I am getting unresponsive script errors in both IE and Firefox (typical message is "___is not responding due to a long running script"), and my computer runs slowly. (Also, I think accessing Gmail makes this problem even worse for some reason.) Any help would be appreciated.
Windows 7 64 bit. Logs below:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by RR (2015-10-14 23:15:24)
Running from C:\Users\RR\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-09 19:32:20)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-205398528-154359821-1429519996-500 - Administrator - Disabled)
ASPNET (S-1-5-21-205398528-154359821-1429519996-1002 - Limited - Enabled)
Guest (S-1-5-21-205398528-154359821-1429519996-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-205398528-154359821-1429519996-1004 - Limited - Enabled)
RR (S-1-5-21-205398528-154359821-1429519996-1000 - Administrator - Enabled) => C:\Users\RR
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.19 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0919-000001000000}) (Version: 9.19.00.0 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
ASUS WL-330N Wireless Router Utilities (HKLM-x32\...\{88366B6B-1C1D-4C7F-8A2C-EB93AEC43BE3}) (Version: 4.2.5.6 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
DisplayLink Core Software (HKLM\...\{65B2569D-303B-41EC-B38C-0934963BC3AD}) (Version: 7.7.60366.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB8324FA-E972-454B-B039-E911D568BD56}) (Version: 7.7.59032.0 - DisplayLink Corp.)
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
EasyCapture (HKLM-x32\...\EasyCapture4.0) (Version: V4.0.09.1015 - Lenovo)
eFilm Workstation (HKLM-x32\...\InstallShield_{7DAE1968-99E8-4103-B03C-B919D80EAB1E}) (Version: 4.0.0.7792 - Merge Healthcare)
eFilm Workstation (x32 Version: 4.0.0.7792 - Merge Healthcare) Hidden
Energy Management (HKLM-x32\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.4.1.3 - Lenovo)
EuroTalk Talk Now! (HKLM-x32\...\{F26615EF-AF0A-486C-99C9-B65C8C401EBC}) (Version: 2.2.5.1 - EuroTalk Interactive)
Foxit Reader (HKLM-x32\...\{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}) (Version: 5.4.3.920 - Foxit Corporation)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\Lenovo EasyCamera) (Version: 5.8.0.12 - Silicon Motion)
Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MedEDocsCore (HKLM-x32\...\{ED7494CC-2B77-4FEF-B578-01EE0BB674DA}) (Version: 1.01.0000 - MedEDocs)
MediMatrix Eye 6.0.1 (HKLM-x32\...\3680-3688-6291-0447) (Version: 6.0.1 - WebInterstate Inc.)
MediMatrix Radiology Server 3.0.0 (HKLM-x32\...\1861-5153-3834-0030) (Version: 3.0.0 - WebInterstate Inc.)
Medweb Telemedicine Viewer (HKLM-x32\...\{4F3602EE-B5C2-4435-97F0-CB83D6296B8F}) (Version: 4.10.37 - Medweb)
Medweb Viewer 2.0 (HKLM-x32\...\{19B4A83C-4684-4BDE-AE33-561F75474982}) (Version: 0.6.202 - Medweb)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5697 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC-Doctor for Windows (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5426.03 - PC-Doctor, Inc.)
