Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Constant unresponsive script messages & very slow computer [Closed

Started by unsmiley , Oct 19 2015 11:45 AM

  • This topic is locked This topic is locked

#1
unsmiley
Posted 19 October 2015 - 11:45 AM

unsmiley

    Member

  • Member
  • PipPip
  • 44 posts

I am getting unresponsive script errors in both IE and Firefox (typical message is "___is not responding due to a long running script"), and my computer runs slowly.  (Also, I think accessing Gmail makes this problem even worse for some reason.)  Any help would be appreciated.

 

Windows 7 64 bit.  Logs below:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-10-2015 01
Ran by RR (2015-10-14 23:15:24)
Running from C:\Users\RR\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2010-09-09 19:32:20)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-205398528-154359821-1429519996-500 - Administrator - Disabled)
ASPNET (S-1-5-21-205398528-154359821-1429519996-1002 - Limited - Enabled)
Guest (S-1-5-21-205398528-154359821-1429519996-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-205398528-154359821-1429519996-1004 - Limited - Enabled)
RR (S-1-5-21-205398528-154359821-1429519996-1000 - Administrator - Enabled) => C:\Users\RR

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.19 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0919-000001000000}) (Version: 9.19.00.0 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.207 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - )
ASUS WL-330N Wireless Router Utilities (HKLM-x32\...\{88366B6B-1C1D-4C7F-8A2C-EB93AEC43BE3}) (Version: 4.2.5.6 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.3.2225 - AVAST Software)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
Broadcom Gigabit Integrated Controller (HKLM\...\{49F3D04B-B849-4C89-AB31-2366A004EA28}) (Version: 12.24.02 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.60 - Conexant)
DisplayLink Core Software (HKLM\...\{65B2569D-303B-41EC-B38C-0934963BC3AD}) (Version: 7.7.60366.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB8324FA-E972-454B-B039-E911D568BD56}) (Version: 7.7.59032.0 - DisplayLink Corp.)
Dragon NaturallySpeaking 10 (HKLM-x32\...\{E7712E53-7A7F-46EB-AA13-70D5987D30F2}) (Version: 10.10.0 - Nuance Communications Inc.)
EasyCapture (HKLM-x32\...\EasyCapture4.0) (Version: V4.0.09.1015 - Lenovo)
eFilm Workstation (HKLM-x32\...\InstallShield_{7DAE1968-99E8-4103-B03C-B919D80EAB1E}) (Version: 4.0.0.7792 - Merge Healthcare)
eFilm Workstation (x32 Version: 4.0.0.7792 - Merge Healthcare) Hidden
Energy Management (HKLM-x32\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.4.1.3 - Lenovo)
EuroTalk Talk Now! (HKLM-x32\...\{F26615EF-AF0A-486C-99C9-B65C8C401EBC}) (Version: 2.2.5.1 - EuroTalk Interactive)
Foxit Reader (HKLM-x32\...\{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}) (Version: 5.4.3.920 - Foxit Corporation)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\Lenovo EasyCamera) (Version: 5.8.0.12 - Silicon Motion)
Lenovo EasyCamera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.8.0.12 - Silicon Motion)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
LogMeIn (HKLM-x32\...\{2BFDA78F-39F7-4537-9995-71424CFA88BB}) (Version: 4.1.2138 - LogMeIn, Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MedEDocsCore (HKLM-x32\...\{ED7494CC-2B77-4FEF-B578-01EE0BB674DA}) (Version: 1.01.0000 - MedEDocs)
MediMatrix Eye 6.0.1 (HKLM-x32\...\3680-3688-6291-0447) (Version: 6.0.1 - WebInterstate Inc.)
MediMatrix Radiology Server 3.0.0 (HKLM-x32\...\1861-5153-3834-0030) (Version: 3.0.0 - WebInterstate Inc.)
Medweb Telemedicine Viewer (HKLM-x32\...\{4F3602EE-B5C2-4435-97F0-CB83D6296B8F}) (Version: 4.10.37 - Medweb)
Medweb Viewer 2.0 (HKLM-x32\...\{19B4A83C-4684-4BDE-AE33-561F75474982}) (Version: 0.6.202 - Medweb)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 40.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0 (x86 en-US)) (Version: 40.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.0.5697 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PC-Doctor for Windows (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5426.03 - PC-Doctor, Inc.)
PdaNet for Windows Mobile 2.0 (x64 version) (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
PortProxyService (HKLM-x32\...\{47198750-713E-4B00-AC33-6F981C4F8AC1}) (Version: 1.0.0 - Default Company Name)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d4 - CyberLink Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)
ReportViewer (HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\6c08d413daa76487) (Version: 2.0.7.0 - MedEDocs)
Secunia PSI (2.0.0.3003) (HKLM-x32\...\Secunia PSI) (Version:  - )
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Skype™ for Windows Mobile 3.0 (HKLM-x32\...\Skype™ for Windows Mobile_is1) (Version: 3.0.0.256 - Skype Limited)
SpeechQ Client (HKLM-x32\...\InstallShield_{CD489274-54B4-4919-B739-B07B1CA2D736}) (Version: 1.2.119.0 - Philips Speech Processing)
SpeechQ Client (x32 Version: 1.2.119.0 - Philips Speech Processing) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.26297 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VeriFace (HKLM-x32\...\VeriFace) (Version: 3.6.0.0921 - Lenovo)
Visual C++ Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-9A47-7777FBE60C9F}) (Version: 10.00.800.228 - Nuance Communications Inc.)
Windows Driver Package - Lenovo (ACPIVPC) System  (05/19/2009 4.4.0.1) (HKLM\...\92F4CDC794E6E4E29DC063D292D1C94F6FA1EA1E) (Version: 05/19/2009 4.4.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Winmx Community 1 (HKLM-x32\...\Winmx Community 1) (Version:  - )
WOT for Internet Explorer (HKLM-x32\...\{1D10C273-3F95-42A2-8371-AB6B1F59821B}) (Version: 10.12.20.0 - WOT Services Oy)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

