Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015 Ran by ron at 2015-04-03 17:15:12 Running from C:\Users\ron\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4shared Desktop (HKLM\...\4shared Desktop) (Version: - ) Acrobat.com (HKLM\...\{6D8D64BE-F500-55B6-705D-DFD08AFE0624}) (Version: 1.7.186 - Adobe Systems Incorporated) Adobe Acrobat Connect Add-in (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Adobe Acrobat Connect Add-in) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.1.8210 - Adobe Systems Inc.) Adobe Connect Add-in (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Adobe Connect Add-in) (Version: - ) Adobe Flash Player 11 Plugin (HKLM\...\{3D3085B0-BC4D-4559-B0AE-F5C879DEFFC4}) (Version: 11.3.300.257 - Adobe Systems Incorporated) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2215 - AVAST Software) Bing Bar (HKLM\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2322.0 - Microsoft Corporation) Bing Bar Platform (Version: 6.3.2322.0 - Microsoft Corporation) Hidden Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Canon MF Toolbox 4.9.1.1.mf14 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.) Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version: - ) Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.) Canon MG2200 series On-screen Manual (HKLM\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.) Canon MG2200 series User Registration (HKLM\...\Canon MG2200 series User Registration) (Version: - Canon Inc.‎) Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dell Driver Download Manager (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc) Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.) Dell Toolbar (HKLM\...\{09B71986-2AC5-482d-B6CB-42EA34F4F85B}) (Version: 1.8.12.0 - ) Dropbox (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.) Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden GoToMeeting 5.3.0.1009 (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\GoToMeeting) (Version: 5.3.0.1009 - CitrixOnline) iCloud (HKLM\...\{8CC68433-5837-4075-B81F-EA7E4F14CE60}) (Version: 2.0.2.187 - Apple Inc.) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Jing (HKLM\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.) Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - ) Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: - ) Logitech Print Service (HKLM\...\Logitech Print Service) (Version: - ) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Matrox Graphics Software (remove only) (HKLM\...\Matrox Graphics Uninstaller) (Version: - ) Matrox PowerDesk-SE (HKLM\...\{22DC3166-47B6-4B9E-A163-AB0F50C91829}) (Version: 11.12.0000.0045 - Matrox Graphics Inc.) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MotoHelper 2.1.32 Driver 5.4.0 (HKLM\...\MotoHelper) (Version: 2.1.32 - Motorola) MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden MOTOROLA MEDIA LINK (HKLM\...\{378397D6-FD32-4092-A854-6A75CB7EDA46}) (Version: 1.5.4090.2 - Motorola) Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) PC Pitstop Optimize3 3.0 (HKLM\...\PC Pitstop Optimize3_is1) (Version: 3.0.0.42 - PC Pitstop) QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.) RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Safari (HKLM\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.) Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) StreetSmart Pro (HKLM\...\{664708B3-C730-11D5-ADE7-00B0D07D157A}) (Version: 4.32 - ) TaxACT 2011 - 1040 Edition (HKLM\...\TaxACT 2011 - 1040 Edition) (Version: - 2nd Story Software, Inc.) TD AMERITRADE StrategyDesk 3.3 (HKU\S-1-5-21-893646719-2384664811-2616046975-1000\...\{CDA84216-5817-4DB8-A15E-D928E85E23B2}) (Version: 3.3 - TD AMERITRADE) thinkorswim from TD AMERITRADE (HKLM\...\thinkorswim from TD AMERITRADE) (Version: - TD AMERITRADE, Inc.) TradeManager 2013 Beta2 (HKLM\...\TradeManager) (Version: - Alibaba (China) Network Technology Co., Ltd.) TradeStation 9.0 (HKLM\...\{6EF11260-2361-409D-B91C-373D8732EED8}) (Version: 9.0.0.8997 - TradeStation Technologies) TradeStation 9.1 (HKLM\...\{B948B39D-214F-486E-BCD9-8AB691F8762A}) (Version: 9.01.00.12191 - TradeStation Technologies) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) WinZip 14.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}) (Version: 14.0.8652 - WinZip Computing, S.L. ) Wisdom-soft ScreenHunter 5.0 Free (HKLM\...\Wisdom-soft ScreenHunter 5.0 Free) (Version: - Wisdom Software Inc.) Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - ) Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{017CE1A6-416F-4684-AE6A-02064420B30A}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{0E75A0CB-0072-450A-8AF2-D56B82045B4F}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{26C3F8B0-0217-46A1-AB2D-A1B494E71402}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{4CEEAF57-0208-4CA4-A473-914C2D2FFC23}\InprocServer32 -> C:\Program Files\trademanager\AliIMX.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}\InprocServer32 -> C:\Program Files\trademanager\AliIMX.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{6777375D-DD17-46FF-A4E4-9650C00D5D92}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{79b4acff-94d2-58c5-baf6-23df99c7fcba}\InprocServer32 -> C:\Program Files\thinkTDAL\npthinkorswim.dll (TD Ameritrade) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1009\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{BBE29546-D5F8-4D69-92E2-F9AED5758908}\InprocServer32 -> C:\Program Files\trademanager\modules\8003\GraffitiGUI.