Solved Weird picture and message

Tom14925 · Apr 23, 2015

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R1 RapportCerberus_42020; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-13] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-22] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-07] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-22] (Trusteer Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-12] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

Tom14925 · Apr 23, 2015

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 15:49 - 2015-04-23 15:49 - 00000000 ____D () C:\Users\Tom\Desktop\FRST-OlderVersion
2015-04-23 12:29 - 2015-04-23 13:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-23 12:29 - 2015-04-23 12:29 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-23 12:26 - 2015-04-23 12:28 - 11028616 _____ (SurfRight B.V.) C:\Users\Tom\Downloads\HitmanPro_x64.exe
2015-04-23 10:56 - 2015-04-23 10:56 - 00000598 _____ () C:\Users\Tom\Desktop\JRT.txt
2015-04-18 18:15 - 2015-04-18 18:15 - 02686137 _____ (Thisisu) C:\Users\Tom\Desktop\JRT(2).exe
2015-04-18 18:15 - 2015-04-18 18:15 - 02686137 _____ (Thisisu) C:\Users\Tom\Desktop\JRT(1).exe
2015-04-18 18:01 - 2015-04-18 18:01 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOM-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-18 18:01 - 2015-04-18 18:01 - 00000000 ____D () C:\RegBackup
2015-04-18 17:58 - 2015-04-23 01:22 - 02685470 _____ (Thisisu) C:\Users\Tom\Desktop\JRT_NEW.exe
2015-04-18 17:58 - 2015-04-18 17:58 - 02686137 _____ (Thisisu) C:\Users\Tom\Desktop\JRT.exe
2015-04-16 19:11 - 2015-04-16 19:11 - 00002669 _____ () C:\Users\Tom\Desktop\Print Meineke Coupons.htm
2015-04-16 19:11 - 2015-04-16 19:11 - 00000000 ____D () C:\Users\Tom\Desktop\Print Meineke Coupons_files
2015-04-15 15:12 - 2015-04-23 10:41 - 00000000 ____D () C:\AdwCleaner
2015-04-15 15:11 - 2015-04-15 15:11 - 02217984 _____ () C:\Users\Tom\Desktop\adwcleaner_4.201.exe
2015-04-15 09:04 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 09:04 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 09:04 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 09:04 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 09:04 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 09:04 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 09:04 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 09:04 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 09:04 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 09:04 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 09:04 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 09:04 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 09:04 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 09:04 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 09:04 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 09:04 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 09:03 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 09:03 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 09:03 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 09:03 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 09:03 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 09:03 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 09:03 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 09:03 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 09:03 - 2015-03-10 01:29 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

Tom14925 · Apr 23, 2015

2015-04-15 09:03 - 2015-03-10 01:28 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 09:03 - 2015-03-10 01:28 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 09:03 - 2015-03-10 01:28 - 00600576 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 19292672 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 15409152 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 02656256 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 09:03 - 2015-03-10 01:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 09:03 - 2015-03-10 01:26 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 09:03 - 2015-03-10 01:26 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 09:03 - 2015-03-10 01:26 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 14373376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 09:03 - 2015-03-09 23:49 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 13767680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 09:03 - 2015-03-09 23:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

Tom14925 · Apr 23, 2015

2015-04-15 09:03 - 2015-03-09 23:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 09:03 - 2015-03-09 23:48 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 09:03 - 2015-03-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 09:03 - 2015-03-09 23:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 09:03 - 2015-03-09 23:07 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 09:03 - 2015-03-09 22:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 09:03 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:03 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 09:02 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 09:02 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 09:02 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 09:02 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:02 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 09:02 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 09:02 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 09:02 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 09:02 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 09:02 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 09:02 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 09:02 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 09:02 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 09:02 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 09:02 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

Tom14925 · Apr 23, 2015

2015-04-15 09:02 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 09:02 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 09:02 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 09:02 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 09:02 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 09:02 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 09:02 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 09:02 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 09:02 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 09:02 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 09:02 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 09:02 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 09:02 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