PdaNet for Windows Mobile 2.0 (x64 version) (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
PortProxyService (HKLM-x32\...\{47198750-713E-4B00-AC33-6F981C4F8AC1}) (Version: 1.0.0 - Default Company Name)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
ReportViewer (HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\6c08d413daa76487) (Version: 2.0.7.0 - MedEDocs)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version: - )
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Skype™ for Windows Mobile 3.0 (HKLM-x32\...\Skype™ for Windows Mobile_is1) (Version: 3.0.0.256 - Skype Limited)
SpeechQ Client (HKLM-x32\...\InstallShield_{CD489274-54B4-4919-B739-B07B1CA2D736}) (Version: 1.2.119.0 - Philips Speech Processing)
SpeechQ Client (x32 Version: 1.2.119.0 - Philips Speech Processing) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.0.0921 - Lenovo)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System (05/19/2009 4.4.0.1) (HKLM\...\92F4CDC794E6E4E29DC063D292D1C94F6FA1EA1E) (Version: 05/19/2009 4.4.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Winmx Community 1 (HKLM-x32\...\Winmx Community 1) (Version: - )
WOT for Internet Explorer (HKLM-x32\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
17-05-2015 00:23:51 Windows Backup
20-05-2015 14:21:57 Windows Update
03-06-2015 00:33:28 Windows Update
03-06-2015 21:16:46 Intel® Driver Update Utility
03-06-2015 23:06:06 Restore Operation
04-06-2015 23:50:58 Installed DisplayLink Graphics
05-06-2015 22:56:03 Windows Modules Installer
05-06-2015 22:58:56 Windows Modules Installer
17-08-2015 13:07:24 avast! antivirus system restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2011-06-19 23:09 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07E6814D-9A31-4441-AA16-B621077C14D5} - System32\Tasks\{B0D69166-273A-4426-86E4-C67C9F0DE99C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {2BFBDBB1-6C11-4EEB-9FFF-56EDE2D6C896} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-17] (AVAST Software)
Task: {2EA5D002-9A10-46C1-A851-AF815C4E0908} - System32\Tasks\{5D671380-BEFD-4207-8044-D4B1B9E53FC2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {30C3022F-E7E9-47ED-8B94-FF69D6C457DA} - System32\Tasks\{C9F42AEE-2E5E-4020-BCAB-CF5F7DA2F63C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {3588AE6A-DC4C-458D-8006-75F93975ECE2} - System32\Tasks\{765D3C47-529A-4E25-B8D6-F8CBB7EAC23B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {5383D40E-295B-4179-B29F-CA65CF7A3FD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {5EB31201-7447-4A13-874A-9108CCEBA1C7} - System32\Tasks\{2283115E-C379-413E-BB13-6E2077A4BB4D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {644F72CD-292A-45BB-83FD-C3263781A74E} - System32\Tasks\{81095223-BD4A-4C32-9311-BB65657F539F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {65EC72D9-D8C1-4D6D-A323-ED092A48F7F6} - System32\Tasks\{BF3B2D26-3652-4144-9B2A-0F9148133906} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {66263D5B-3DE8-4EFF-9256-AE5A7D1DF30C} - System32\Tasks\{CA7510CA-E0C0-4483-9040-D93127BB272A} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?page=tsProgressBar
Task: {775C013B-B50E-4629-A8F9-268CD53A5558} - System32\Tasks\{56D9E923-5360-444F-B5D5-70883133D8EF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {796773F9-D7A5-4169-99CB-71B884443BE3} - System32\Tasks\{CBC1007C-939F-45AB-B1EA-2F2E9CA32A89} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {8D4F72BA-D6A7-46F8-9C4C-0B3053333BB9} - System32\Tasks\{D635E288-7EFB-4E86-A1A6-64E2134A1E18} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7DAE1968-99E8-4103-B03C-B919D80EAB1E}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {97799DD0-2721-473B-B1C7-556714845367} - System32\Tasks\{8638F3AF-B192-4120-8143-8EBE009EC85E} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {99A7532A-E166-49E8-A3AF-1D8963F08285} - System32\Tasks\{44AF9491-F2BE-4C56-887A-A363F20FC811} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {9E414757-C079-4F5A-A8C4-DA5A50787FFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AFA7A2C5-9A6C-4745-8ECB-A16400018A8F} - System32\Tasks\{95205750-F347-4B1C-8A94-A2F372F58622} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {B39E915D-6D7D-48EF-A7DB-70C8CD5CB783} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B5B5ADF2-4866-4E4E-B085-68F1CB2D2B95} - System32\Tasks\{754372CE-FC64-48AA-AF04-410C4F7FFBB2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {C2407C00-BC61-44FD-810E-30CCA2ED306F} - System32\Tasks\{50170813-4338-4372-AAEB-9A7C4FAEFCCD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {CA9B4403-23C3-4608-8845-CD9E45129E19} - System32\Tasks\{BACEDAA1-2AF3-4068-AD2B-515D11533481} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {CFE71DA2-07C4-49C7-9551-18E95BE78CD0} - System32\Tasks\{5C124631-9A37-4C89-AA32-6173A261BFA8} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {DD9E97DF-0114-4E79-ABD8-9634865E2322} - System32\Tasks\{654C7A18-F0EE-455C-B48E-4E92A0E16FEE} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {DFDAB484-DBD1-40DF-BB35-B29BF2E7DAAB} - System32\Tasks\{0A03BEC2-99C3-4645-9C61-F1FEF0950D01} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {E8AB62E5-4BE1-43F3-AA46-C0E40D901F18} - System32\Tasks\{249060F5-EC1E-426E-A5DC-B280D16BF814} => C:\windows\WindowsMobile\wmdc.exe [2007-05-31] (Microsoft Corporation)
Task: {EA24B7A2-5B54-4A56-B773-F521477A1987} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated)
Task: {F098D08D-8B86-473A-BD26-74CCAD5E0742} - System32\Tasks\{90F66A18-68AE-4B8E-8149-301C7743B7CF} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {F55D2E72-393B-4146-B273-300A11DC6D61} - System32\Tasks\{31ACC500-F089-491A-BE10-536A397AC63B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2013-05-06 20:10 - 2012-09-18 15:27 - 00192512 _____ () C:\windows\System32\ZLhp1020.DLL
2013-05-06 20:10 - 2012-09-18 15:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-07-12 13:37 - 2010-07-12 13:37 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-03-18 22:16 - 2010-03-18 22:16 - 00038400 _____ () C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe
2006-07-24 17:11 - 2006-07-24 17:11 - 00028672 _____ () C:\PortProxyService\PortProxyService.exe
2010-07-12 13:38 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-07-12 13:38 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2013-03-25 21:29 - 2008-07-31 22:45 - 00185560 _____ () C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe
2010-09-10 00:16 - 2012-09-18 15:27 - 03162624 _____ () C:\windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2013-05-06 20:10 - 2012-09-18 15:27 - 01236992 _____ () C:\windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2010-09-10 00:16 - 2012-09-18 15:27 - 00676864 _____ () C:\windows\system32\spool\DRIVERS\x64\3\sdhp1020.dll
2015-08-17 13:08 - 2015-08-17 13:08 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-17 13:08 - 2015-08-17 13:08 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-13 21:14 - 2015-10-13 21:14 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101301\algo.dll
2015-10-14 20:09 - 2015-10-14 20:09 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101400\algo.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-07-12 13:37 - 2010-07-12 13:37 - 00492808 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-04-12 17:52 - 2012-04-12 17:52 - 03379200 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7b75835e\mscorlib.dll
2012-04-12 17:47 - 2012-04-12 17:47 - 01953792 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_abe7ba2f\system.dll
2012-04-12 17:47 - 2012-04-12 17:47 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b7543bc1\system.xml.dll
2012-04-12 17:47 - 2012-04-12 17:47 - 03014656 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ab2d1d32\system.windows.forms.dll
2010-10-16 14:09 - 2010-10-16 14:08 - 00040960 _____ () C:\Program Files (x86)\WebInterstate\radserver\jre\bin\clib_jiio_util.dll
2010-10-16 14:09 - 2010-10-16 14:08 - 01089536 _____ () C:\Program Files (x86)\WebInterstate\radserver\jre\bin\clib_jiio_sse2.dll
2015-04-05 16:14 - 2015-04-05 16:14 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-07-12 13:36 - 2009-06-05 12:37 - 00260096 _____ () C:\windows\system32\370prop.ax
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:F35A93AD
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\firstcolumn.info -> hxxps://medfax.firstcolumn.info
IE restricted site: HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\meebo.com -> meebo.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^RR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk => C:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