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{CFCA933E-4C70-4FB2-B411-70C2CAF2B9F8}\localserver32 -> C:\Program Files\trademanager\aliapploader.exe (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{D4FEDB83-B705-497F-8707-6CA53D69FF9B}\InprocServer32 -> C:\Program Files\trademanager\SDKDB.dll (Alibaba (China) Co., Ltd.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{dcc9a6f3-492c-5f51-a65d-3dd92b26c165}\InprocServer32 -> C:\Program Files\thinkTDAL\nptossc.dll (TD Ameritrade) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{E81FB43C-B144-4D30-8033-C9338AA0ECB8}\InprocServer32 -> C:\Program Files\trademanager\AliIMSSOLogin.dll (Alibaba software (Shanghai) Corporation.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{F7117AE6-81F2-45B8-96EE-56F6FD357A48}\InprocServer32 -> C:\ProgramData\{49A0BAC7-3326-4433-9373-4AA8793ABB5C}\tsmf.dll No File CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-893646719-2384664811-2616046975-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\ron\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ==================== Restore Points ========================= 10-02-2015 14:44:31 End of disinfection 12-02-2015 10:56:49 Restore Operation 12-02-2015 11:08:59 avast! antivirus system restore point 12-02-2015 13:23:47 2/12/2015 12.23 13-02-2015 10:19:32 Removed HiJackThis 20-02-2015 14:37:52 Scheduled Checkpoint 06-03-2015 15:43:55 Restore Operation 06-03-2015 15:54:44 avast! antivirus system restore point 06-03-2015 17:11:15 avast! antivirus system restore point 18-03-2015 14:10:02 Scheduled Checkpoint 25-03-2015 08:42:35 avast! antivirus system restore point 31-03-2015 17:00:47 Removed HiJackThis 01-04-2015 18:36:45 Windows Update 03-04-2015 08:55:23 Restore Point Created by FRST 03-04-2015 11:43:49 Restore Point Created by FRST ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 06:23 - 2011-05-18 08:19 - 00000734 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0080996F-F167-4F3C-B564-02F0EC33E761} - System32\Tasks\Driver Robot => C:\Program Files\Driver Robot\1.0.7.3\DriverRobot.exe Task: {075BCB77-210B-4DBB-AB89-A5B013B4137E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {6EA31722-B842-4803-954A-5532E1ED75E8} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {7BC9103D-6507-4E34-9A16-569ED4EBE144} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {98E2194B-983D-4012-9BFA-FD38FF8051C1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A1E40043-9D40-4434-BD80-CD8C544A05A0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {A79C2D6E-C427-48E5-B61E-DFE31BDDCAEC} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2008-09-10] () Task: {B4A898C8-2757-4791-93AA-9B73AAA240D6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {CB92EF55-9E46-4EA6-82B7-55B71D9C5785} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] () Task: {D0657E5C-C90E-4EFA-BB2F-56FBC11E507E} - System32\Tasks\{6DFD3BEF-D7C0-4BF7-A3BA-A975EB88DA5F} => C:\Program Files\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {D9A21785-718E-4DD5-9D51-92482B38F93B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {F75B7910-6D0C-4881-90A8-EF7155E4E04E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-893646719-2384664811-2616046975-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.) Task: {FA37036E-087E-4DEF-8EB3-9FBDA8C3C529} - System32\Tasks\{DF1DE8C6-073B-4FEB-9F21-FC71E50E3B4A} => pcalua.exe -a D:\setup.EXE -d D:\ -c /AUTORUN Task: {FBBF9D90-0188-48FB-A6A6-78A89A6F578D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-25] (Avast Software s.r.o.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files\Driver Robot\1.0.7.3\DriverRobot.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d06caad5100d89.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2010-03-22 09:07 - 2010-03-22 09:07 - 00175104 _____ () C:\Program Files\4shared Desktop\CMenu.dll 2015-03-06 17:14 - 2015-03-25 08:45 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-03-06 17:14 - 2015-03-25 08:45 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-04-03 14:34 - 2015-04-03 14:34 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040303\algo.dll 2009-07-08 11:30 - 2008-04-30 20:41 - 00045056 _____ () C:\Windows\System32\LXDUPMON.DLL 2009-07-08 11:30 - 2008-09-10 05:43 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL 2009-07-08 11:30 - 2008-09-10 05:41 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll 2009-07-08 11:35 - 2008-05-23 08:17 - 00121856 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdudrpp.dll 2014-06-06 08:49 - 2015-03-06 17:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:19F60666 AlternateDataStreams: C:\Users\ron\Local Settings:init AlternateDataStreams: C:\Users\ron\Desktop\Webx1669.mp4:TOC.WMV AlternateDataStreams: C:\Users\ron\Desktop\Wild_KittyCat.07.09.13.mp4:TOC.WMV AlternateDataStreams: C:\Users\ron\AppData\Local:init AlternateDataStreams: C:\Users\ron\AppData\Local\Application Data:init ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-893646719-2384664811-2616046975-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ron\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: CouponPrinterService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: MBAMService => 2 MSCONFIG\Services: MotoHelper => 2 MSCONFIG\Services: PCPitstop Scheduling => 3 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk => C:\Windows\pss\Audible Download Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^conhost.exe => C:\Windows\pss\conhost.exe.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk => C:\Windows\pss\Logitech Desktop Messenger.