Tom14925 · Apr 23, 2015

2015-04-15 09:02 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 09:02 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 09:02 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 09:02 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 09:02 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 09:02 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 09:02 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 09:02 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 09:02 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:02 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 09:02 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 09:02 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 09:01 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:01 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:01 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 09:01 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 20:38 - 2015-04-14 20:38 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashDumps
2015-04-14 10:57 - 2015-04-14 11:09 - 00000000 ____D () C:\Users\Tom\Desktop\MPSG Programme
2015-04-12 17:55 - 2015-04-23 11:20 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-12 17:54 - 2015-04-12 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-12 17:54 - 2015-04-12 17:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-12 17:54 - 2015-04-12 17:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-12 17:54 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-12 17:54 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-12 17:54 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 17:53 - 2015-04-12 17:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Tom\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-12 16:45 - 2015-04-12 19:06 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-12 16:45 - 2015-04-12 16:45 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-12 16:44 - 2015-04-12 16:45 - 16849496 _____ () C:\Users\Tom\Desktop\RogueKiller.exe
2015-04-09 20:21 - 2015-04-09 20:22 - 00032998 _____ () C:\Users\Tom\Desktop\Addition.txt
2015-04-09 20:19 - 2015-04-23 15:51 - 00025671 _____ () C:\Users\Tom\Desktop\FRST.txt
2015-04-09 20:18 - 2015-04-23 15:49 - 02099712 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2015-04-09 20:18 - 2015-04-23 15:49 - 00000000 ____D () C:\FRST
2015-04-08 21:12 - 2015-04-15 18:30 - 00000000 ____D () C:\Users\Tom\Desktop\2014 Tax Return
2015-04-04 11:48 - 2015-04-05 09:13 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:48 - 2015-04-04 11:48 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 11:39 - 2015-04-21 15:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-01 14:57 - 2015-04-01 14:57 - 00001797 _____ () C:\Users\Tom\Desktop\Spotify.lnk
2015-03-28 14:59 - 2015-03-28 14:59 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-03-28 14:59 - 2015-03-28 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-03-27 09:29 - 2015-03-27 09:29 - 00000000 ____D () C:\Users\Tom\Documents\Amazon MP3

Tom14925 · Apr 23, 2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-23 15:28 - 2013-10-18 18:23 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 15:28 - 2012-07-26 07:41 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Spotify
2015-04-23 15:09 - 2012-07-26 07:41 - 00000000 ____D () C:\Users\Tom\AppData\Local\Spotify
2015-04-23 14:57 - 2012-04-13 07:20 - 02072526 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 14:43 - 2012-07-17 05:06 - 00000387 _____ () C:\Users\Tom\AppData\Roaming\sp_data.sys
2015-04-23 12:31 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 12:31 - 2009-07-14 00:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 12:19 - 2013-09-19 10:27 - 00000000 ___RD () C:\Users\Tom\Documents\Dropbox
2015-04-23 12:19 - 2013-09-19 10:23 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Dropbox
2015-04-23 12:18 - 2013-10-18 18:23 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 12:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 12:05 - 2011-11-23 17:03 - 00600302 _____ () C:\Windows\PFRO.log
2015-04-23 12:05 - 2009-07-14 00:51 - 00233450 _____ () C:\Windows\setupact.log
2015-04-22 09:13 - 2012-07-17 05:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-21 16:41 - 2012-08-07 05:38 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
2015-04-16 19:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 18:15 - 2012-07-26 05:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-16 18:13 - 2013-10-22 10:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-16 17:00 - 2014-12-11 22:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:00 - 2014-05-07 10:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 11:29 - 2011-11-23 17:54 - 00782160 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 11:29 - 2009-07-14 01:13 - 00782160 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-16 11:18 - 2013-07-14 03:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 10:38 - 2012-07-18 18:54 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 10:33 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini
2015-04-15 08:22 - 2014-11-19 11:08 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 08:22 - 2014-11-19 11:08 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 09:00 - 2012-04-13 07:29 - 00001539 _____ () C:\Windows\system32\ServiceFilter.ini
2015-04-08 08:50 - 2013-09-19 10:24 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-01 14:57 - 2012-07-26 07:41 - 00001783 _____ () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-03-27 09:29 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-26 16:40 - 2012-07-17 13:30 - 00000000 ____D () C:\Users\Tom\Documents\Z not work
2015-03-26 16:39 - 2012-07-17 08:31 - 00000000 ____D () C:\Users\Tom\Documents\Other Work
2015-03-26 15:26 - 2011-11-23 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-03-26 15:26 - 2011-11-23 17:56 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-03-26 15:19 - 2012-07-17 13:07 - 00000000 ____D () C:\Users\Tom\Documents\Publications and Papers
2015-03-24 16:43 - 2014-10-18 15:00 - 00000000 ____D () C:\Users\Tom\AppData\Local\Adobe