17-05-2015 00:23:51 Windows Backup
20-05-2015 14:21:57 Windows Update
03-06-2015 00:33:28 Windows Update
03-06-2015 21:16:46 Intel® Driver Update Utility
03-06-2015 23:06:06 Restore Operation
04-06-2015 23:50:58 Installed DisplayLink Graphics
05-06-2015 22:56:03 Windows Modules Installer
05-06-2015 22:58:56 Windows Modules Installer
17-08-2015 13:07:24 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2011-06-19 23:09 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E6814D-9A31-4441-AA16-B621077C14D5} - System32\Tasks\{B0D69166-273A-4426-86E4-C67C9F0DE99C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {2BFBDBB1-6C11-4EEB-9FFF-56EDE2D6C896} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-17] (AVAST Software)
Task: {2EA5D002-9A10-46C1-A851-AF815C4E0908} - System32\Tasks\{5D671380-BEFD-4207-8044-D4B1B9E53FC2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {30C3022F-E7E9-47ED-8B94-FF69D6C457DA} - System32\Tasks\{C9F42AEE-2E5E-4020-BCAB-CF5F7DA2F63C} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {3588AE6A-DC4C-458D-8006-75F93975ECE2} - System32\Tasks\{765D3C47-529A-4E25-B8D6-F8CBB7EAC23B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {5383D40E-295B-4179-B29F-CA65CF7A3FD5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {5EB31201-7447-4A13-874A-9108CCEBA1C7} - System32\Tasks\{2283115E-C379-413E-BB13-6E2077A4BB4D} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {644F72CD-292A-45BB-83FD-C3263781A74E} - System32\Tasks\{81095223-BD4A-4C32-9311-BB65657F539F} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {65EC72D9-D8C1-4D6D-A323-ED092A48F7F6} - System32\Tasks\{BF3B2D26-3652-4144-9B2A-0F9148133906} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {66263D5B-3DE8-4EFF-9256-AE5A7D1DF30C} - System32\Tasks\{CA7510CA-E0C0-4483-9040-D93127BB272A} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/abandoninstall?page=tsProgressBar
Task: {775C013B-B50E-4629-A8F9-268CD53A5558} - System32\Tasks\{56D9E923-5360-444F-B5D5-70883133D8EF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {796773F9-D7A5-4169-99CB-71B884443BE3} - System32\Tasks\{CBC1007C-939F-45AB-B1EA-2F2E9CA32A89} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {8D4F72BA-D6A7-46F8-9C4C-0B3053333BB9} - System32\Tasks\{D635E288-7EFB-4E86-A1A6-64E2134A1E18} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{7DAE1968-99E8-4103-B03C-B919D80EAB1E}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {97799DD0-2721-473B-B1C7-556714845367} - System32\Tasks\{8638F3AF-B192-4120-8143-8EBE009EC85E} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {99A7532A-E166-49E8-A3AF-1D8963F08285} - System32\Tasks\{44AF9491-F2BE-4C56-887A-A363F20FC811} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {9E414757-C079-4F5A-A8C4-DA5A50787FFC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {AFA7A2C5-9A6C-4745-8ECB-A16400018A8F} - System32\Tasks\{95205750-F347-4B1C-8A94-A2F372F58622} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {B39E915D-6D7D-48EF-A7DB-70C8CD5CB783} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B5B5ADF2-4866-4E4E-B085-68F1CB2D2B95} - System32\Tasks\{754372CE-FC64-48AA-AF04-410C4F7FFBB2} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {C2407C00-BC61-44FD-810E-30CCA2ED306F} - System32\Tasks\{50170813-4338-4372-AAEB-9A7C4FAEFCCD} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {CA9B4403-23C3-4608-8845-CD9E45129E19} - System32\Tasks\{BACEDAA1-2AF3-4068-AD2B-515D11533481} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {CFE71DA2-07C4-49C7-9551-18E95BE78CD0} - System32\Tasks\{5C124631-9A37-4C89-AA32-6173A261BFA8} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {DD9E97DF-0114-4E79-ABD8-9634865E2322} - System32\Tasks\{654C7A18-F0EE-455C-B48E-4E92A0E16FEE} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {DFDAB484-DBD1-40DF-BB35-B29BF2E7DAAB} - System32\Tasks\{0A03BEC2-99C3-4645-9C61-F1FEF0950D01} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {E8AB62E5-4BE1-43F3-AA46-C0E40D901F18} - System32\Tasks\{249060F5-EC1E-426E-A5DC-B280D16BF814} => C:\windows\WindowsMobile\wmdc.exe [2007-05-31] (Microsoft Corporation)
Task: {EA24B7A2-5B54-4A56-B773-F521477A1987} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-14] (Adobe Systems Incorporated)
Task: {F098D08D-8B86-473A-BD26-74CCAD5E0742} - System32\Tasks\{90F66A18-68AE-4B8E-8149-301C7743B7CF} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar
Task: {F55D2E72-393B-4146-B273-300A11DC6D61} - System32\Tasks\{31ACC500-F089-491A-BE10-536A397AC63B} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.1.0.129.272/en/abandoninstall?page=tsProgressBar

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-05-06 20:10 - 2012-09-18 15:27 - 00192512 _____ () C:\windows\System32\ZLhp1020.DLL
2013-05-06 20:10 - 2012-09-18 15:27 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2010-07-12 13:37 - 2010-07-12 13:37 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-03-18 22:16 - 2010-03-18 22:16 - 00038400 _____ () C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe
2006-07-24 17:11 - 2006-07-24 17:11 - 00028672 _____ () C:\PortProxyService\PortProxyService.exe
2010-07-12 13:38 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2010-07-12 13:38 - 2009-07-15 11:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2013-03-25 21:29 - 2008-07-31 22:45 - 00185560 _____ () C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe
2010-09-10 00:16 - 2012-09-18 15:27 - 03162624 _____ () C:\windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2013-05-06 20:10 - 2012-09-18 15:27 - 01236992 _____ () C:\windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2010-09-10 00:16 - 2012-09-18 15:27 - 00676864 _____ () C:\windows\system32\spool\DRIVERS\x64\3\sdhp1020.dll
2015-08-17 13:08 - 2015-08-17 13:08 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-17 13:08 - 2015-08-17 13:08 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-13 21:14 - 2015-10-13 21:14 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101301\algo.dll
2015-10-14 20:09 - 2015-10-14 20:09 - 02994544 _____ () C:\Program Files\AVAST Software\Avast\defs\15101400\algo.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2010-07-12 13:37 - 2010-07-12 13:37 - 00492808 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2012-04-12 17:52 - 2012-04-12 17:52 - 03379200 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_7b75835e\mscorlib.dll
2012-04-12 17:47 - 2012-04-12 17:47 - 01953792 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_abe7ba2f\system.dll
2012-04-12 17:47 - 2012-04-12 17:47 - 02088960 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b7543bc1\system.xml.dll
2012-04-12 17:47 - 2012-04-12 17:47 - 03014656 _____ () c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ab2d1d32\system.windows.forms.dll
2010-10-16 14:09 - 2010-10-16 14:08 - 00040960 _____ () C:\Program Files (x86)\WebInterstate\radserver\jre\bin\clib_jiio_util.dll
2010-10-16 14:09 - 2010-10-16 14:08 - 01089536 _____ () C:\Program Files (x86)\WebInterstate\radserver\jre\bin\clib_jiio_sse2.dll
2015-04-05 16:14 - 2015-04-05 16:14 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-07-12 13:36 - 2009-06-05 12:37 - 00260096 _____ () C:\windows\system32\370prop.ax

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:F35A93AD

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\firstcolumn.info -> hxxps://medfax.firstcolumn.info

