Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by ron at 2015-04-02 14:29:28 Running from C:\Users\ron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJL2FHVS Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4shared Desktop (HKLM\...\4shared Desktop) (Version: - ) Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated) Adobe Acrobat Connect Add-in (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Adobe Acrobat Connect Add-in) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.) Adobe Connect Add-in (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Adobe Connect Add-in) (Version: - ) Adobe Flash Player 11 Plugin (HKLM\...\{3D3085B0-BC4D-4559-B0AE-F5C879DEFFC4}) (Version: 11.3.300.257 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software) Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation) Bing Bar Platform (Version: 6.3.2322.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Canon MF Toolbox 4.9.1.1.mf14 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.) Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - ) Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.) Canon MG2200 series On-screen Manual (HKLM\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG2200 series User Registration (HKLM\...\Canon MG2200 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Driver Download Manager (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.) Dell Toolbar (HKLM\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - ) Dropbox (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden GoToMeeting 5.3.0.1009 (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline) iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.) Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - ) Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: - ) Logitech Print Service (HKLM\...\Logitech Print Service) (Version: - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Matrox Graphics Software (remove only) (HKLM\...\Matrox Graphics Uninstaller) (Version: - ) Matrox PowerDesk-SE (HKLM\...\{22DC3166-47B6-4B9E-A163-AB0F50C91829}) (Version: 11.12.0000.0045 - Matrox Graphics Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden MOTOROLA MEDIA LINK (HKLM\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola) Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PC Pitstop Optimize3 3.0 (HKLM\...\PC Pitstop Optimize3_is1) (Version: 3.0.0.42 - PC Pitstop) QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) StreetSmart Pro (HKLM\...\{664708B3-C730-11D5-ADE7-00B0D07D157A}) (Version: 4.32 - ) TaxACT 2011 - 1040 Edition (HKLM\...\TaxACT 2011 - 1040 Edition) (Version: - 2nd Story Software, Inc.) TD AMERITRADE StrategyDesk 3.3 (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\{CDA84216-5817-4DB8-A15E-D928E85E23B2}) (Version: 3.3 - TD AMERITRADE) thinkorswim from TD AMERITRADE (HKLM\...\thinkorswim from TD AMERITRADE) (Version: - TD AMERITRADE, Inc.) TradeManager 2013 Beta2 (HKLM\...\TradeManager) (Version: - Alibaba (China) Network Technology Co., Ltd.) TradeStation 9.0 (HKLM\...\{6EF11260-2361-409D-B91C-373D8732EED8}) (Version: 9.0.0.8997 - TradeStation Technologies) TradeStation 9.1 (HKLM\...\{B948B39D-214F-486E-BCD9-8AB691F8762A}) (Version: 9.01.00.12191 - TradeStation Technologies) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. ) Wisdom-soft ScreenHunter 5.0 Free (HKLM\...\Wisdom-soft ScreenHunter 5.0 Free) (Version: - Wisdom Software Inc.) Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{017CE1A6-416F-4684-AE6A-02064420B30A}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{26C3F8B0-0217-46A1-AB2D-A1B494E71402}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files\trademanager\AliIMX.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\trademanager\AliIMX.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkTDAL\npthinkorswim.dll (TD Ameritrade) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1009\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\trademanager\modules\8003\GraffitiGUI.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{CFCA933E-4C70-4FB2-B411-70C2CAF2B9F8}\localserver32 -> C:\Program Files\trademanager\aliapploader.exe (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkTDAL\nptossc.dll (TD Ameritrade) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{E81FB43C-B144-4D30-8033-C9338AA0ECB8}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\tsmf.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 10-02-2015 14:44:31 End of disinfection 12-02-2015 10:56:49 Restore Operation 12-02-2015 11:08:59 avast! antivirus system restore point 12-02-2015 13:23:47 2/12/2015 12.23 13-02-2015 10:19:32 Removed HiJackThis 20-02-2015 14:37:52 Scheduled Checkpoint 06-03-2015 15:43:55 Restore Operation 06-03-2015 15:54:44 avast! antivirus system restore point 06-03-2015 17:11:15 avast! antivirus system restore point 18-03-2015 14:10:02 Scheduled Checkpoint 25-03-2015 08:42:35 avast! antivirus system restore point 31-03-2015 17:00:47 Removed HiJackThis 01-04-2015 18:36:45 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 06:23 - 2011-05-18 08:19 - 00000734 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0080996F-F167-4F3C-B564-02F0EC33E761} - System32\Tasks\Driver Robot => C:\Program Files\Driver Robot\1.0.7.3\DriverRobot.exe Task: {075BCB77-210B-4DBB-AB89-A5B013B4137E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {6EA31722-B842-4803-954A-5532E1ED75E8} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {7BC9103D-6507-4E34-9A16-569ED4EBE144} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {7E16C5B7-76B5-4410-AC4E-EB8A19329FC1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {98E2194B-983D-4012-9BFA-FD38FF8051C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A79C2D6E-C427-48E5-B61E-DFE31BDDCAEC} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2008-09-10] () Task: {A881A3FD-B5A2-4690-A56E-275078DEAF83} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {B4A898C8-2757-4791-93AA-9B73AAA240D6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {CB92EF55-9E46-4EA6-82B7-55B71D9C5785} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {D0657E5C-C90E-4EFA-BB2F-56FBC11E507E} - System32\Tasks\{6DFD3BEF-D7C0-4BF7-A3BA-A975EB88DA5F} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {F75B7910-6D0C-4881-90A8-EF7155E4E04E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {FA37036E-087E-4DEF-8EB3-9FBDA8C3C529} - System32\Tasks\{DF1DE8C6-073B-4FEB-9F21-FC71E50E3B4A} => pcalua.exe -a D:\setup.EXE -d D:\ -c /AUTORUN Task: {FBBF9D90-0188-48FB-A6A6-78A89A6F578D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-25] (Avast Software s.r.o.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.0.7.3\DriverRobot.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d06caad5100d89.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-03-06 17:14 - 2015-03-25 08:45 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-06 17:14 - 2015-03-25 08:45 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-04-02 08:14 - 2015-04-02 08:15 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040201\algo.dll 2009-07-08 11:30 - 2008-04-30 20:41 - 00045056 _____ () C:\Windows\System32\LXDUPMON.DLL 2009-07-08 11:30 - 2008-09-10 05:43 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL 2009-07-08 11:30 - 2008-09-10 05:41 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll 2009-07-08 11:35 - 2008-05-23 08:17 - 00121856 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdudrpp.dll 2014-06-06 08:49 - 2015-03-06 17:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:19F60666 AlternateDataStreams: C:\Users\ron\Local Settings:init AlternateDataStreams: C:\Users\ron\Desktop\Webx1669.mp4:TOC.WMV AlternateDataStreams: C:\Users\ron\Desktop\Wild_KittyCat.07.09.13.mp4:TOC.WMV AlternateDataStreams: C:\Users\ron\AppData\Local:init AlternateDataStreams: C:\Users\ron\AppData\Local\Application Data:init ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-893646719-2384664811-2616046975-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: CouponPrinterService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MotoHelper => 2 MSCONFIG\Services: PCPitstop Scheduling => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^conhost.exe => C:\Windows\pss\conhost.exe.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: aliim => "C:\Program Files\TradeManager\AliIM.exe" /autorun MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon MSCONFIG\startupreg: carbonate => C:\Program Files\Adobe\Reader 9.0\Reader\Optional\assembly_language\sublimation.exe MSCONFIG\startupreg: EzPrint => "C:\Program Files\Dell V310-V510 Series\ezprint.exe" MSCONFIG\startupreg: iLivid => "C:\Users\ron\AppData\Local\iLivid\iLivid.exe" -autorun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Jing => C:\Program Files\TechSmith\Jing\Jing.exe MSCONFIG\startupreg: LDM => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe MSCONFIG\startupreg: Lexmark 5600-6600 Series Fax Server => "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: mgsft => "C:\Windows\System32\rundll32.exe" "C:\Users\ron\AppData\Roaming\mgsft.dll",Long_FromLong MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: MSConfig => "C:\Users\ron\clirjiuz.exe" MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: PC Pitstop Optimize Reminder => C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot MSCONFIG\startupreg: Wisdom-soft ScreenHunter 5.1 Pro => 0 ==================== Accounts: ============================= Administrator (S-1-5-21-893646719-2384664811-2616046975-500 - Administrator - Disabled) Guest (S-1-5-21-893646719-2384664811-2616046975-501 - Limited - Disabled) ron (S-1-5-21-893646719-2384664811-2616046975-1000 - Administrator - Enabled) => C:\Users\ron ==================== Faulty Device Manager Devices ============= Name: Intel(R) G33/G31 Express Chipset Family Description: Intel(R) G33/G31 Express Chipset Family Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/02/2015 11:42:26 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/02/2015 11:42:26 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/02/2015 09:34:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/02/2015 09:34:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/02/2015 09:32:57 AM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (04/02/2015 08:46:21 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/02/2015 08:46:21 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/02/2015 08:44:46 AM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (04/02/2015 08:30:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/02/2015 08:24:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application XPSViewer.exe, version 3.0.6920.4216, time stamp 0x5167b76a, faulting module kernel32.dll, version 6.0.6002.19034, time stamp 0x52f2ec86, exception code 0x0000002b, fault offset 0x0003fd1e, process id 0x1c00, application start time 0xXPSViewer.exe0. System errors: ============= Error: (04/02/2015 01:14:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (04/02/2015 01:14:38 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (04/02/2015 01:14:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Computer Browser%%1060 Error: (04/02/2015 11:35:35 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (04/02/2015 11:35:35 AM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (04/02/2015 11:35:35 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Computer Browser%%1060 Error: (04/02/2015 09:34:29 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (04/02/2015 09:33:43 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (04/02/2015 09:33:11 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF} Error: (04/02/2015 09:32:57 AM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions: ========================= Error: (04/02/2015 11:42:26 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/02/2015 11:42:26 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/02/2015 09:34:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/02/2015 09:34:19 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/02/2015 09:32:57 AM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (04/02/2015 08:46:21 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/02/2015 08:46:21 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/02/2015 08:44:46 AM) (Source: EventSystem) (EventID: 4609) (User: ) Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (04/02/2015 08:30:00 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/02/2015 08:24:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: XPSViewer.exe3.0.6920.42165167b76akernel32.dll6.0.6002.1903452f2ec860000002b0003fd1e1c0001d06d3fb718bc74 CodeIntegrity Errors: =================================== Date: 2015-04-02 14:23:10.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-02 14:23:10.123 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-02 14:23:09.385 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-02 14:22:57.426 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-10 08:19:15.881 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-10 08:19:15.647 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-10 08:19:15.413 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-10 08:19:14.945 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-10 08:19:13.416 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-03-10 08:19:13.089 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz Percentage of memory in use: 65% Total physical RAM: 2036.45 MB Available physical RAM: 697.44 MB Total Pagefile: 4310.16 MB Available Pagefile: 1778.34 MB Total Virtual: 2047.88 MB Available Virtual: 1895.46 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:210.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive f: () (Removable) (Total:14.83 GB) (Free:14.62 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 436A7ED9) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================