Tom14925 · Apr 23, 2015

==================== Files in the root of some directories =======

2014-06-02 17:43 - 2014-06-02 17:43 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-05-26 15:30 - 2014-05-26 15:33 - 0028427 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values.ADR
2012-07-17 05:06 - 2015-04-23 14:43 - 0000387 _____ () C:\Users\Tom\AppData\Roaming\sp_data.sys
2014-01-02 14:39 - 2014-01-02 14:39 - 0000183 _____ () C:\Users\Tom\AppData\Local\LaunchHomeCenter.log
2012-09-25 07:18 - 2012-09-25 07:18 - 0000218 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2011-11-23 17:57 - 2010-10-06 13:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-04-13 07:33 - 2012-04-13 07:33 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-04-13 07:32 - 2012-04-13 07:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-04-13 07:32 - 2012-04-13 07:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some content of TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Tom\AppData\Local\Temp\Checkupdate.exe
C:\Users\Tom\AppData\Local\Temp\CountInstallation.exe
C:\Users\Tom\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Tom\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5eqnt.dll
C:\Users\Tom\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Tom\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Tom\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Tom\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Tom\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Tom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Tom\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Tom\AppData\Local\Temp\ose00000.exe
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\RescueTimeInstaller.exe
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tom\AppData\Local\Temp\sqlite3.dll
C:\Users\Tom\AppData\Local\Temp\xc_loader.exe

Tom14925 · Apr 23, 2015

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-14 09:33

==================== End Of Log ============================

Tom14925 · Apr 23, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-04-2015
Ran by Tom at 2015-04-23 15:52:59
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1695810290-1042299647-2935350824-500 - Administrator - Disabled)
Guest (S-1-5-21-1695810290-1042299647-2935350824-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1695810290-1042299647-2935350824-1002 - Limited - Enabled)
Tom (S-1-5-21-1695810290-1042299647-2935350824-1001 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Tom14925 · Apr 23, 2015

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.4.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0015 - ASUS)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.5 - Auslogics Software Pty Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version: - )
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Tom14925 · Apr 23, 2015

Dropbox (HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.3.320 - Foxit Software Inc.)
Free YouTube Downloader 3.5.128 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.)
Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HMA! Pro VPN 2.8.11.2 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.11.2 - Privax Ltd)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
IU Printer Finder (HKLM-x32\...\{D1BCF383-3FBD-4116-BDFD-31096EDAFAA9}) (Version: 5.0.42.69 - Indiana University)
IU Wireless Wizard (HKLM-x32\...\{71FC8487-818A-4BA6-BA18-8DA49F5CBC12}) (Version: 6.0.97.0 - Indiana University)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)