IE restricted site: HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\meebo.com -> meebo.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-205398528-154359821-1429519996-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RR\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^RR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk => C:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
MSCONFIG\startupfolder: C:^Users^RR^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Medweb Input Source Agent.lnk => C:\windows\pss\Medweb Input Source Agent.lnk.Startup
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: ooVoo.exe => C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{533DFD60-FCA1-47DA-BE84-6D3169E6DBB7}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{2B42F9A2-927F-4FE1-A768-763C893AB43E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{803A9138-AD8E-4FA3-80E2-A9A203B9128F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{D1FD45D1-D920-4035-98E9-878B9C194D6F}] => (Allow) svchost.exe
FirewallRules: [{3E0798C9-1D8A-4DD9-97AE-39596A39956C}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{3E83783B-A44A-42F3-9588-F50927AAD1F5}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{DF1693B4-573C-4206-B3EA-93241BDD879D}C:\program files (x86)\oovoo\oovoo.exe] => (Block) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{42AE3BE0-222C-4C38-9B57-B10F76BF9D44}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{BB263935-A21B-4A2F-8D50-8A38E2F8EF1B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{1BCF7BD9-1045-4651-8BA1-9FC9D44A4810}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{6F89D1A8-891A-48A4-82B2-6A28234BCCD6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{C7340FA5-4678-48B8-B2B2-C15245CFDE00}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{AC1A20EF-1DB7-4B9B-BAC4-7F066B1C58BD}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{08A32182-F003-4FD4-8A30-74630A10C6C1}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{87911AFB-7F29-4B2D-AFD5-46020A51C01F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{1294F4FF-FBF1-4EE8-BFC3-E4B21008CBE6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{614D43FF-CE1D-43C5-8077-332F224BE2AE}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{F5B800D3-0F41-47B9-AB3C-E854330FE778}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{2DCF876D-2045-4A31-805A-8BB59295FA46}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{873450B1-77B2-4A9E-BEAD-416083DB708C}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A29DA5F3-47AC-44D8-8E5B-DA38543BDA71}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{110F4754-8EDC-4FAB-8407-749816FBD51E}C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe] => (Allow) C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe
FirewallRules: [UDP Query User{00D85971-A94F-4273-AF50-4D9520AEB2A8}C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe] => (Allow) C:\program files (x86)\pdanet for windows mobile\pdanetpc.exe
FirewallRules: [TCP Query User{10007A4A-18B7-43C8-8076-2534F6D2B103}C:\program files (x86)\speechq client\reportstation.exe] => (Block) C:\program files (x86)\speechq client\reportstation.exe
FirewallRules: [UDP Query User{450CAC77-A113-4D2C-A049-6EA478C3973D}C:\program files (x86)\speechq client\reportstation.exe] => (Block) C:\program files (x86)\speechq client\reportstation.exe
FirewallRules: [TCP Query User{BF8B9CD9-B721-49D8-A3BF-F81DABFBF0B6}C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [UDP Query User{38317C02-D6AB-4817-A3EF-FD59D9FEFB3E}C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [{758AD566-9B9B-4F7A-8596-F988014E0509}] => (Block) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [{8AAB845E-2219-4A31-B4C9-22AF79781F12}] => (Block) C:\program files (x86)\asus\wl-330ge wireless ap utilities\discovery.exe
FirewallRules: [{800037A8-6F49-4F2A-AE2B-EF4E7889B2A0}] => (Allow) E:\RouterSetup\QISWizard.exe
FirewallRules: [{4C1562E3-A3D6-45DE-A5E8-EB4FE73B6950}] => (Allow) E:\RouterSetup\QISWizard.exe
FirewallRules: [{7943C1DD-8A51-4927-8FC2-FA36210F86F7}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Discovery.exe
FirewallRules: [{7BFD35A1-1AC4-4AB1-88D6-CB62565ABC3A}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Discovery.exe
FirewallRules: [{079B7CA9-B0F1-4F1B-B8A5-E2E4DB6F5A51}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Rescue.exe
FirewallRules: [{8794F9E6-3800-42AC-9A6D-2893C07AE88B}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\Rescue.exe
FirewallRules: [{F2673489-D558-400D-A679-D20E39C10174}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\QISWizard.exe
FirewallRules: [{332ED928-D490-4F08-B27F-48D2918E7D66}] => (Allow) C:\Program Files (x86)\ASUS\WL-330N Wireless Router Utilities\QISWizard.exe
FirewallRules: [{28B6104E-04DD-4649-AA1E-21F2C13C5583}] => (Allow) C:\Users\RR\AppData\Local\Temp\7zS9839.tmp\SymNRT.exe
FirewallRules: [{016D561F-DB94-4F83-A465-2D87EC52BBDE}] => (Allow) C:\Users\RR\AppData\Local\Temp\7zS9839.tmp\SymNRT.exe
FirewallRules: [TCP Query User{414A6843-AF37-49DE-BE91-531A3386734D}C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [UDP Query User{23DAF27E-93DE-4DC5-84FD-E703F776DBBD}C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe] => (Allow) C:\users\rr\desktop\my mobile\mymobiler\mymobiler.exe
FirewallRules: [{3A2EDE78-4B59-4B62-A7D9-D7D5B06EB6A4}] => (Allow) LPort=4008
FirewallRules: [{E0E60D9A-030A-433B-B7AD-088C0DF3B551}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{010EAD36-9F2F-44A9-AA9A-1130234888B3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{0BEDC9CF-1B42-43DD-A4FD-BBFE2BA9B24F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{8D352EF4-7D54-4304-A6B6-18D3C1B0A73B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{4370AB45-503C-4120-B6D1-77B74AACA6B5}C:\users\public\documents\rsvs_lite\rsvsliteview.exe] => (Allow) C:\users\public\documents\rsvs_lite\rsvsliteview.exe
FirewallRules: [UDP Query User{BDD8F473-2226-4D5E-9812-51B69C02B1A6}C:\users\public\documents\rsvs_lite\rsvsliteview.exe] => (Allow) C:\users\public\documents\rsvs_lite\rsvsliteview.exe
FirewallRules: [TCP Query User{FD9865DB-44A8-4C59-91DC-174B11B42AA4}E:\echoes.exe] => (Block) E:\echoes.exe
FirewallRules: [UDP Query User{F30DBC84-4EB5-4F31-969B-60A11E006C6C}E:\echoes.exe] => (Block) E:\echoes.exe
FirewallRules: [TCP Query User{1C53DFA7-EEC6-40D5-A1A2-05D63CDFBC50}C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{C53EF0BF-92CF-4418-A278-C7F703C95190}C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\rr\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{3F36FC49-05F1-47AD-ADDC-56A01409D10C}C:\kpacs\K-Pacs-Server\kpserver.exe] => (Allow) C:\kpacs\K-Pacs-Server\kpserver.exe
FirewallRules: [UDP Query User{B5F92326-B6CB-41C2-8E67-477410B607AA}C:\kpacs\K-Pacs-Server\kpserver.exe] => (Allow) C:\kpacs\K-Pacs-Server\kpserver.exe
FirewallRules: [{90E1F00B-0ED4-4B91-A453-9CD062D8736E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{138905CA-BA32-43F7-8EE5-FB1A88637E88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/14/2015 09:47:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/14/2015 09:47:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/14/2015 09:43:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/14/2015 09:29:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windows...F5B856976AD.crt> with error: This operation returned because the timeout period expired.
.

