-1-5-21-893646719-2384664811-2616046975-500 - Administrator - Disabled) Guest (S-1-5-21-893646719-2384664811-2616046975-501 - Limited - Disabled) ron (S-1-5-21-893646719-2384664811-2616046975-1000 - Administrator - Enabled) => C:\Users\ron ==================== Faulty Device Manager Devices ============= Name: Intel(R) G33/G31 Express Chipset Family Description: Intel(R) G33/G31 Express Chipset Family Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (02/02/2015 08:52:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x515ba857, exception code 0xc0000005, fault offset 0x73fe74b2, process id 0x608, application start time 0xiexplore.exe0. Error: (02/02/2015 08:35:39 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9cd7f23c-a06c-4b9d-ad90-7d5392fd591e} Error: (02/02/2015 08:33:58 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9cd7f23c-a06c-4b9d-ad90-7d5392fd591e} Error: (02/02/2015 08:31:23 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9cd7f23c-a06c-4b9d-ad90-7d5392fd591e} Error: (01/30/2015 03:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module Wpc.dll, version 1.0.0.1, time stamp 0x4791a783, exception code 0xc0000005, fault offset 0x0000ba1a, process id 0xa84, application start time 0xiexplore.exe0. Error: (01/30/2015 10:03:37 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (01/30/2015 10:03:36 AM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (01/30/2015 09:42:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application iexplore.exe, version 9.0.8112.16545, time stamp 0x531a4f73, faulting module gdiplus.dll_unloaded, version 0.0.0.0, time stamp 0x515ba857, exception code 0xc0000005, fault offset 0x74ad74b2, process id 0x954, application start time 0xiexplore.exe0. Error: (01/30/2015 08:45:58 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {75694b05-f12c-4102-b5c3-82d8acd4ec8a} Error: (01/30/2015 08:40:57 AM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {75694b05-f12c-4102-b5c3-82d8acd4ec8a} System errors: ============= Error: (02/02/2015 08:39:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (02/02/2015 08:39:14 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (02/02/2015 08:39:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Computer Browser%%1060 Error: (02/02/2015 08:19:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (02/02/2015 08:19:34 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (02/02/2015 08:19:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Computer Browser%%1060 Error: (01/30/2015 04:13:49 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Windows Image Acquisition (WIA) Error: (01/30/2015 04:12:26 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (01/30/2015 04:12:26 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (01/30/2015 04:12:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Computer Browser%%1060 Microsoft Office Sessions: ========================= Error: (02/02/2015 08:52:40 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe9.0.8112.16545531a4f73gdiplus.dll_unloaded0.0.0.0515ba857c000000573fe74b260801d03eedffe2784c Error: (02/02/2015 08:35:39 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9cd7f23c-a06c-4b9d-ad90-7d5392fd591e} Error: (02/02/2015 08:33:58 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9cd7f23c-a06c-4b9d-ad90-7d5392fd591e} Error: (02/02/2015 08:31:23 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9cd7f23c-a06c-4b9d-ad90-7d5392fd591e} Error: (01/30/2015 03:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe9.0.8112.16545531a4f73Wpc.dll1.0.0.14791a783c00000050000ba1aa8401d03c968be96b4d Error: (01/30/2015 10:03:37 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (01/30/2015 10:03:36 AM) (Source: Perflib) (EventID: 1010) (User: ) Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (01/30/2015 09:42:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: iexplore.exe9.0.8112.16545531a4f73gdiplus.dll_unloaded0.0.0.0515ba857c000000574ad74b295401d03c954abb963d Error: (01/30/2015 08:45:58 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {75694b05-f12c-4102-b5c3-82d8acd4ec8a} Error: (01/30/2015 08:40:57 AM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005 Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {75694b05-f12c-4102-b5c3-82d8acd4ec8a} CodeIntegrity Errors: =================================== Date: 2012-10-02 17:05:14.124 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\verifier.dll because the set of per-page image hashes could not be found on the system. Date: 2012-10-01 15:37:04.199 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\verifier.dll because the set of per-page image hashes could not be found on the system. Date: 2012-09-27 11:51:23.118 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\verifier.dll because the set of per-page image hashes could not be found on the system. Date: 2012-09-24 09:06:40.756 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\verifier.dll because the set of per-page image hashes could not be found on the system. Date: 2012-09-21 14:30:04.050 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\verifier.dll because the set of per-page image hashes could not be found on the system. Date: 2012-05-23 12:17:21.655 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2012-05-23 12:17:21.438 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2012-05-23 12:17:21.132 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2012-05-23 12:17:20.911 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2012-05-23 12:17:20.718 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\Setup\INF\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz Percentage of memory in use: 41% Total physical RAM: 2036.45 MB Available physical RAM: 1183.69 MB Total Pagefile: 4314.16 MB Available Pagefile: 3466.21 MB Total Virtual: 2047.88 MB Available Virtual: 1915.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:205.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: () (Removable) (Total:7.28 GB) (Free:6.79 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 436A7ED9) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 7.3 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================