Tom14925 · Apr 23, 2015

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Mendeley Desktop 1.9.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.9.2 - Mendeley Ltd.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Oracle Secure Global Desktop Client (HKLM-x32\...\{655D602B-70C3-4D78-8C37-EE6721670E9C}) (Version: 4.61.915 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Split & Merge 6.0 (HKLM\...\PDF Split & Merge_is1) (Version: 6.0 - Bureausoft Corporation)
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapport (HKLM-x32\...\Rapport_msi) (Version: 3.5.1205.11 - Trusteer)
Rapport (Version: 3.5.1205.11 - Trusteer) Hidden

Tom14925 · Apr 23, 2015

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6454 - Realtek Semiconductor Corp.)
RescueTime 2.6.1 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Solid YouTube Downloader and Converter 4.9.6 (HKLM-x32\...\{66712EEE-ECBC-4CA6-A474-youtube-downloader-and-~EF55A6A4_is1) (Version: - DreamVideoSoft,Inc.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.0.0.4 - Synopsys )
Spotify (HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.74 - NCH Software)
VSee (HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\...\VSee) (Version: 14.0.0.1126 - VSee Lab Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
Zotero Standalone 3.0.8 (x86 en-US) (HKLM-x32\...\Zotero Standalone 3.0.8 (x86 en-US)) (Version: 3.0.8 - Zotero)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Tom\AppData\Local\Citrix\GoToMeeting\1831\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

Tom14925 · Apr 23, 2015

CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

11-04-2015 12:17:13 Windows Update
15-04-2015 09:04:08 Windows Update
16-04-2015 10:12:23 Windows Update
16-04-2015 18:08:28 Windows Update
19-04-2015 19:51:13 Windows Update
23-04-2015 14:48:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02E394EC-E6FF-4D8F-A993-2D3E36D2274F} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {0C5A5599-B083-4AE7-835C-165F2F2D71E5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {132199A3-7444-4F4C-BC9F-F47805E289CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-18] (Google Inc.)
Task: {31247203-D795-4228-BB31-B433E9991A3F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {619D2540-56A8-4E24-B9F1-C327339B2997} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {7266BF8C-9DCD-4235-9360-E2E85C32D81E} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-15] (ASUS)
Task: {7C8F4005-C14F-4AF7-B867-FE6547BAA6B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8512A416-92AC-46BB-BBA2-671FD8E95BB5} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {8AF67F25-A855-43AA-A0D4-9260B066B5C5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {8B4C908D-1F60-4C52-9FAB-E5520C6375FA} - System32\Tasks\{C4DFE59F-E1AD-4143-96BE-AD405534FB04} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.107/en/abandoninstall?page=tsProgressBar
Task: {97F69D67-521D-4C3B-AC29-63447CAA4A0C} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {9C3848A5-7B8C-4703-9298-9B91C2C58687} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-18] (Google Inc.)
Task: {AD7C6496-E5F8-43B9-B0C1-1782C7476BE0} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {BC557D49-286D-4435-AEAD-C157923C7ACF} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BFF32E8C-BCC7-499D-8064-64225CF667AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D05BDAC0-8EB5-43E0-A161-2428946B9076} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Tom14925 · Apr 23, 2015