Error: (10/14/2015 08:18:19 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (2448) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (10/14/2015 08:18:19 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (2448) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/14/2015 08:18:09 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (2448) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (10/14/2015 08:18:09 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (2448) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (10/14/2015 08:17:59 PM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (2448) Windows: Unable to write a shadowed header for file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk. Error -1032.

Error: (10/14/2015 08:17:59 PM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (2448) Windows: An attempt to open the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (10/14/2015 07:59:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/14/2015 07:59:45 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/14/2015 07:59:27 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
StarOpen

Error: (10/14/2015 07:57:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/13/2015 09:16:18 PM) (Source: DCOM) (EventID: 10016) (User: RR-PC)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}RR-PCRRS-1-5-21-205398528-154359821-1429519996-1000LocalHost (Using LRPC)

Error: (10/13/2015 09:16:16 PM) (Source: DCOM) (EventID: 10016) (User: RR-PC)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}RR-PCRRS-1-5-21-205398528-154359821-1429519996-1000LocalHost (Using LRPC)

Error: (10/13/2015 07:23:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (10/13/2015 07:22:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.

Error: (10/13/2015 07:22:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (10/13/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DisplayLinkService service.

CodeIntegrity:
===================================
  Date: 2011-06-19 23:08:54.188
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-19 23:08:54.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-19 23:08:54.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-19 23:08:54.079
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-19 22:16:15.071
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-19 22:16:15.040
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 40%
Total physical RAM: 4028.6 MB
Available physical RAM: 2415.57 MB
Total Virtual: 8055.39 MB
Available Virtual: 4264.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.69 GB) (Free:116.4 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:29.45 GB) NTFS
Drive e: (October 13, 2015) (CDROM) (Total:0.57 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 31F5BCEA)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=187.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-10-2015 01
Ran by RR (administrator) on RR-PC (14-10-2015 23:05:05)
Running from C:\Users\RR\Desktop
Loaded Profiles: RR (Available Profiles: RR & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe
() C:\PortProxyService\PortProxyService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe
(June Fabrics Technology Inc.) C:\Program Files (x86)\PdaNet for Windows Mobile\PnHelp.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(PSP Speech Recognition Systems) C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Merge Healthcare) C:\Program Files (x86)\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe
(WebInterstate Inc.) C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Merge Healthcare) C:\Program Files (x86)\Merge Healthcare\eFilm\efTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122440 2010-07-12] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PspUsbCf] => pspusbcf.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software)
HKLM-x32\...\Run: [eFilm Tray Icon] => C:\Program Files (x86)\Merge Healthcare\eFilm\efTray.exe [90112 2013-11-15] (Merge Healthcare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-17] (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2010-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012-04-12]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-02-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2013-03-25]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{BA45D5E6-E7EF-4E53-B37F-D92AEE065C5C}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-205398528-154359821-1429519996-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-17] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-17] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: HKLM-x32 {F80B9305-A013-11D2-BD23-00A024978908} hxxp://68.236.160.120/public/accuradimage.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()

FireFox:
========
FF ProfilePath: C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\rl2lvyz2.default-1439429209230
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_207.dll [2015-10-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_207.dll [2015-10-14] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-12-09] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-03]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-17] (AVAST Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10997992 2015-02-12] (DisplayLink Corp.)
S4 efAuditorService.exe; C:\Program Files (x86)\Merge Healthcare\eFilm\Auditor\efAuditorService.exe [24576 2013-11-15] (Merge Healthcare) [File not signed]
S4 eFilmProcessManagerNT; C:\Program Files (x86)\Merge Healthcare\eFilm\efPMNT.exe [20992 2013-11-15] () [File not signed]
S4 eFilmXmppService.exe; C:\Program Files (x86)\Merge Healthcare\eFilm\eFilmXmppService.exe [106496 2013-11-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147336 2012-01-31] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSSQL$SQLEXPRESSEFILM; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MWIPCServer; C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe [38400 2010-03-18] () [File not signed]
R2 PortProxyService; C:\PortProxyService\PortProxyService.exe [28672 2006-07-24] () [File not signed]
S4 SAService; C:\Windows\system32\SAsrv.exe [445496 2010-03-25] (Conexant Systems, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
S3 slsService; C:\Program Files (x86)\Merge Healthcare\eFilm\slsService.exe [70656 2012-11-05] () [File not signed]
R2 SpeechClientUpdateService; C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe [20480 2009-06-15] (PSP Speech Recognition Systems) [File not signed]
R2 VisualizationServicesRemotingService; C:\Program Files (x86)\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [20480 2013-11-15] (Merge Healthcare) [File not signed]
R2 webiRadServerService; C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe [144896 2010-06-29] (WebInterstate Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-17] (AVAST Software)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [77312 2010-05-31] (ASIX Electronics Corp.)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.7.60366.0.sys [46312 2015-02-13] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [58896 2010-07-12] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5504 2012-11-05] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197376 2009-10-16] (SMI)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 wdmirror; system32\DRIVERS\WDMirror.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-14 23:05 - 2015-10-14 23:08 - 00019257 _____ C:\Users\RR\Desktop\FRST.txt
2015-10-14 23:04 - 2015-10-14 23:05 - 00000000 ____D C:\FRST
2015-10-14 22:57 - 2015-10-14 22:59 - 02196992 _____ (Farbar) C:\Users\RR\Desktop\FRST64.exe
2015-10-14 22:27 - 2015-10-14 22:27 - 08776392 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2015-10-14 19:57 - 2015-10-14 19:57 - 00000056 _____ C:\windows\setupact.log
2015-10-14 19:57 - 2015-10-14 19:57 - 00000000 _____ C:\windows\setuperr.log
2015-09-17 22:15 - 2015-09-17 22:15 - 00000000 __SHD C:\found.003