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^ron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: aliim => "C:\Program Files\TradeManager\AliIM.exe" /autorun MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon MSCONFIG\startupreg: carbonate => C:\Program Files\Adobe\Reader 9.0\Reader\Optional\assembly_language\sublimation.exe MSCONFIG\startupreg: EzPrint => "C:\Program Files\Dell V310-V510 Series\ezprint.exe" MSCONFIG\startupreg: iLivid => "C:\Users\ron\AppData\Local\iLivid\iLivid.exe" -autorun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Jing => C:\Program Files\TechSmith\Jing\Jing.exe MSCONFIG\startupreg: LDM => C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe MSCONFIG\startupreg: Lexmark 5600-6600 Series Fax Server => "C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe" /s MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet MSCONFIG\startupreg: mgsft => "C:\Windows\System32\rundll32.exe" "C:\Users\ron\AppData\Roaming\mgsft.dll",Long_FromLong MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe MSCONFIG\startupreg: MSConfig => "C:\Users\ron\clirjiuz.exe" MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: PC Pitstop Optimize Reminder => C:\Program Files\PCPitstop\Optimize3\Reminder-Optimize3.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TkBellExe => "C:\Program Files\real\realplayer\update\realsched.exe" -osboot MSCONFIG\startupreg: Wisdom-soft ScreenHunter 5.1 Pro => 0 ==================== Accounts: ============================= Administrator (S-1-5-21-893646719-2384664811-2616046975-500 - Administrator - Disabled) Guest (S-1-5-21-893646719-2384664811-2616046975-501 - Limited - Disabled) ron (S-1-5-21-893646719-2384664811-2616046975-1000 - Administrator - Enabled) => C:\Users\ron ==================== Faulty Device Manager Devices ============= Name: Intel(R) G33/G31 Express Chipset Family Description: Intel(R) G33/G31 Express Chipset Family Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/03/2015 04:20:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 04:20:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 03:24:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 03:24:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 02:39:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 02:39:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 02:17:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 02:17:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 01:21:51 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (04/03/2015 01:21:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (04/03/2015 04:20:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (04/03/2015 04:20:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (04/03/2015 04:20:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Computer Browser%%1060 Error: (04/03/2015 04:19:17 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 4:12:25 PM on 4/3/2015 was unexpected. Error: (04/03/2015 03:19:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (04/03/2015 03:19:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Error: (04/03/2015 03:19:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Computer Browser%%1060 Error: (04/03/2015 03:17:24 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:11:27 PM on 4/3/2015 was unexpected. Error: (04/03/2015 02:35:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IPsec Policy AgentBFE Error: (04/03/2015 02:35:15 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: IKE and AuthIP IPsec Keying ModulesBFE Microsoft Office Sessions: ========================= Error: (04/03/2015 04:20:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 04:20:59 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 03:24:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 03:24:45 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 02:39:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 02:39:56 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 02:17:23 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 02:17:21 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 01:21:51 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe Error: (04/03/2015 01:21:48 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{6935C750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe CodeIntegrity Errors: =================================== Date: 2015-04-03 17:14:41.302 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-03 17:14:40.988 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-03 17:14:40.662 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-03 17:14:40.362 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-03 16:25:04.985 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-03 16:25:04.657 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-03 16:25:04.267 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-03 16:25:03.924 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-02 14:40:36.245 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-04-02 14:40:32.107 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz Percentage of memory in use: 55% Total physical RAM: 2036.45 MB Available physical RAM: 896.84 MB Total Pagefile: 4312.19 MB Available Pagefile: 3188.86 MB Total Virtual: 2047.88 MB Available Virtual: 1886.29 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:298.09 GB) (Free:207.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (2007_11_03_2329) (Removable) (Total:0.99 GB) (Free:0.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 436A7ED9) Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 1010.3 MB) (Disk ID: 00063EF3) Partition 1: (Active) - (Size=1009 MB) - (Type=07 NTFS) ==================== End Of Log ============================