Task: {D14BC221-4472-448B-A7FD-B0DA0A585275} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {DE757571-208D-4239-A266-1248367A7F7D} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {E4995F1A-E14D-4DB0-9062-B1F1ACBA5A7E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {EB1BCE7B-FFEE-433F-B483-E2FCE04B6414} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-22] (ASUSTek Computer Inc.)
Task: {F24793C6-77FC-4B49-89BC-B17C8006A2ED} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {F46A1EF5-8AD9-41A7-AB71-687EE364788D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {F6E22B09-D296-4F02-940A-9FB12EC8403D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {FBE0E73A-CB55-4084-8D18-F227A0846CC3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-25 14:34 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2012-12-24 10:49 - 2012-12-24 10:49 - 00039936 _____ () C:\Windows\System32\R6E6AM.DLL
2011-06-15 00:57 - 2011-06-15 00:57 - 00034304 _____ () C:\Windows\System32\ssb6mlm.dll
2014-08-25 14:35 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-14 19:11 - 2010-07-14 19:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-03-04 21:24 - 2011-05-05 08:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2014-09-25 13:33 - 2014-09-25 13:33 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 01424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2013-07-24 07:45 - 2015-03-26 18:05 - 00468480 _____ () C:\Program Files (x86)\Mendeley Desktop\MendeleyWordPlugin.exe
2007-07-12 14:11 - 2007-07-12 14:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2015-04-23 12:19 - 2015-04-23 12:19 - 00043008 _____ () c:\users\tom\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5eqnt.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Tom\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Tom\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Tom\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Tom\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-17 16:11 - 2014-12-17 16:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-12-17 16:11 - 2014-12-17 16:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-02-21 17:49 - 2012-02-21 17:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 12:57 - 2010-08-20 12:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-11-19 13:59 - 2014-11-19 13:59 - 01020928 _____ () C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\ch95jqh8.default-1413924439046\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-03-11 22:01 - 2015-04-01 14:57 - 40506936 _____ () C:\Users\Tom\AppData\Roaming\Spotify\libcef.dll
2015-03-11 22:01 - 2015-03-23 09:15 - 09305656 _____ () C:\Users\Tom\AppData\Roaming\Spotify\pdf.dll
2015-03-11 22:01 - 2015-04-01 14:57 - 00990776 _____ () C:\Users\Tom\AppData\Roaming\Spotify\ffmpegsumo.dll
2013-07-24 07:45 - 2015-03-26 18:05 - 00471040 _____ () C:\Program Files (x86)\Mendeley Desktop\Mendeley.dll

Tom14925 · Apr 23, 2015

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:77846FFE

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\...\samsungsetup.com -> hxxp://www.samsungsetup.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.79.1.1 - 129.79.5.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk => C:\Windows\pss\FancyStart daemon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EPSON SX125 Series (Copy 1) => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU "C:\Windows\TEMP\E_S1174.tmp" /EF "HKCU"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

Tom14925 · Apr 23, 2015

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/23/2015 01:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1467

Error: (04/23/2015 01:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1467

Error: (04/23/2015 01:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2015 05:33:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1357

Error: (04/22/2015 05:33:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1357

Error: (04/22/2015 05:23:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2015 03:47:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2247

Error: (04/22/2015 03:47:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2247

Error: (04/22/2015 03:47:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2015 03:47:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1124

Tom14925 · Apr 23, 2015

System errors:
=============
Error: (04/23/2015 02:45:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (04/23/2015 02:45:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {36471C67-6A93-4434-92CC-4C614CD06666}

Error: (04/23/2015 02:44:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (04/23/2015 00:16:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.197.248.0

Update Source: %NT AUTHORITY59

Update Stage: 4.7.0205.00

Source Path: 4.7.0205.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Tom14925 · Apr 23, 2015

Error: (04/23/2015 00:16:20 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (04/23/2015 00:15:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/23/2015 00:08:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (04/23/2015 00:07:10 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (04/23/2015 00:07:10 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x80070005

Error description: Access is denied.

Reason: %%892

Error: (04/23/2015 00:04:54 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll

Microsoft Office Sessions:
=========================
Error: (04/23/2015 01:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1467

Error: (04/23/2015 01:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1467

Error: (04/23/2015 01:49:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2015 05:33:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1357

Error: (04/22/2015 05:33:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1357

Error: (04/22/2015 05:23:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2015 03:47:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2247

Error: (04/22/2015 03:47:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2247

Error: (04/22/2015 03:47:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/22/2015 03:47:46 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1124

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
Percentage of memory in use: 64%
Total physical RAM: 4000.13 MB
Available physical RAM: 1430.65 MB
Total Pagefile: 7998.44 MB
Available Pagefile: 4614.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:50.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:254.46 GB) (Free:248.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=254.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Tom14925 · Apr 23, 2015

Done!