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-14 23:11 - 2014-04-15 13:34 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-14 23:05 - 2010-09-11 23:39 - 00000000 ____D C:\Users\RR\AppData\Roaming\Skype
2015-10-14 22:46 - 2014-01-02 19:24 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-14 22:28 - 2013-07-03 14:14 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-14 22:28 - 2013-07-03 14:14 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-14 22:28 - 2013-07-03 14:14 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-14 22:28 - 2013-07-03 14:14 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-14 22:12 - 2010-07-12 13:27 - 01656487 _____ C:\windows\WindowsUpdate.log
2015-10-14 21:44 - 2014-01-02 19:24 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-14 20:46 - 2015-09-09 15:11 - 00000000 ____D C:\spool
2015-10-14 20:08 - 2009-07-14 00:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:08 - 2009-07-14 00:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-14 20:03 - 2014-09-15 22:24 - 00000264 _____ C:\windows\SysWOW64\winsusrm.dll
2015-10-14 20:00 - 2014-01-21 15:19 - 00000000 ____D C:\Users\RR\AppData\Local\LogMeIn Hamachi
2015-10-14 19:58 - 2010-07-12 13:40 - 15320585 _____ C:\FaceProv.log
2015-10-14 19:58 - 2010-07-12 13:37 - 00000000 ____D C:\ProgramData\VeriFace
2015-10-14 19:57 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-13 17:40 - 2014-04-14 23:57 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-13 17:40 - 2014-04-14 23:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-13 15:18 - 2010-09-30 22:28 - 00000000 ____D C:\Users\RR\Documents\Junk Lenovo
2015-10-10 01:12 - 2013-07-03 23:49 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-10-08 00:31 - 2011-06-19 12:52 - 00000000 ____D C:\windows\Minidump
2015-10-05 09:50 - 2014-04-14 23:57 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2014-04-14 23:57 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2010-09-17 23:06 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-10-04 00:15 - 2012-03-05 00:24 - 00000000 ____D C:\Users\RR\AppData\Local\CrashDumps
2015-09-30 16:29 - 2013-03-14 00:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-30 16:29 - 2013-03-14 00:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-30 00:04 - 2013-03-14 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-17 21:38 - 2014-01-02 19:24 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 21:38 - 2014-01-02 19:24 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-06-02 22:53 - 2015-06-02 22:53 - 0038452 _____ () C:\Users\RR\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-10-18 22:42 - 2015-03-16 23:04 - 0001275 _____ () C:\Users\RR\AppData\Roaming\SAS7_000.DAT
2013-03-14 23:24 - 2013-03-14 23:24 - 0000034 _____ () C:\Users\RR\AppData\Local\.20516086_uid
2013-09-01 23:10 - 2014-03-16 00:30 - 0005632 _____ () C:\Users\RR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-12 18:07 - 2012-04-12 18:07 - 0000090 _____ () C:\Users\RR\AppData\Local\fusioncache.dat
2015-09-09 15:07 - 2015-01-19 17:46 - 0010240 _____ () C:\Users\RR\AppData\Local\Z@!-b8b139ad-3974-4c8f-aaa2-3fc02deb121d.tmp
2015-09-09 15:07 - 2015-01-19 17:46 - 0009216 _____ () C:\Users\RR\AppData\Local\Z@S!-5c548b25-1d9a-4efd-ab5c-8c2c15c05322.tmp
2010-09-11 23:52 - 2010-09-11 23:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\RR\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-12 21:19

==================== End of FRST.txt ============================


  • 0

Advertisements

#2
Essexboy
Posted 22 October 2015 - 07:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi sorry for the delay, could you run this small fix and then run a fresh FRST scan for me please

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
  • 0

#3
unsmiley
Posted 25 October 2015 - 10:35 PM

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

I assume you want to see the Fixlog.txt generated after following the above instructions.  Here goes:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by RR (2015-10-26 00:20:12) Run:1
Running from C:\Users\RR\Desktop
Loaded Profiles: RR (Available Profiles: RR & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-205398528-154359821-1429519996-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-205398528-154359821-1429519996-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-205398528-154359821-1429519996-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Wireless Network Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::e83b:e6ba:78f4:f84a%10
   Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2620:9b::19d3:38e3
   Link-local IPv6 Address . . . . . : fe80::9563:4969:304e:82ca%27
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1

Tunnel adapter isatap.{BA45D5E6-E7EF-4E53-B37F-D92AEE065C5C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 44:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Reusable ISATAP Interface {E7D949A4-1A3A-44FC-A243-6A15B90BE089}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{F229A6DC-3858-4E18-AABF-F153A4340315}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Reusable ISATAP Interface {112518AD-8642-4DE4-8091-1EE6B789EA48}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Wireless Network Connection while it has its media disconnected.

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::e83b:e6ba:78f4:f84a%10
   IPv4 Address. . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2620:9b::19d3:38e3
   Link-local IPv6 Address . . . . . : fe80::9563:4969:304e:82ca%27
   IPv4 Address. . . . . . . . . . . : 25.211.56.227
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : 2620:9b::1900:1
                                       25.0.0.1

Tunnel adapter isatap.{BA45D5E6-E7EF-4E53-B37F-D92AEE065C5C}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 44:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Reusable ISATAP Interface {E7D949A4-1A3A-44FC-A243-6A15B90BE089}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{F229A6DC-3858-4E18-AABF-F153A4340315}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Reusable ISATAP Interface {112518AD-8642-4DE4-8091-1EE6B789EA48}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 488 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 00:25:43 ====


  • 0

#4
Essexboy
Posted 26 October 2015 - 08:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is the computer still slow, could I have a new FRST scan please
  • 0

#5
unsmiley
Posted 26 October 2015 - 07:26 PM

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Strangely, over the weekend, before we started working on this problem, the unresponsive script messages appeared to have stopped.  New FRST.txt results below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by RR (administrator) on RR-PC (26-10-2015 21:20:04)
Running from C:\Users\RR\Desktop
Loaded Profiles: RR (Available Profiles: RR & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe
() C:\PortProxyService\PortProxyService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(PSP Speech Recognition Systems) C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Merge Healthcare) C:\Program Files (x86)\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe
(WebInterstate Inc.) C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Merge Healthcare) C:\Program Files (x86)\Merge Healthcare\eFilm\efTray.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
() C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe
(June Fabrics Technology Inc.) C:\Program Files (x86)\PdaNet for Windows Mobile\PnHelp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_19_0_0_226_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
() C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
(BRIT Systems, Inc.) C:\BRIT\PacsView\BRITPacsView.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122440 2010-07-12] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking10\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PspUsbCf] => pspusbcf.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software)
HKLM-x32\...\Run: [eFilm Tray Icon] => C:\Program Files (x86)\Merge Healthcare\eFilm\efTray.exe [90112 2013-11-15] (Merge Healthcare)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-205398528-154359821-1429519996-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-17] (AVAST Software)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2010-07-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2012-04-12]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe ()
Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-02-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\RR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2013-03-25]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Windows Mobile\PdaNetPC.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{BA45D5E6-E7EF-4E53-B37F-D92AEE065C5C}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-17] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-17] (AVAST Software)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: HKLM-x32 {F80B9305-A013-11D2-BD23-00A024978908} hxxp://68.236.160.120/public/accuradimage.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2010-12-20] ()