MSCONFIG\startupfolder: C:^Users^RR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Medweb Input Source Agent.lnk => C:\windows\pss\Medweb Input Source Agent.lnk.Startup
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{533DFD60-FCA1-47DA-BE84-6D3169E6DBB7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{2B42F9A2-927F-4FE1-A768-763C893AB43E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{803A9138-AD8E-4FA3-80E2-A9A203B9128F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D1FD45D1-D920-4035-98E9-878B9C194D6F}] => (Allow) svchost.exe
FirewallRules: [{3E0798C9-1D8A-4DD9-97AE-39596A39956C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{3E83783B-A44A-42F3-9588-F50927AAD1F5}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{DF1693B4-573C-4206-B3EA-93241BDD879D}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{42AE3BE0-222C-4C38-9B57-B10F76BF9D44}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{BB263935-A21B-4A2F-8D50-8A38E2F8EF1B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{1BCF7BD9-1045-4651-8BA1-9FC9D44A4810}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{6F89D1A8-891A-48A4-82B2-6A28234BCCD6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{C7340FA5-4678-48B8-B2B2-C15245CFDE00}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{AC1A20EF-1DB7-4B9B-BAC4-7F066B1C58BD}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{08A32182-F003-4FD4-8A30-74630A10C6C1}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{87911AFB-7F29-4B2D-AFD5-46020A51C01F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{1294F4FF-FBF1-4EE8-BFC3-E4B21008CBE6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{614D43FF-CE1D-43C5-8077-332F224BE2AE}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{F5B800D3-0F41-47B9-AB3C-E854330FE778}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2DCF876D-2045-4A31-805A-8BB59295FA46}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{873450B1-77B2-4A9E-BEAD-416083DB708C}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A29DA5F3-47AC-44D8-8E5B-DA38543BDA71}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{110F4754-8EDC-4FAB-8407-749816FBD51E}C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe] => (Allow) C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe
FirewallRules: [UDP Query User{00D85971-A94F-4273-AF50-4D9520AEB2A8}C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe] => (Allow) C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe
FirewallRules: [TCP Query User{10007A4A-18B7-43C8-8076-2534F6D2B103}C:\program files (x86)\speechq client\reportstation.exe] => (Block) C:\program files (x86)\speechq client\reportstation.exe
FirewallRules: [UDP Query User{450CAC77-A113-4D2C-A049-6EA478C3973D}C:\program files (x86)\speechq client\reportstation.exe] => (Block) C:\program files (x86)\speechq client\reportstation.exe
FirewallRules: [TCP Query User{BF8B9CD9-B721-49D8-A3BF-F81DABFBF0B6}C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [UDP Query User{38317C02-D6AB-4817-A3EF-FD59D9FEFB3E}C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [{758AD566-9B9B-4F7A-8596-F988014E0509}] => (Block) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [{8AAB845E-2219-4A31-B4C9-22AF79781F12}] => (Block) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [{800037A8-6F49-4F2A-AE2B-EF4E7889B2A0}] => (Allow) E:\RouterSetup\QISWizard.exe
FirewallRules: [{4C1562E3-A3D6-45DE-A5E8-EB4FE73B6950}] => (Allow) E:\RouterSetup\QISWizard.exe
FirewallRules: [{7943C1DD-8A51-4927-8FC2-FA36210F86F7}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Discovery.exe
FirewallRules: [{7BFD35A1-1AC4-4AB1-88D6-CB62565ABC3A}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Discovery.exe
FirewallRules: [{079B7CA9-B0F1-4F1B-B8A5-E2E4DB6F5A51}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Rescue.exe
FirewallRules: [{8794F9E6-3800-42AC-9A6D-2893C07AE88B}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Rescue.exe
FirewallRules: [{F2673489-D558-400D-A679-D20E39C10174}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\QISWizard.exe
FirewallRules: [{332ED928-D490-4F08-B27F-48D2918E7D66}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\QISWizard.exe
FirewallRules: [{28B6104E-04DD-4649-AA1E-21F2C13C5583}] => (Allow) C:\Users\RR\AppData\Local\Temp\7zS9839.tmp\SymNRT.exe
FirewallRules: [{016D561F-DB94-4F83-A465-2D87EC52BBDE}] => (Allow) C:\Users\RR\AppData\Local\Temp\7zS9839.tmp\SymNRT.exe
FirewallRules: [TCP Query User{414A6843-AF37-49DE-BE91-531A3386734D}C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [UDP Query User{23DAF27E-93DE-4DC5-84FD-E703F776DBBD}C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [{3A2EDE78-4B59-4B62-A7D9-D7D5B06EB6A4}] => (Allow) LPort=4008
FirewallRules: [{E0E60D9A-030A-433B-B7AD-088C0DF3B551}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{010EAD36-9F2F-44A9-AA9A-1130234888B3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0BEDC9CF-1B42-43DD-A4FD-BBFE2BA9B24F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8D352EF4-7D54-4304-A6B6-18D3C1B0A73B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{4370AB45-503C-4120-B6D1-77B74AACA6B5}C:\users\public\documents\rsvs_lite\rsvsliteview.exe] => (Allow) C:\users\public\documents\rsvs_lite\rsvsliteview.exe
FirewallRules: [UDP Query User{BDD8F473-2226-4D5E-9812-51B69C02B1A6}C:\users\public\documents\rsvs_lite\rsvsliteview.exe] => (Allow) C:\users\public\documents\rsvs_lite\rsvsliteview.exe
FirewallRules: [TCP Query User{FD9865DB-44A8-4C59-91DC-174B11B42AA4}E:\echoes.exe] => (Block) E:\echoes.exe
FirewallRules: [UDP Query User{F30DBC84-4EB5-4F31-969B-60A11E006C6C}E:\echoes.exe] => (Block) E:\echoes.exe
FirewallRules: [TCP Query User{1C53DFA7-EEC6-40D5-A1A2-05D63CDFBC50}C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{C53EF0BF-92CF-4418-A278-C7F703C95190}C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{3F36FC49-05F1-47AD-ADDC-56A01409D10C}C:\kpacs\K-Pacs-Server\kpserver.exe] => (Allow) C:\kpacs\K-Pacs-Server\kpserver.exe
FirewallRules: [UDP Query User{B5F92326-B6CB-41C2-8E67-477410B607AA}C:\kpacs\K-Pacs-Server\kpserver.exe] => (Allow) C:\kpacs\K-Pacs-Server\kpserver.exe
FirewallRules: [{90E1F00B-0ED4-4B91-A453-9CD062D8736E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{138905CA-BA32-43F7-8EE5-FB1A88637E88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/14/2015 09:47:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
Error: (10/14/2015 09:47:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
Error: (10/14/2015 09:43:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
Error: (10/14/2015 09:29:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.
Error: (10/14/2015 08:18:19 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (2448) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.
Error: (10/14/2015 08:18:19 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (2448) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (10/14/2015 08:18:09 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (2448) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.
Error: (10/14/2015 08:18:09 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (2448) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
Error: (10/14/2015 08:17:59 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (2448) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.
Error: (10/14/2015 08:17:59 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (2448) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).
System errors:
=============
Error: (10/14/2015 07:59:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (10/14/2015 07:59:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.
Error: (10/14/2015 07:59:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
StarOpen
Error: (10/14/2015 07:57:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (10/13/2015 09:16:18 PM) (Source: DCOM) (EventID: 10016) (User: RR-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}RR-PCRRS-1-5-21-205398528-154359821-1429519996-1000LocalHost (Using LRPC)
Error: (10/13/2015 09:16:16 PM) (Source: DCOM) (EventID: 10016) (User: RR-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}RR-PCRRS-1-5-21-205398528-154359821-1429519996-1000LocalHost (Using LRPC)
Error: (10/13/2015 07:23:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Error: (10/13/2015 07:22:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
Error: (10/13/2015 07:22:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
Error: (10/13/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DisplayLinkService service.
CodeIntegrity:
===================================
Date: 2011-06-19 23:08:54.188
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-06-19 23:08:54.157
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-06-19 23:08:54.110
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-06-19 23:08:54.079
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-06-19 22:16:15.071
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-06-19 22:16:15.040
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 4028.6 MB
Available physical RAM: 2415.57 MB
Total Virtual: 8055.39 MB
Available Virtual: 4264.96 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:187.69 GB) (Free:116.4 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.45 GB) NTFS
Drive e: (October 13, 2015) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 31F5BCEA)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by RR (administrator) on RR-PC (14-10-2015 23:05:05)
Running from C:\Users\RR\Desktop
Loaded Profiles: RR (Available Profiles: RR & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe
() C:\PortProxyService\PortProxyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe
(June Fabrics Technology Inc.) C:\Program Files (x86)\PdaNet for Windows Mobile\PnHelp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(PSP Speech Recognition Systems) C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Merge Healthcare) C:\Program Files (x86)\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe
(WebInterstate Inc.) C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Merge Healthcare) C:\Program Files (x86)\Merge Healthcare\eFilm\efTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122440 2010-07-12] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PspUsbCf] => pspusbcf.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software)
HKLM-x32\...\Run: [eFilm Tray Icon] => C:\Program Files (x86)\Merge Healthcare\eFilm\efTray.exe [90112 2013-11-15] (Merge Healthcare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-17] (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2010-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012-04-12]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-02-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2013-03-25]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{BA45D5E6-E7EF-4E53-B37F-D92AEE065C5C}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-205398528-154359821-1429519996-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-17] (AVAST Software)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-17] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: HKLM-x32 {F80B9305-A013-11D2-BD23-00A024978908} hxxp://68.236.160.120/public/accuradimage.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()
FireFox:
========
FF ProfilePath: C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\rl2lvyz2.default-1439429209230
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-12-09] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-03]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-05]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-17] (AVAST Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10997992 2015-02-12] (DisplayLink Corp.)
S4 efAuditorService.exe; C:\Program Files (x86)\Merge Healthcare\eFilm\Auditor\efAuditorService.exe [24576 2013-11-15] (Merge Healthcare) [File not signed]
S4 eFilmProcessManagerNT; C:\Program Files (x86)\Merge Healthcare\eFilm\efPMNT.exe [20992 2013-11-15] () [File not signed]
S4 eFilmXmppService.exe; C:\Program Files (x86)\Merge Healthcare\eFilm\eFilmXmppService.exe [106496 2013-11-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147336 2012-01-31] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSSQL$SQLEXPRESSEFILM; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MWIPCServer; C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe [38400 2010-03-18] () [File not signed]
R2 PortProxyService; C:\PortProxyService\PortProxyService.exe [28672 2006-07-24] () [File not signed]
S4 SAService; C:\Windows\system32\SAsrv.exe [445496 2010-03-25] (Conexant Systems, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
S3 slsService; C:\Program Files (x86)\Merge Healthcare\eFilm\slsService.exe [70656 2012-11-05] () [File not signed]
R2 SpeechClientUpdateService; C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe [20480 2009-06-15] (PSP Speech Recognition Systems) [File not signed]
R2 VisualizationServicesRemotingService; C:\Program Files (x86)\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [20480 2013-11-15] (Merge Healthcare) [File not signed]
R2 webiRadServerService; C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe [144896 2010-06-29] (WebInterstate Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-17] (AVAST Software)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [77312 2010-05-31] (ASIX Electronics Corp.)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.7.60366.0.sys [46312 2015-02-13] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [58896 2010-07-12] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5504 2012-11-05] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197376 2009-10-16] (SMI)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 wdmirror; system32\DRIVERS\WDMirror.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-14 23:05 - 2015-10-14 23:08 - 00019257 _____ C:\Users\RR\Desktop\FRST.txt
2015-10-14 23:04 - 2015-10-14 23:05 - 00000000 ____D C:\FRST
2015-10-14 22:57 - 2015-10-14 22:59 - 02196992 _____ (Farbar) C:\Users\RR\Desktop\FRST64.exe
2015-10-14 22:27 - 2015-10-14 22:27 - 08776392 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-10-14 19:57 - 2015-10-14 19:57 - 00000056 _____ C:\windows\setupact.log
2015-10-14 19:57 - 2015-10-14 19:57 - 00000000 _____ C:\windows\setuperr.log
2015-09-17 22:15 - 2015-09-17 22:15 - 00000000 __SHD C:\found.003
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-14 23:11 - 2014-04-15 13:34 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-14 23:05 - 2010-09-11 23:39 - 00000000 ____D C:\Users\RR\AppData\Roaming\Skype
2015-10-14 22:46 - 2014-01-02 19:24 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 22:28 - 2013-07-03 14:14 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-14 22:28 - 2013-07-03 14:14 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 22:28 - 2013-07-03 14:14 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-14 22:28 - 2013-07-03 14:14 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-14 22:12 - 2010-07-12 13:27 - 01656487 _____ C:\windows\WindowsUpdate.log
2015-10-14 21:44 - 2014-01-02 19:24 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 20:46 - 2015-09-09 15:11 - 00000000 ____D C:\spool
2015-10-14 20:08 - 2009-07-14 00:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:08 - 2009-07-14 00:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:03 - 2014-09-15 22:24 - 00000264 _____ C:\windows\SysWOW64\winsusrm.dll
2015-10-14 20:00 - 2014-01-21 15:19 - 00000000 ____D C:\Users\RR\AppData\Local\LogMeIn Hamachi
2015-10-14 19:58 - 2010-07-12 13:40 - 15320585 _____ C:\FaceProv.log
2015-10-14 19:58 - 2010-07-12 13:37 - 00000000 ____D C:\ProgramData\VeriFace
2015-10-14 19:57 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-13 17:40 - 2014-04-14 23:57 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-13 17:40 - 2014-04-14 23:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-13 15:18 - 2010-09-30 22:28 - 00000000 ____D C:\Users\RR\Documents\Junk Lenovo
2015-10-10 01:12 - 2013-07-03 23:49 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-10-08 00:31 - 2011-06-19 12:52 - 00000000 ____D C:\windows\Minidump
2015-10-05 09:50 - 2014-04-14 23:57 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2014-04-14 23:57 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2010-09-17 23:06 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-10-04 00:15 - 2012-03-05 00:24 - 00000000 ____D C:\Users\RR\AppData\Local\CrashDumps
2015-09-30 16:29 - 2013-03-14 00:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-30 16:29 - 2013-03-14 00:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-30 00:04 - 2013-03-14 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-17 21:38 - 2014-01-02 19:24 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 21:38 - 2014-01-02 19:24 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2015-06-02 22:53 - 2015-06-02 22:53 - 0038452 _____ () C:\Users\RR\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-10-18 22:42 - 2015-03-16 23:04 - 0001275 _____ () C:\Users\RR\AppData\Roaming\SAS7_000.DAT
2013-03-14 23:24 - 2013-03-14 23:24 - 0000034 _____ () C:\Users\RR\AppData\Local\.20516086_uid
2013-09-01 23:10 - 2014-03-16 00:30 - 0005632 _____ () C:\Users\RR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-12 18:07 - 2012-04-12 18:07 - 0000090 _____ () C:\Users\RR\AppData\Local\fusioncache.dat
2015-09-09 15:07 - 2015-01-19 17:46 - 0010240 _____ () C:\Users\RR\AppData\Local\Z@!-b8b139ad-3974-4c8f-aaa2-3fc02deb121d.tmp
2015-09-09 15:07 - 2015-01-19 17:46 - 0009216 _____ () C:\Users\RR\AppData\Local\Z@S!-5c548b25-1d9a-4efd-ab5c-8c2c15c05322.tmp
2010-09-11 23:52 - 2010-09-11 23:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\RR\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-12 21:19
==================== End of FRST.txt ============================