Sorry for the many posts; firefox was crashing any time I tried to paste more than a minimal amount of text.

Broni · Apr 23, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Tom14925 · Apr 23, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-04-2015
Ran by Tom at 2015-04-23 19:50:45 Run:1
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available profiles: Tom)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKU\S-1-5-21-1695810290-1042299647-2935350824-1001 -> {72D7C6D6-CF2B-4AC1-8DC2-1B7E62370CBF} URL =
2014-06-02 17:43 - 2014-06-02 17:43 - 14936064 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-05-26 15:30 - 2014-05-26 15:33 - 0028427 _____ () C:\Users\Tom\AppData\Roaming\Comma Separated Values.ADR
2012-07-17 05:06 - 2015-04-23 14:43 - 0000387 _____ () C:\Users\Tom\AppData\Roaming\sp_data.sys
2014-01-02 14:39 - 2014-01-02 14:39 - 0000183 _____ () C:\Users\Tom\AppData\Local\LaunchHomeCenter.log
2012-09-25 07:18 - 2012-09-25 07:18 - 0000218 _____ () C:\Users\Tom\AppData\Local\recently-used.xbel
2011-11-23 17:57 - 2010-10-06 13:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-04-13 07:33 - 2012-04-13 07:33 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-04-13 07:32 - 2012-04-13 07:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-04-13 07:32 - 2012-04-13 07:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
C:\Users\Tom\AppData\Local\Temp\AudibleDM_iTunesSetup.exe
C:\Users\Tom\AppData\Local\Temp\Checkupdate.exe
C:\Users\Tom\AppData\Local\Temp\CountInstallation.exe
C:\Users\Tom\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Tom\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5eqnt.dll
C:\Users\Tom\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Tom\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Tom\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Tom\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Tom\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Tom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Tom\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Tom\AppData\Local\Temp\ose00000.exe
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe
C:\Users\Tom\AppData\Local\Temp\RescueTimeInstaller.exe
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tom\AppData\Local\Temp\sqlite3.dll
C:\Users\Tom\AppData\Local\Temp\xc_loader.exe
AlternateDataStreams: C:\ProgramData\Temp:77846FFE

Tom14925 · Apr 23, 2015

*****************

"HKU\S-1-5-21-1695810290-1042299647-2935350824-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{72D7C6D6-CF2B-4AC1-8DC2-1B7E62370CBF}" => Key deleted successfully.
HKCR\CLSID\{72D7C6D6-CF2B-4AC1-8DC2-1B7E62370CBF} => Key not found.
C:\Program Files (x86)\Common Files\lpuninstall.exe => Moved successfully.
C:\Users\Tom\AppData\Roaming\Comma Separated Values.ADR => Moved successfully.
C:\Users\Tom\AppData\Roaming\sp_data.sys => Moved successfully.
C:\Users\Tom\AppData\Local\LaunchHomeCenter.log => Moved successfully.
C:\Users\Tom\AppData\Local\recently-used.xbel => Moved successfully.
C:\ProgramData\FullRemove.exe => Moved successfully.
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => Moved successfully.
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => Moved successfully.
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\AudibleDM_iTunesSetup.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\Checkupdate.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\CountInstallation.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpf5eqnt.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\Foxit Reader Updater.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\Foxit Updater.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\FoxitUpdater.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\gcapi_dll.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\gtapi_signed.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\jre-8u31-windows-au.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\RescueTimeInstaller.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Tom\AppData\Local\Temp\xc_loader.exe => Moved successfully.
C:\ProgramData\Temp => ":77846FFE" ADS removed successfully.

==== End of Fixlog 19:50:54 ====

Broni · Apr 23, 2015

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

Solved Weird picture and message

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 45 +0

Posts: 56,041 +516

Attachments

Posts: 45 +0

Posts: 45 +0

Posts: 56,041 +516

Similar threads