FireFox:
========
FF ProfilePath: C:\Users\RR\AppData\Roaming\Mozilla\Firefox\Profiles\rl2lvyz2.default-1439429209230
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2012-07-31] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2011-12-09] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-17] [not signed]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-17] (AVAST Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [10997992 2015-02-12] (DisplayLink Corp.)
S4 efAuditorService.exe; C:\Program Files (x86)\Merge Healthcare\eFilm\Auditor\efAuditorService.exe [24576 2013-11-15] (Merge Healthcare) [File not signed]
S4 eFilmProcessManagerNT; C:\Program Files (x86)\Merge Healthcare\eFilm\efPMNT.exe [20992 2013-11-15] () [File not signed]
S4 eFilmXmppService.exe; C:\Program Files (x86)\Merge Healthcare\eFilm\eFilmXmppService.exe [106496 2013-11-15] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [147336 2012-01-31] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MSSQL$SQLEXPRESSEFILM; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 MWIPCServer; C:\Program Files (x86)\Medweb\Plugin\MWIPCServer.exe [38400 2010-03-18] () [File not signed]
R2 PortProxyService; C:\PortProxyService\PortProxyService.exe [28672 2006-07-24] () [File not signed]
S4 SAService; C:\Windows\system32\SAsrv.exe [445496 2010-03-25] (Conexant Systems, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
S3 slsService; C:\Program Files (x86)\Merge Healthcare\eFilm\slsService.exe [70656 2012-11-05] () [File not signed]
R2 SpeechClientUpdateService; C:\Program Files (x86)\SpeechQ Client\PatcherClient\SQPatcher.Client.exe [20480 2009-06-15] (PSP Speech Recognition Systems) [File not signed]
R2 VisualizationServicesRemotingService; C:\Program Files (x86)\Merge Healthcare\eFilm\Visualization Services\MergeeFilm.VisualizationServices.Remoting.WindowsServices.exe [20480 2013-11-15] (Merge Healthcare) [File not signed]
R2 webiRadServerService; C:\Program Files (x86)\WebInterstate\radserver\webiRadServerService.exe [144896 2010-06-29] (WebInterstate Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-17] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-17] (AVAST Software)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [77312 2010-05-31] (ASIX Electronics Corp.)
R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.7.60366.0.sys [46312 2015-02-13] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [58896 2010-07-12] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [15928 2011-09-16] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5504 2012-11-05] ()
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [197376 2009-10-16] (SMI)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [X]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 wdmirror; system32\DRIVERS\WDMirror.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-26 00:30 - 2015-10-26 00:30 - 00000000 ____D C:\Users\RR\467D5E81834948929E81C3674ED8E451.TMP
2015-10-26 00:27 - 2015-10-26 00:27 - 00000334 _____ C:\windows\PFRO.log
2015-10-26 00:20 - 2015-10-26 00:20 - 00000000 ____D C:\Users\RR\Desktop\FRST-OlderVersion
2015-10-26 00:18 - 2015-10-26 00:18 - 00000516 _____ C:\Users\RR\fixlist.txt
2015-10-24 20:04 - 2015-10-26 20:07 - 00000224 _____ C:\windows\setupact.log
2015-10-24 20:04 - 2015-10-24 20:04 - 00000000 _____ C:\windows\setuperr.log
2015-10-19 14:23 - 2015-10-19 14:23 - 00001069 _____ C:\Users\RR\Desktop\Secunia PSI.lnk
2015-10-16 01:03 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-16 01:03 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-15 23:59 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-10-15 23:59 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-10-15 23:59 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-10-15 23:59 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-10-15 23:59 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-10-15 23:59 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-10-15 23:59 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-10-15 23:59 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-10-15 23:59 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-10-15 23:59 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-10-15 23:59 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-10-15 23:58 - 2015-09-17 19:48 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-10-15 23:58 - 2015-09-17 19:48 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-10-15 23:58 - 2015-09-17 19:48 - 00603648 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-10-15 23:58 - 2015-09-17 19:48 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-10-15 23:58 - 2015-09-17 19:47 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-10-15 23:58 - 2015-09-17 19:47 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-10-15 23:58 - 2015-09-17 19:47 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-10-15 23:58 - 2015-09-17 19:47 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 15416320 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 03960832 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 02656768 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-10-15 23:58 - 2015-09-17 19:46 - 00857600 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-10-15 23:58 - 2015-09-17 19:46 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-10-15 23:58 - 2015-09-17 16:44 - 14290944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-10-15 23:58 - 2015-09-17 16:44 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-10-15 23:58 - 2015-09-17 16:44 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-10-15 23:58 - 2015-09-17 16:44 - 00525824 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-10-15 23:58 - 2015-09-17 16:44 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-10-15 23:58 - 2015-09-17 16:44 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-10-15 23:58 - 2015-09-17 16:44 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 13775360 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 02866176 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-10-15 23:58 - 2015-09-17 16:43 - 00715264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-10-15 23:58 - 2015-09-17 16:43 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-10-15 23:58 - 2015-09-17 14:58 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-10-15 23:58 - 2015-09-17 14:58 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-10-15 23:58 - 2015-09-17 14:31 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-10-15 23:58 - 2015-09-17 14:27 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-10-15 23:58 - 2015-09-17 14:06 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-10-15 23:58 - 2015-09-17 14:02 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-10-15 23:57 - 2015-09-25 14:07 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-10-15 23:57 - 2015-09-25 14:07 - 02607104 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-10-15 23:57 - 2015-09-25 14:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-10-15 23:57 - 2015-09-25 14:07 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-10-15 23:57 - 2015-09-25 14:07 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-10-15 23:57 - 2015-09-25 14:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-10-15 23:57 - 2015-09-25 14:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-10-15 23:57 - 2015-09-25 14:06 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-10-15 23:57 - 2015-09-25 14:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-10-15 23:57 - 2015-09-25 14:06 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-10-15 23:57 - 2015-09-25 14:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-10-15 23:57 - 2015-09-25 13:59 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-10-15 23:57 - 2015-09-25 13:59 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-10-15 23:57 - 2015-09-25 13:59 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-10-15 23:57 - 2015-09-25 13:59 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-10-15 23:57 - 2015-09-25 13:58 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-10-15 23:57 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-10-15 23:57 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-10-15 23:57 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-10-15 23:56 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-10-15 23:56 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-10-15 23:56 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-10-15 23:56 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-10-15 23:56 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-10-15 23:56 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-10-15 23:56 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-10-15 23:56 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-10-15 23:56 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-10-15 23:56 - 2015-09-28 23:16 - 05569472 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-10-15 23:56 - 2015-09-28 23:13 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-10-15 23:56 - 2015-09-28 23:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-10-15 23:56 - 2015-09-28 23:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-10-15 23:56 - 2015-09-28 23:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-10-15 23:56 - 2015-09-28 23:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-10-15 23:56 - 2015-09-28 23:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-10-15 23:56 - 2015-09-28 23:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-10-15 23:56 - 2015-09-28 23:05 - 03990976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-10-15 23:56 - 2015-09-28 23:05 - 03936192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-10-15 23:56 - 2015-09-28 23:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-10-15 23:56 - 2015-09-28 23:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-10-15 23:56 - 2015-09-28 23:02 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 23:01 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:59 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-10-15 23:56 - 2015-09-28 22:59 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-10-15 23:56 - 2015-09-28 22:59 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-10-15 23:56 - 2015-09-28 22:59 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-10-15 23:56 - 2015-09-28 22:59 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-10-15 23:56 - 2015-09-28 22:59 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-10-15 23:56 - 2015-09-28 22:58 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-10-15 23:56 - 2015-09-28 22:58 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-10-15 23:56 - 2015-09-28 22:58 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-10-15 23:56 - 2015-09-28 22:58 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-10-15 23:56 - 2015-09-28 22:57 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-10-15 23:56 - 2015-09-28 22:57 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-10-15 23:56 - 2015-09-28 22:57 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-10-15 23:56 - 2015-09-28 22:57 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-10-15 23:56 - 2015-09-28 22:53 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-10-15 23:56 - 2015-09-28 22:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 22:49 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 21:50 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-10-15 23:56 - 2015-09-28 21:49 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-10-15 23:56 - 2015-09-28 21:49 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-10-15 23:56 - 2015-09-28 21:43 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-10-15 23:56 - 2015-09-28 21:43 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-10-15 23:56 - 2015-09-28 21:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 21:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 21:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-15 23:56 - 2015-09-28 21:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-15 23:56 - 2015-09-15 14:17 - 00157016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-10-15 23:56 - 2015-09-15 14:17 - 00097112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-10-15 23:56 - 2015-09-15 14:11 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-10-15 23:56 - 2015-09-15 14:11 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-10-15 23:56 - 2015-09-15 14:11 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-10-15 23:56 - 2015-09-15 14:11 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-10-15 23:56 - 2015-09-15 14:11 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-10-15 23:56 - 2015-09-15 14:11 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-10-15 23:56 - 2015-09-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-10-15 23:56 - 2015-09-15 13:36 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-10-15 23:56 - 2015-09-15 13:36 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-10-15 23:56 - 2015-09-15 13:36 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-10-15 23:56 - 2015-09-15 13:35 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-10-15 23:55 - 2015-08-06 14:04 - 14176768 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-10-15 23:55 - 2015-08-06 14:03 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2015-10-15 23:55 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-10-15 23:55 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2015-10-15 23:55 - 2015-08-05 13:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-10-15 23:55 - 2015-08-05 13:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-10-15 23:55 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-10-15 23:55 - 2015-07-14 23:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-10-15 23:55 - 2015-07-14 22:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-10-15 23:55 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-10-15 23:55 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-10-15 23:55 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-10-15 23:55 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-10-15 23:55 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-10-15 23:55 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-10-15 23:55 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-10-15 23:55 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-10-15 23:55 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-10-15 23:55 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-10-15 23:55 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-10-15 23:55 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-10-15 23:54 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-10-15 23:54 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-10-15 23:54 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-10-15 23:54 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-10-15 23:54 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-10-15 23:54 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-10-15 23:54 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-10-15 23:54 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-10-15 23:54 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-10-15 23:54 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-10-15 23:54 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-10-15 23:54 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-10-15 23:54 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-10-15 23:54 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-10-15 23:54 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-10-15 23:53 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-10-15 23:53 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-10-15 23:53 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-10-15 23:53 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-10-15 23:53 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-10-15 23:53 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-10-15 23:53 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-10-15 23:53 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-10-15 23:53 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-10-15 23:53 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-10-15 23:53 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-10-15 23:53 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-10-15 23:53 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-10-15 23:53 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-10-15 23:53 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-10-15 23:53 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-10-15 23:53 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-10-15 23:53 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-10-15 23:53 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-10-15 23:53 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-10-15 23:23 - 2015-09-01 23:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-10-15 23:23 - 2015-09-01 23:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-10-15 23:23 - 2015-09-01 23:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-10-15 23:23 - 2015-09-01 23:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-10-15 23:23 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-10-15 23:23 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-10-15 23:23 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-10-15 23:23 - 2015-09-01 22:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-10-15 23:23 - 2015-09-01 21:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-10-15 23:23 - 2015-09-01 21:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-10-15 23:23 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-10-14 23:15 - 2015-10-14 23:16 - 00042863 _____ C:\Users\RR\Desktop\Addition.txt
2015-10-14 23:05 - 2015-10-26 21:20 - 00019116 _____ C:\Users\RR\Desktop\FRST.txt
2015-10-14 23:04 - 2015-10-26 21:20 - 00000000 ____D C:\FRST
2015-10-14 22:57 - 2015-10-26 00:20 - 02197504 _____ (Farbar) C:\Users\RR\Desktop\FRST64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-26 21:05 - 2015-09-09 15:11 - 00000000 ____D C:\spool
2015-10-26 21:01 - 2014-04-15 13:34 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-26 20:45 - 2014-01-02 19:24 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-26 20:27 - 2013-07-03 14:14 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-10-26 20:20 - 2014-09-15 22:24 - 00000264 _____ C:\windows\SysWOW64\winsusrm.dll
2015-10-26 20:19 - 2009-07-14 00:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-26 20:19 - 2009-07-14 00:45 - 00013632 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-26 20:16 - 2010-07-12 13:27 - 01641016 _____ C:\windows\WindowsUpdate.log
2015-10-26 20:11 - 2014-01-21 15:19 - 00000000 ____D C:\Users\RR\AppData\Local\LogMeIn Hamachi
2015-10-26 20:10 - 2014-01-02 19:24 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-26 20:10 - 2010-07-12 13:40 - 15423511 _____ C:\FaceProv.log
2015-10-26 20:10 - 2010-07-12 13:37 - 00000000 ____D C:\ProgramData\VeriFace
2015-10-26 20:07 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-10-26 00:30 - 2010-09-09 15:32 - 00000000 ____D C:\Users\RR
2015-10-26 00:01 - 2010-09-11 23:39 - 00000000 ____D C:\Users\RR\AppData\Roaming\Skype
2015-10-25 00:28 - 2011-03-31 23:55 - 00000000 ____D C:\Users\RR\Documents\Hong
2015-10-24 20:42 - 2010-10-18 22:42 - 00001275 _____ C:\Users\RR\AppData\Roaming\SAS7_000.DAT
2015-10-24 20:41 - 2010-06-28 02:41 - 00000000 ____D C:\ProgramData\Temp
2015-10-22 00:33 - 2012-03-05 00:24 - 00000000 ____D C:\Users\RR\AppData\Local\CrashDumps
2015-10-20 13:39 - 2013-07-03 23:49 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-10-20 00:31 - 2010-09-30 22:28 - 00000000 ____D C:\Users\RR\Documents\Junk Lenovo
2015-10-18 01:05 - 2009-07-29 03:00 - 00000000 ____D C:\windows\Panther
2015-10-17 22:27 - 2013-07-03 14:14 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 22:27 - 2013-07-03 14:14 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 22:27 - 2013-07-03 14:14 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 19:30 - 2009-07-14 00:45 - 00417880 _____ C:\windows\system32\FNTCACHE.DAT
2015-10-16 19:24 - 2009-07-29 03:23 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-16 19:24 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-10-16 01:28 - 2013-09-03 12:55 - 00000000 ____D C:\windows\system32\MRT
2015-10-16 01:08 - 2010-09-10 21:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-16 00:39 - 2012-04-12 17:39 - 00854114 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-10-16 00:39 - 2009-07-14 01:13 - 00854114 _____ C:\windows\system32\PerfStringBackup.INI
2015-10-13 17:40 - 2014-04-14 23:57 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-13 17:40 - 2014-04-14 23:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-08 00:31 - 2011-06-19 12:52 - 00000000 ____D C:\windows\Minidump
2015-10-05 09:50 - 2014-04-14 23:57 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2014-04-14 23:57 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2010-09-17 23:06 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-10-02 12:09 - 2010-10-19 21:16 - 143481208 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-09-30 16:29 - 2013-03-14 00:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-30 16:29 - 2013-03-14 00:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-30 00:04 - 2013-03-14 00:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

==================== Files in the root of some directories =======

2015-06-02 22:53 - 2015-06-02 22:53 - 0038452 _____ () C:\Users\RR\AppData\Roaming\Comma Separated Values (Windows).ADR
2010-10-18 22:42 - 2015-10-24 20:42 - 0001275 _____ () C:\Users\RR\AppData\Roaming\SAS7_000.DAT
2013-03-14 23:24 - 2013-03-14 23:24 - 0000034 _____ () C:\Users\RR\AppData\Local\.20516086_uid
2013-09-01 23:10 - 2014-03-16 00:30 - 0005632 _____ () C:\Users\RR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-12 18:07 - 2012-04-12 18:07 - 0000090 _____ () C:\Users\RR\AppData\Local\fusioncache.dat
2015-09-09 15:07 - 2015-01-19 17:46 - 0010240 _____ () C:\Users\RR\AppData\Local\Z@!-b8b139ad-3974-4c8f-aaa2-3fc02deb121d.tmp
2015-09-09 15:07 - 2015-01-19 17:46 - 0009216 _____ () C:\Users\RR\AppData\Local\Z@S!-5c548b25-1d9a-4efd-ab5c-8c2c15c05322.tmp
2010-09-11 23:52 - 2010-09-11 23:52 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\RR\AppData\Local\Temp\Foxit Updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-12 21:19

==================== End of FRST.txt ============================


  • 0

#6
Essexboy
Posted 27 October 2015 - 08:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Looks clean, are you experiencing any problems ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
2015-10-26 00:30 - 2015-10-26 00:30 - 00000000 ____D C:\Users\RR\467D5E81834948929E81C3674ED8E451.TMP
2015-09-09 15:07 - 2015-01-19 17:46 - 0010240 _____ () C:\Users\RR\AppData\Local\Z@!-b8b139ad-3974-4c8f-aaa2-3fc02deb121d.tmp
2015-09-09 15:07 - 2015-01-19 17:46 - 0009216 _____ () C:\Users\RR\AppData\Local\Z@S!-5c548b25-1d9a-4efd-ab5c-8c2c15c05322.tmp
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#7
unsmiley
Posted 27 October 2015 - 06:59 PM

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

I have not experienced the original problem I contacted you about, but something new has arisen since we started. 

 

When the computer boots up, I have been getting error messages about Cisco Systems VPN client 5.0.07.0290. (Note that these messages did NOT appear just now after the required reboot for the FRST fix, but have occurred every other time upon startup since you began working with me.)   They state that "The feature you are trying to use is on network resource that is unavailable.  Click OK to try again, or enter an alternate path to a folder containing the installation package 'vpnclient_setup.msi' in the box below."  If I continue, I get this message:  "Please wait while Windows configures Cisco Systems VPN Client 5.0.07.0290."  That is followed with: "Error 1706.  No valid source could be found for product Cisco Systems VPN Client 5.0.07.0290.  Windows Installer cannot continue."  If I then click OK, I do not seem to have any problem.  What is this and how to correct?  Thanks.

 

Fixlog.txt is below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by RR (2015-10-27 20:37:51) Run:2
Running from C:\Users\RR\Desktop
Loaded Profiles: RR (Available Profiles: RR & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-205398528-154359821-1429519996-1000 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No File
2015-10-26 00:30 - 2015-10-26 00:30 - 00000000 ____D C:\Users\RR\467D5E81834948929E81C3674ED8E451.TMP
2015-09-09 15:07 - 2015-01-19 17:46 - 0010240 _____ () C:\Users\RR\AppData\Local\Z@!-b8b139ad-3974-4c8f-aaa2-3fc02deb121d.tmp
2015-09-09 15:07 - 2015-01-19 17:46 - 0009216 _____ () C:\Users\RR\AppData\Local\Z@S!-5c548b25-1d9a-4efd-ab5c-8c2c15c05322.tmp
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-205398528-154359821-1429519996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found.
C:\Users\RR\467D5E81834948929E81C3674ED8E451.TMP => moved successfully
C:\Users\RR\AppData\Local\Z@!-b8b139ad-3974-4c8f-aaa2-3fc02deb121d.tmp => moved successfully
C:\Users\RR\AppData\Local\Z@S!-5c548b25-1d9a-4efd-ab5c-8c2c15c05322.tmp => moved successfully

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 74.1 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 20:39:01 ====


  • 0

#8
Essexboy
Posted 28 October 2015 - 08:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you download a fresh copy of the programme from here https://old-www.wsu....llCiscoVPN.htmland install it, does that clear the error
  • 0

#9
unsmiley
Posted 01 November 2015 - 06:42 PM

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

1.  Yes that cleared the error about the VPN client, thanks.

 

2.  I did get one "unresponsive script" error yesterday, after several days without such a problem.


  • 0

#10
Essexboy
Posted 02 November 2015 - 08:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sometimes that is due to bad scripting on the website... Any further problems before I tidy up ?
  • 0

#11
unsmiley
Posted 04 November 2015 - 09:46 PM

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

Computer still (although less frequently - maybe once in a 2 hour browsing session) slows down for no apparent reason, which is then followed by an unresponsive script error.  The slowness persists until I reboot. Is there anything else I can do, or any settings I can change, to lessen this? 

 

Another thing I have seen the last two days:  While using Firefox, I have seen the following Shockwave Flash error pop up several times. "Warning: Unresponsive plugin.  Shockwave Flash may be busy, or it may have stopped responding.  You can stop the plugin now, or you can continue to see if the plugin will complete."   What is this and could this be related to my original problem?


Edited by unsmiley, 04 November 2015 - 10:08 PM.

  • 0

#12
Essexboy
Posted 05 November 2015 - 08:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Are all these errors in firefox alone ?


  • 0

#13
unsmiley
Posted 07 November 2015 - 07:59 PM

unsmiley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts

My original problem - unresponsive script errors - occur in both FIrefox and IE.

 

The newer problem - Shockwave flash error of unresponsive plugin is only in Firefox.


  • 0

#14
Essexboy
Posted 08 November 2015 - 05:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you try firefox in safe mode and see if the flash error still happens https://support.mozi...using-safe-mode
  • 0

#15
Essexboy
Posted 12 November 2015 - 11:23 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP