Jump to content

Tziazoui

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Good morning y'all. I had posted a few days ago seeking help in reading these logs but I hadn't heard from anyone and I got a little worried. Hoping it can get some traction this time around. Appreciate the help ! Linking MBAMLOG FIRST , Followed by FRST Log. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/28/2015 Scan Time: 9:07 AM Logfile: NicholasMBAMlog.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.28.03 Rootkit Database: v2015.09.22.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 838490 Time Elapsed: 51 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 10 Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [9fa47fb62f5cff37398da71abe4530d0] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [60e3e1547d0e270f735328999172718f] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [bc876cc934575adc9432e8d9cd36ac54] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [9ca773c2e6a5c373bb0ba61b966d9a66] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [7ec5999c28633afcb1157150e41f9e62] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [73d041f4404b152141850ab7847ffc04] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [380b22139deed3639f2720a142c1c13f] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [90b30431107b49edf1d52a97729158a8] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [62e167ced0bb94a2279fffc2e91a738d] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [5de62d08127966d0893d2d94e91a04fc] Registry Data: 44 PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[59eaac894843ce68a8601165986db44c] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[f74c260f0982df578be636452bda4cb4] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[2d1675c0fa91b58135d493e313f2cb35] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[192abb7a35568caa8a7e8aec37ce4eb2] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[f1525fd6b7d4c86eff27bbbbbf4634cc] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[d0732d08e3a80432d523ed8820e58f71] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[88bb0e27305b9b9be09191eaaa5bf60a] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[d66dae87395238fe19f0e78f5da8d927] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[6fd472c36d1e68ce4ebadb9bea1b33cd] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[3c07db5a0685ea4c32f46d09ad589f61] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[7ac944f14c3ff442a157d4a1669f17e9] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[7ac90c29a8e3b185551cd4a7798c24dc] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[3d0657deec9fa88e9b6ed79fff06c739] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[63e05cd9d6b5c76fec1ce09661a4966a] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[073ce74e018a38fe47dfcfa72fd62bd5] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[a3a062d3662538fe8870472ede2716ea] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[162d89ace8a367cf0e630a71dc2910f0] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[3310092cc1ca3bfb7692eb8bc83d3ec2] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[94afe94ca0eb5bdb74fddba0749155ab] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[5ee577beddaed26423e6ea8cc3428b75] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[71d25ed7adde77bf0ff9146209fc15eb] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[60e38da8b8d3d16555d1591d18edc63a] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[79ca9e9785068ea81bdda6cf9a6bf20e] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[21228ca97d0eba7c7af76b109e67be42] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[0c3721142566b77fc2479adc51b415eb] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[93b0a78ed4b7e15515f3afc77491d12f] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[94afb085b5d6ad89052187ef43c2fd03] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[2e1540f5503b83b31ade443126df06fa] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[4bf8d362b6d5d6601b56106bbe47bb45] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[9ea583b22a610b2b39d082f47095bd43] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[ad9674c1dcafa591cd3b7ff78e7715eb] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[d17295a0e1aa12244cdac4b2a2638f71] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[b192bb7a602bdb5b54a4571eb64ffe02] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[88bb3005692224127af70675fc094bb5] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[71d2cb6a870453e30801ff777d8859a7] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[df64dc59701bfe38dc2c10665ca95fa1] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[65de3ff6ed9ed066081efb7be61f02fe] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[85bebe773a5189adc53379fc75901ae6] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[2c17d164c1caf73ff27f5823c342d927] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[be85fb3a7a114de989807501798ce020] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[45fec4715338c2740bfda0d620e524dc] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[90b35fd68b009c9a35f19cda36cfeb15] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[11326ec78cffcd69cc2c6b0a7a8b47b9] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[da6921140b800333f57c5b200ff6827e] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) FRST Log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015 Ran by Administrator (administrator) on DT-V430-MKT (02-10-2015 16:31:18) Running from C:\Users\mlazarou\Documents\FRST Loaded Profiles: UpdatusUser & mlazarou & Administrator (Available Profiles: Underwriting One & UpdatusUser & eodonnell & trestivo & hmegaloudis & lenuta & gsophocleous & ppavlakos & llazarou & bdm & mlazarou & hqu & Administrator) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1444600 2015-09-01] (Trend Micro Inc.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.) HKLM\...\Run: [OE] => c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [492880 2010-08-10] (Trend Micro Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1066192 2015-07-14] (Carbonite, Inc.) HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google) HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe [1156296 2015-09-05] (Adobe Systems Incorporated) HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [Wallpaper] \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoComputersNearMe] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSharedDocuments] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ForceStartMenuLogOff] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSetTaskbar] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [LockTaskbar] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [DisablePersonalDirChange] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoControlPanel] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCloseDragDropBands] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuMyMusic] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoComputersNearMe] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [ConfirmFileDelete] 1 IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.212 Tcpip\..\Interfaces\{09709833-D190-4092-94B9-5590C41E7078}: [DhcpNameServer] 192.168.0.212 Internet Explorer: ================== HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php SearchScopes: HKLM -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {685A4263-15C6-4854-8C2E-6354B934AD7E} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.) BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation) BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension [2015-01-07] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6124240 2015-07-14] (Carbonite, Inc. (www.carbonite.com)) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed] R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [2655880 2015-09-01] (Trend Micro Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed] R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [72192 2015-09-01] (Trend Micro Inc.) R3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [367152 2015-03-23] () [File not signed] R3 TmCCSF; c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [593880 2015-06-13] (Trend Micro Inc.) R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [2793128 2015-09-01] (Trend Micro Inc.) R3 tmpfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497272 2013-09-26] (Trend Micro Inc.) R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [694832 2014-01-22] (Trend Micro Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2010-09-17] (LogMeIn, Inc.) R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [94152 2015-03-23] () [File not signed] R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [293496 2015-03-23] () [File not signed] R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64264 2015-03-23] () [File not signed] R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [281400 2014-08-30] (Trend Micro Inc.) R1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146232 2013-09-26] (Trend Micro Inc.) R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [38200 2014-08-30] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.) R2 tmWfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282936 2013-09-26] (Trend Micro Inc.) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1557912 2014-08-30] (Trend Micro Inc.) S4 LMIRfsClientNP; no ImagePath S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X] S3 rtlss; System32\Drivers\rtlss.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-02 16:30 - 2015-10-02 16:31 - 00000000 ____D C:\Users\mlazarou\Documents\FRST 2015-10-02 16:24 - 2015-10-02 16:31 - 00000000 ____D C:\FRST 2015-10-02 16:24 - 2015-10-02 16:26 - 00042088 _____ C:\Users\mlazarou\Documents\FRST.txt 2015-10-02 16:22 - 2015-10-02 16:22 - 01696256 _____ (Farbar) C:\Users\mlazarou\Documents\FRST.exe 2015-10-02 14:03 - 2015-10-02 14:04 - 00000000 ____D C:\WINPOINT_BAK18 2015-09-28 05:19 - 2015-09-28 05:19 - 00002104 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk 2015-09-28 05:19 - 2015-09-28 05:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite 2015-09-28 03:49 - 2015-09-28 12:57 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-28 03:48 - 2015-09-28 03:48 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-28 03:48 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-28 03:48 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-28 03:48 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-24 15:04 - 2015-09-24 15:04 - 00000000 _____ C:\Windows\system32\sho55D7.tmp 2015-09-16 09:35 - 2015-09-16 09:35 - 00000000 _____ C:\Windows\system32\sho9655.tmp 2015-09-16 09:32 - 2015-08-05 13:47 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-16 09:32 - 2015-08-05 13:47 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-16 09:32 - 2015-08-05 13:41 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-16 09:32 - 2015-08-05 13:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2015-09-16 09:32 - 2015-08-05 13:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-16 09:32 - 2015-08-05 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-16 09:32 - 2015-08-05 13:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-16 09:32 - 2015-08-05 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-16 09:32 - 2015-08-05 12:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2015-09-16 09:32 - 2015-08-05 12:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-16 09:32 - 2015-08-05 12:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-16 09:32 - 2015-08-05 12:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-16 09:30 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-09-08 19:58 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-08 19:58 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-08 19:58 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 19:58 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-08 19:58 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-08 19:58 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-08 19:58 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-08 19:58 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-08 19:58 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-08 19:58 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-08 19:58 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-08 19:57 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-08 19:57 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-08 19:57 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-08 19:57 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-08 19:57 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-08 19:57 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-08 19:57 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-08 19:57 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 19:57 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-08 19:57 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-08 19:57 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 19:57 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-08 19:57 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-08 19:57 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-08 19:57 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-08 19:57 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 19:57 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-08 19:57 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-08 19:57 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-08 19:57 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 19:57 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-08 19:57 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-08 19:57 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-08 19:57 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-08 19:57 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-08 19:57 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-08 19:57 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-08 19:57 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-08 19:57 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-08 19:57 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 19:57 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 19:57 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 19:57 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-08 19:57 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 19:57 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-08 19:57 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 19:57 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 19:57 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Security Agent 2015-09-05 23:16 - 2015-09-05 23:16 - 00000000 ____D C:\Program Files\Common Files\AV 2015-09-05 11:57 - 2015-09-30 09:29 - 00001480 _____ C:\Windows\setupact.log 2015-09-05 11:57 - 2015-09-05 11:57 - 00000000 _____ C:\Windows\setuperr.log 2015-09-05 11:26 - 2015-09-05 11:27 - 00000000 ____D C:\WINPOINT_BAK17 2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\AppData\Roaming\Sun 2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\.oracle_jre_usage 2015-09-05 10:54 - 2015-09-05 10:54 - 00000000 ____D C:\Program Files\Common Files\Java 2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun 2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage 2015-09-05 10:30 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-05 10:30 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-05 10:30 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-05 10:30 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-05 10:30 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-02 16:19 - 2010-12-07 16:18 - 00000152 _____ C:\Windows\system32\config\netlogon.ftl 2015-10-02 15:44 - 2013-04-11 16:05 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-02 15:44 - 2013-04-11 16:05 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-02 14:23 - 2012-08-07 12:16 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Deployment 2015-10-02 14:20 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\TEMP 2015-10-02 14:19 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Calyx Software 2015-10-02 14:19 - 2010-12-08 00:43 - 00001113 _____ C:\Windows\winpoint.ini 2015-10-02 14:10 - 2013-02-10 14:16 - 00000000 ____D C:\WINPOINT 2015-10-02 14:09 - 2011-07-14 00:13 - 00000000 ____D C:\PNTTEMPL 2015-10-02 14:02 - 2012-08-07 12:17 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Calyx Software 2015-10-02 14:00 - 2012-08-07 12:05 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Adobe 2015-10-02 14:00 - 2012-04-16 12:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-10-02 14:00 - 2011-05-25 00:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-10-02 13:59 - 2014-10-09 11:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2015-10-02 11:22 - 2009-07-14 00:55 - 01891031 _____ C:\Windows\WindowsUpdate.log 2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-02 09:00 - 2010-12-07 12:16 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2015-10-02 00:46 - 2010-12-07 14:46 - 00000000 ____D C:\ProgramData\LogMeIn 2015-09-30 09:36 - 2010-11-29 18:51 - 01538680 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-30 09:31 - 2014-01-26 14:16 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk 2015-09-30 09:31 - 2014-01-26 14:16 - 00000960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2015-09-30 09:30 - 2010-11-29 19:13 - 00803198 _____ C:\Windows\system32\TmInstall.log 2015-09-30 09:30 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-30 09:29 - 2010-11-29 20:45 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-28 12:08 - 2013-12-08 02:36 - 00000000 ____D C:\temp 2015-09-28 10:06 - 2010-11-29 20:44 - 00218370 _____ C:\Windows\PFRO.log 2015-09-21 09:38 - 2010-12-07 14:46 - 00000000 ____D C:\Program Files\LogMeIn 2015-09-21 09:37 - 2010-12-07 14:46 - 00103296 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2015-09-21 09:37 - 2010-12-07 14:46 - 00098152 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2015-09-21 09:37 - 2010-12-07 14:46 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2015-09-16 12:53 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache 2015-09-11 22:00 - 2010-12-07 12:16 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2015-09-09 03:37 - 2009-07-14 00:33 - 00408064 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-09 03:36 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-09 03:21 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-09-09 03:20 - 2011-07-01 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 03:13 - 2013-07-11 10:01 - 00000000 ____D C:\Windows\system32\MRT 2015-09-08 10:16 - 2012-08-07 14:46 - 00002084 _____ C:\Users\mlazarou\Desktop\Current Documents.lnk 2015-09-05 11:43 - 2012-12-04 19:00 - 00000000 ____D C:\Windows\Minidump 2015-09-05 11:16 - 2012-08-07 11:15 - 00000000 ____D C:\Users\mlazarou 2015-09-05 10:54 - 2014-10-19 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-05 10:54 - 2013-06-24 09:45 - 00000000 ____D C:\Program Files\Java 2015-09-05 10:53 - 2015-06-06 13:12 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-09-05 10:48 - 2010-12-07 16:20 - 00000000 ____D C:\Users\Administrator 2015-09-05 10:43 - 2013-03-17 15:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-09-05 10:40 - 2015-03-11 11:57 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieBrowserModeList 2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieUserList 2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieSiteList 2015-09-05 10:21 - 2010-12-07 16:20 - 00000000 ___RD C:\Users\Administrator\Virtual Machines 2015-09-05 10:21 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk ==================== Files in the root of some directories ======= 2015-10-02 14:04 - 2015-10-02 14:10 - 12307514 _____ () C:\ProgramData\log.txt 2010-12-08 00:46 - 2010-12-08 00:46 - 0000058 _____ () C:\ProgramData\mchguid.ini Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\lenuta\AppData\Local\Temp\samsetupnt.exe C:\Users\mlazarou\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Underwriting One\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-01 00:56 ==================== End of FRST.txt ============================ Additional Log Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015 Ran by Administrator (2015-10-02 16:31:50) Running from C:\Users\mlazarou\Documents\FRST Microsoft Windows 7 Professional Service Pack 1 (X86) (2010-12-07 16:13:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1377516699-4148573324-3159256218-500 - Administrator - Disabled) Guest (S-1-5-21-1377516699-4148573324-3159256218-501 - Limited - Disabled) Underwriting One (S-1-5-21-1377516699-4148573324-3159256218-1000 - Administrator - Enabled) => C:\Users\Underwriting One UpdatusUser (S-1-5-21-1377516699-4148573324-3159256218-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Security Agent (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0} AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall (Enabled) {49A8346C-6900-54B6-B1B3-5F678736DDE9} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation) Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software) Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software) Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.7 build 5155 (Jul-14-2015) - Carbonite) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.) Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) HP LaserJet Enterprise 500 color M551 (HKLM\...\{6D6058C2-16C9-4763-B1B5-6F1C3491069B}) (Version: 4.5.12146.539 - Hewlett-Packard) Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden LogMeIn (HKLM\...\{C9127212-C4B4-4BE3-9CA2-24ACB804D067}) (Version: 4.1.1568 - LogMeIn, Inc.) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Store Download Manager (HKLM\...\{2C019AC0-E2E1-4E63-8113-87F9D44EAF07}) (Version: 2.9.4919.1 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation) NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) Point 7.3 (HKLM\...\{13D3698D-70EA-46DD-A303-7B0346D75ADA}) (Version: 7.3.1265 - Calyx Software) Point 7.4 SP5 (HKLM\...\{8DDB7719-21CF-4449-BECE-3B2A1C416B6A}) (Version: 7.4.1325 - Calyx Software) Point 7.4 SP6 (HKLM\...\{F398D45A-300F-486B-BC4E-6E2066F6DA10}) (Version: 7.4.1343 - Calyx Software) Point 7.5 (HKLM\...\{04E1ED5D-B465-4F75-AB3A-9ECA26B4AAC5}) (Version: 7.5.1377 - Calyx Software) Point 7.5 SP1 (HKLM\...\{254140F9-F1BD-4656-A0C0-4AAAB8943849}) (Version: 7.5.1381 - Calyx Software) Point 7.6 (HKLM\...\{569FD3B2-505B-40D0-8B7A-1FC5774670D8}) (Version: 7.6.1417 - Calyx Software) Point 7.6 SP1 (HKLM\...\{8C117A55-A427-4978-8F18-AB328E347D17}) (Version: 7.6.1419 - Calyx Software) Point 8.0 SP1 (HKLM\...\{FF812D14-DC93-40F4-B966-28A6BDAE3048}) (Version: 8.0.1472 - Calyx Software) Point 8.0 SP2 (HKLM\...\{471B8A01-2F1D-4A2D-85E5-77339FA387AC}) (Version: 8.0.1481 - Calyx Software) Point 9.2 SP4 (HKLM\...\{5583AE3A-10AA-4CA5-877C-61F48FCAF732}) (Version: 9.2.1680 - Calyx Software) Point Old Verison Clean up Tool (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Point Old Verison Clean up Tool) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - ) Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.7.2565 - Trend Micro) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\webex\1225\atucfobj.dll (Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mlazarou\AppData\Local\Citrix\GoToMeeting\1132\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 13-09-2015 19:01:08 Windows Backup 16-09-2015 09:32:17 Windows Update 20-09-2015 19:01:04 Windows Backup 27-09-2015 19:00:56 Windows Backup 02-10-2015 14:04:43 Installed Point 9.2 SP4. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {19E7C814-9521-47C0-BF46-C7BAF269CBBE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.) Task: {375BBC32-0090-4DE2-B853-F165B1974C80} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.) Task: {507CE31B-4409-4E07-88DB-0169376D20C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {599FA52D-071F-475E-A8B0-3045D17DFF07} - System32\Tasks\{828257E7-AC3B-4715-A126-0E53F7D55D46} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPKRSIUK\JavaSetup6u31[1].exe" -d C:\Users\Administrator\Desktop Task: {91ED21F1-F356-4DEE-AEE6-14A9164523D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B677A73F-D01E-4222-937B-4C69D49C5EF3} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {BAA8AD14-D7C7-4A6A-9962-3F2E9B3ECCB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {FD8B30E5-2E72-45BE-9EE3-B38AF8AE7D07} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-17 08:51 - 2013-08-09 15:58 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2015-01-07 19:23 - 2011-08-31 13:55 - 00499712 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\sqlite3.dll 2015-09-30 09:30 - 2015-09-30 09:30 - 00098816 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32api.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00110080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pywintypes27.dll 2015-09-30 09:30 - 2015-09-30 09:30 - 00364544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pythoncom27.dll 2015-09-30 09:30 - 2015-09-30 09:30 - 00045568 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_socket.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 01161216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ssl.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00320512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32com.shell.shell.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00713216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_hashlib.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 01176576 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._core_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00806400 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._gdi_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00816128 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._windows_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 01067008 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._controls_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00733184 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._misc_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00682496 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pysqlite2._sqlite.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00087552 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ctypes.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00119808 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32file.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00108544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32security.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00007168 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\hashobjs_ext.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00068096 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\usb_ext.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00167936 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32gui.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00018432 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32event.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00128512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_elementtree.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00127488 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pyexpat.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00013824 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\common.time34.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00036864 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_psutil_windows.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00038912 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32inet.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00011264 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32crypt.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00077312 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._html2.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00027136 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_multiprocessing.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00020480 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_yappi.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00035840 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32process.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00686080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\unicodedata.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00123392 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._wizard.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00024064 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pipe.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00010240 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\select.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00025600 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pdh.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00525640 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\windows._lib_cacheinvalidation.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00017408 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32profile.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00022528 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32ts.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00078848 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._animate.pyd 2013-01-16 09:50 - 2013-01-16 09:50 - 00039424 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_date_time-vc110-mt-1_49.dll 2013-04-02 12:25 - 2013-04-02 12:25 - 00543744 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\sqlite3.dll 2013-01-16 09:55 - 2013-01-16 09:55 - 00049152 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_thread-vc110-mt-1_49.dll 2014-10-15 10:26 - 2014-10-15 10:26 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2010-11-29 19:02 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2010-12-07 13:17 - 2015-03-23 16:08 - 00367152 _____ () c:\Program Files\Trend Micro\BM\TMBMSRV.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:C41CE1F6 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Control Panel\Desktop\\Wallpaper -> \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg HKU\S-1-5-21-3119066785-3410617908-954626951-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{77B91471-1F7C-4246-9FB8-D0FB6BDB0500}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{FC192AEC-0EB2-4E00-B0DE-C3AC1095B982}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{74B6A4CF-FDC9-4626-AA6E-9FE83B17D16E}] => (Allow) svchost.exe FirewallRules: [{401C384E-097D-4C0A-AA23-221001797D12}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{E61D1666-C4DC-4BC8-B034-C197B959F4B0}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{EBD5AEDF-CC4E-4787-AECB-669073CBB479}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{778CAF80-CF0F-4F4A-B47C-9D6BFA5E2322}] => (Allow) LPort=1542 FirewallRules: [{CBD264C0-7ACF-4B7B-950C-962A969E645D}] => (Allow) LPort=1542 FirewallRules: [{94ACBE5E-B207-4FD3-9B2C-6C4A7709BE3E}] => (Allow) LPort=53 FirewallRules: [{A99A14F5-4101-467F-A9BA-94A13F834ADC}] => (Allow) LPort=67 FirewallRules: [{6AD0742E-B557-4A93-A603-17F0A9329631}] => (Allow) LPort=68 FirewallRules: [{A20E97E9-E35C-4541-B93C-1CE5547648BC}] => (Allow) LPort=53 FirewallRules: [{3330A293-3871-470E-AE39-EBC946E9F61E}] => (Allow) LPort=53 FirewallRules: [{CC9C3E84-B4AF-4D42-A664-1F190054E0FF}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\Rtldhcp.exe FirewallRules: [{EB77E6E4-7B71-4585-A06F-7BEB86E53CA0}] => (Allow) D:\Installer\hpbcsiInstaller.exe FirewallRules: [{0CB444C2-9068-47F4-BC8B-5A848C0F9D44}] => (Allow) D:\Installer\hpbcsiInstaller.exe FirewallRules: [{B994F989-1E95-4545-92A5-F6A257D01754}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [{559A401D-3CDE-46EA-82F1-6DAED01C4E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{4B8BD70A-E7F2-4947-B82C-759C91CB8F8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{8A78BEB8-87DD-4C88-844C-5E3F1DF357C5}] => (Allow) LPort=61117 FirewallRules: [{CF093BBC-4BC1-4AD7-BF2F-CF15D59F77D9}] => (Allow) LPort=61117 FirewallRules: [{10A6A654-5A5B-4F84-B3BB-DB217F29A3DE}] => (Allow) LPort=61116 FirewallRules: [{5341A4F4-31C8-460A-B273-04247CEC1A51}] => (Allow) LPort=21112 ==================== Faulty Device Manager Devices ============= Name: 802.11n WLAN Adapter Description: 802.11n WLAN Adapter Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/02/2015 03:51:02 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (10/02/2015 12:47:58 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (10/01/2015 12:54:39 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013, The media is write protected. . Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected. ] Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013, The media is write protected. . Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected. ] Error: (09/30/2015 01:26:08 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (09/29/2015 12:43:20 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (09/28/2015 11:01:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Winpoint.exe version 9.2.1650.804 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10a0 Start Time: 01d0f9fd9c00aaa8 Termination Time: 15 Application Path: C:\WINPOINT\Winpoint.exe Report Id: d985c204-65f1-11e5-a0fe-f04da2db75d8 System errors: ============= Error: (10/02/2015 02:01:04 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 01:49:31 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 01:37:17 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 01:02:11 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{09709833-D190-4092-94B9-5590C41E7078}. The backup browser is stopping. Error: (10/02/2015 12:18:22 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:55:02 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:35:12 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:28:24 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:22:24 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:10:54 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. ==================== Memory info =========================== Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz Percentage of memory in use: 43% Total physical RAM: 3063.11 MB Available physical RAM: 1735.92 MB Total Virtual: 6124.54 MB Available Virtual: 3335.5 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:236.7 GB) (Free:176.66 GB) NTFS Drive z: (BackUp) (Fixed) (Total:228.29 GB) (Free:40.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 259D4594) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=236.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=228.3 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================
  2. My first time posting here. Hope someone can tell me what this means. FRST Log Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015 Ran by Administrator (administrator) on DT-V430-MKT (02-10-2015 16:31:18) Running from C:\Users\mlazarou\Documents\FRST Loaded Profiles: UpdatusUser & mlazarou & Administrator (Available Profiles: Underwriting One & UpdatusUser & eodonnell & trestivo & hmegaloudis & lenuta & gsophocleous & ppavlakos & llazarou & bdm & mlazarou & hqu & Administrator) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe (Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1444600 2015-09-01] (Trend Micro Inc.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.) HKLM\...\Run: [OE] => c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [492880 2010-08-10] (Trend Micro Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation) HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1066192 2015-07-14] (Carbonite, Inc.) HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google) HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe [1156296 2015-09-05] (Adobe Systems Incorporated) HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [Wallpaper] \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [WallpaperStyle] 2 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoRecentDocsNetHood] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetConnectDisconnect] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoComputersNearMe] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSharedDocuments] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoManageMyComputerVerb] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ForceStartMenuLogOff] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSetTaskbar] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [LockTaskbar] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSMConfigurePrograms] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoPropertiesMyDocuments] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetHood] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [DisablePersonalDirChange] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoDesktopCleanupWizard] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoControlPanel] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCloseDragDropBands] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuMyMusic] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoComputersNearMe] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [ConfirmFileDelete] 1 IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.212 Tcpip\..\Interfaces\{09709833-D190-4092-94B9-5590C41E7078}: [DhcpNameServer] 192.168.0.212 Internet Explorer: ================== HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php SearchScopes: HKLM -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {685A4263-15C6-4854-8C2E-6354B934AD7E} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.) BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation) BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension [2015-01-07] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6124240 2015-07-14] (Carbonite, Inc. (www.carbonite.com)) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed] R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [2655880 2015-09-01] (Trend Micro Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed] R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [72192 2015-09-01] (Trend Micro Inc.) R3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [367152 2015-03-23] () [File not signed] R3 TmCCSF; c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [593880 2015-06-13] (Trend Micro Inc.) R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [2793128 2015-09-01] (Trend Micro Inc.) R3 tmpfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497272 2013-09-26] (Trend Micro Inc.) R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [694832 2014-01-22] (Trend Micro Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2010-09-17] (LogMeIn, Inc.) R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [94152 2015-03-23] () [File not signed] R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [293496 2015-03-23] () [File not signed] R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64264 2015-03-23] () [File not signed] R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [281400 2014-08-30] (Trend Micro Inc.) R1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146232 2013-09-26] (Trend Micro Inc.) R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [38200 2014-08-30] (Trend Micro Inc.) R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.) R2 tmWfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282936 2013-09-26] (Trend Micro Inc.) R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation) R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation) R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation) R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1557912 2014-08-30] (Trend Micro Inc.) S4 LMIRfsClientNP; no ImagePath S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X] S3 rtlss; System32\Drivers\rtlss.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-02 16:30 - 2015-10-02 16:31 - 00000000 ____D C:\Users\mlazarou\Documents\FRST 2015-10-02 16:24 - 2015-10-02 16:31 - 00000000 ____D C:\FRST 2015-10-02 16:24 - 2015-10-02 16:26 - 00042088 _____ C:\Users\mlazarou\Documents\FRST.txt 2015-10-02 16:22 - 2015-10-02 16:22 - 01696256 _____ (Farbar) C:\Users\mlazarou\Documents\FRST.exe 2015-10-02 14:03 - 2015-10-02 14:04 - 00000000 ____D C:\WINPOINT_BAK18 2015-09-28 05:19 - 2015-09-28 05:19 - 00002104 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk 2015-09-28 05:19 - 2015-09-28 05:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite 2015-09-28 03:49 - 2015-09-28 12:57 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-28 03:48 - 2015-09-28 03:48 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-09-28 03:48 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-28 03:48 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-28 03:48 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-24 15:04 - 2015-09-24 15:04 - 00000000 _____ C:\Windows\system32\sho55D7.tmp 2015-09-16 09:35 - 2015-09-16 09:35 - 00000000 _____ C:\Windows\system32\sho9655.tmp 2015-09-16 09:32 - 2015-08-05 13:47 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-09-16 09:32 - 2015-08-05 13:47 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-09-16 09:32 - 2015-08-05 13:41 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-09-16 09:32 - 2015-08-05 13:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-09-16 09:32 - 2015-08-05 13:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-09-16 09:32 - 2015-08-05 13:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll 2015-09-16 09:32 - 2015-08-05 13:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-09-16 09:32 - 2015-08-05 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-09-16 09:32 - 2015-08-05 13:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-09-16 09:32 - 2015-08-05 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-09-16 09:32 - 2015-08-05 12:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2015-09-16 09:32 - 2015-08-05 12:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-09-16 09:32 - 2015-08-05 12:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-09-16 09:32 - 2015-08-05 12:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-09-16 09:30 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll 2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll 2015-09-08 19:58 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-09-08 19:58 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-09-08 19:58 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2015-09-08 19:58 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-09-08 19:58 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-09-08 19:58 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-09-08 19:58 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-09-08 19:58 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-09-08 19:58 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-09-08 19:58 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-09-08 19:58 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-09-08 19:57 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-09-08 19:57 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-09-08 19:57 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-09-08 19:57 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-09-08 19:57 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-09-08 19:57 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-09-08 19:57 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-09-08 19:57 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-09-08 19:57 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-09-08 19:57 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-09-08 19:57 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-09-08 19:57 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-09-08 19:57 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-09-08 19:57 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-09-08 19:57 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-09-08 19:57 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-09-08 19:57 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-09-08 19:57 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-09-08 19:57 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-09-08 19:57 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-09-08 19:57 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-09-08 19:57 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-09-08 19:57 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-09-08 19:57 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-09-08 19:57 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-09-08 19:57 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-09-08 19:57 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-09-08 19:57 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-09-08 19:57 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-09-08 19:57 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-09-08 19:57 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-09-08 19:57 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-09-08 19:57 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-09-08 19:57 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-09-08 19:57 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-09-08 19:57 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-09-08 19:57 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-09-08 19:57 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Security Agent 2015-09-05 23:16 - 2015-09-05 23:16 - 00000000 ____D C:\Program Files\Common Files\AV 2015-09-05 11:57 - 2015-09-30 09:29 - 00001480 _____ C:\Windows\setupact.log 2015-09-05 11:57 - 2015-09-05 11:57 - 00000000 _____ C:\Windows\setuperr.log 2015-09-05 11:26 - 2015-09-05 11:27 - 00000000 ____D C:\WINPOINT_BAK17 2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\AppData\Roaming\Sun 2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\.oracle_jre_usage 2015-09-05 10:54 - 2015-09-05 10:54 - 00000000 ____D C:\Program Files\Common Files\Java 2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun 2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage 2015-09-05 10:30 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-09-05 10:30 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-09-05 10:30 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-09-05 10:30 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-09-05 10:30 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-09-05 10:30 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-02 16:19 - 2010-12-07 16:18 - 00000152 _____ C:\Windows\system32\config\netlogon.ftl 2015-10-02 15:44 - 2013-04-11 16:05 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-10-02 15:44 - 2013-04-11 16:05 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-10-02 14:23 - 2012-08-07 12:16 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Deployment 2015-10-02 14:20 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\TEMP 2015-10-02 14:19 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Calyx Software 2015-10-02 14:19 - 2010-12-08 00:43 - 00001113 _____ C:\Windows\winpoint.ini 2015-10-02 14:10 - 2013-02-10 14:16 - 00000000 ____D C:\WINPOINT 2015-10-02 14:09 - 2011-07-14 00:13 - 00000000 ____D C:\PNTTEMPL 2015-10-02 14:02 - 2012-08-07 12:17 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Calyx Software 2015-10-02 14:00 - 2012-08-07 12:05 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Adobe 2015-10-02 14:00 - 2012-04-16 12:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-10-02 14:00 - 2011-05-25 00:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-10-02 13:59 - 2014-10-09 11:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2015-10-02 11:22 - 2009-07-14 00:55 - 01891031 _____ C:\Windows\WindowsUpdate.log 2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-02 09:00 - 2010-12-07 12:16 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job 2015-10-02 00:46 - 2010-12-07 14:46 - 00000000 ____D C:\ProgramData\LogMeIn 2015-09-30 09:36 - 2010-11-29 18:51 - 01538680 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-30 09:31 - 2014-01-26 14:16 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk 2015-09-30 09:31 - 2014-01-26 14:16 - 00000960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2015-09-30 09:30 - 2010-11-29 19:13 - 00803198 _____ C:\Windows\system32\TmInstall.log 2015-09-30 09:30 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-30 09:29 - 2010-11-29 20:45 - 00000000 ____D C:\ProgramData\NVIDIA 2015-09-28 12:08 - 2013-12-08 02:36 - 00000000 ____D C:\temp 2015-09-28 10:06 - 2010-11-29 20:44 - 00218370 _____ C:\Windows\PFRO.log 2015-09-21 09:38 - 2010-12-07 14:46 - 00000000 ____D C:\Program Files\LogMeIn 2015-09-21 09:37 - 2010-12-07 14:46 - 00103296 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2015-09-21 09:37 - 2010-12-07 14:46 - 00098152 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2015-09-21 09:37 - 2010-12-07 14:46 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll 2015-09-16 12:53 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache 2015-09-11 22:00 - 2010-12-07 12:16 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2015-09-09 03:37 - 2009-07-14 00:33 - 00408064 _____ C:\Windows\system32\FNTCACHE.DAT 2015-09-09 03:36 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal 2015-09-09 03:21 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-09-09 03:20 - 2011-07-01 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-09-09 03:13 - 2013-07-11 10:01 - 00000000 ____D C:\Windows\system32\MRT 2015-09-08 10:16 - 2012-08-07 14:46 - 00002084 _____ C:\Users\mlazarou\Desktop\Current Documents.lnk 2015-09-05 11:43 - 2012-12-04 19:00 - 00000000 ____D C:\Windows\Minidump 2015-09-05 11:16 - 2012-08-07 11:15 - 00000000 ____D C:\Users\mlazarou 2015-09-05 10:54 - 2014-10-19 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-09-05 10:54 - 2013-06-24 09:45 - 00000000 ____D C:\Program Files\Java 2015-09-05 10:53 - 2015-06-06 13:12 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-09-05 10:48 - 2010-12-07 16:20 - 00000000 ____D C:\Users\Administrator 2015-09-05 10:43 - 2013-03-17 15:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-09-05 10:40 - 2015-03-11 11:57 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieBrowserModeList 2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieUserList 2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieSiteList 2015-09-05 10:21 - 2010-12-07 16:20 - 00000000 ___RD C:\Users\Administrator\Virtual Machines 2015-09-05 10:21 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk ==================== Files in the root of some directories ======= 2015-10-02 14:04 - 2015-10-02 14:10 - 12307514 _____ () C:\ProgramData\log.txt 2010-12-08 00:46 - 2010-12-08 00:46 - 0000058 _____ () C:\ProgramData\mchguid.ini Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\Temp\jre-8u60-windows-au.exe C:\Users\lenuta\AppData\Local\Temp\samsetupnt.exe C:\Users\mlazarou\AppData\Local\Temp\G2MInstallerExtractor.exe C:\Users\Underwriting One\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-01 00:56 ==================== End of FRST.txt ============================ Additional Log Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015 Ran by Administrator (2015-10-02 16:31:50) Running from C:\Users\mlazarou\Documents\FRST Microsoft Windows 7 Professional Service Pack 1 (X86) (2010-12-07 16:13:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1377516699-4148573324-3159256218-500 - Administrator - Disabled) Guest (S-1-5-21-1377516699-4148573324-3159256218-501 - Limited - Disabled) Underwriting One (S-1-5-21-1377516699-4148573324-3159256218-1000 - Administrator - Enabled) => C:\Users\Underwriting One UpdatusUser (S-1-5-21-1377516699-4148573324-3159256218-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Security Agent (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0} AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Trend Micro Personal Firewall (Enabled) {49A8346C-6900-54B6-B1B3-5F678736DDE9} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation) Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software) Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software) Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.7 build 5155 (Jul-14-2015) - Carbonite) Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.) Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline) HP LaserJet Enterprise 500 color M551 (HKLM\...\{6D6058C2-16C9-4763-B1B5-6F1C3491069B}) (Version: 4.5.12146.539 - Hewlett-Packard) Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden LogMeIn (HKLM\...\{C9127212-C4B4-4BE3-9CA2-24ACB804D067}) (Version: 4.1.1568 - LogMeIn, Inc.) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Store Download Manager (HKLM\...\{2C019AC0-E2E1-4E63-8113-87F9D44EAF07}) (Version: 2.9.4919.1 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation) NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation) Point 7.3 (HKLM\...\{13D3698D-70EA-46DD-A303-7B0346D75ADA}) (Version: 7.3.1265 - Calyx Software) Point 7.4 SP5 (HKLM\...\{8DDB7719-21CF-4449-BECE-3B2A1C416B6A}) (Version: 7.4.1325 - Calyx Software) Point 7.4 SP6 (HKLM\...\{F398D45A-300F-486B-BC4E-6E2066F6DA10}) (Version: 7.4.1343 - Calyx Software) Point 7.5 (HKLM\...\{04E1ED5D-B465-4F75-AB3A-9ECA26B4AAC5}) (Version: 7.5.1377 - Calyx Software) Point 7.5 SP1 (HKLM\...\{254140F9-F1BD-4656-A0C0-4AAAB8943849}) (Version: 7.5.1381 - Calyx Software) Point 7.6 (HKLM\...\{569FD3B2-505B-40D0-8B7A-1FC5774670D8}) (Version: 7.6.1417 - Calyx Software) Point 7.6 SP1 (HKLM\...\{8C117A55-A427-4978-8F18-AB328E347D17}) (Version: 7.6.1419 - Calyx Software) Point 8.0 SP1 (HKLM\...\{FF812D14-DC93-40F4-B966-28A6BDAE3048}) (Version: 8.0.1472 - Calyx Software) Point 8.0 SP2 (HKLM\...\{471B8A01-2F1D-4A2D-85E5-77339FA387AC}) (Version: 8.0.1481 - Calyx Software) Point 9.2 SP4 (HKLM\...\{5583AE3A-10AA-4CA5-877C-61F48FCAF732}) (Version: 9.2.1680 - Calyx Software) Point Old Verison Clean up Tool (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Point Old Verison Clean up Tool) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - ) Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.7.2565 - Trend Micro) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\webex\1225\atucfobj.dll (Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mlazarou\AppData\Local\Citrix\GoToMeeting\1132\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 13-09-2015 19:01:08 Windows Backup 16-09-2015 09:32:17 Windows Update 20-09-2015 19:01:04 Windows Backup 27-09-2015 19:00:56 Windows Backup 02-10-2015 14:04:43 Installed Point 9.2 SP4. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {19E7C814-9521-47C0-BF46-C7BAF269CBBE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.) Task: {375BBC32-0090-4DE2-B853-F165B1974C80} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.) Task: {507CE31B-4409-4E07-88DB-0169376D20C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {599FA52D-071F-475E-A8B0-3045D17DFF07} - System32\Tasks\{828257E7-AC3B-4715-A126-0E53F7D55D46} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPKRSIUK\JavaSetup6u31[1].exe" -d C:\Users\Administrator\Desktop Task: {91ED21F1-F356-4DEE-AEE6-14A9164523D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {B677A73F-D01E-4222-937B-4C69D49C5EF3} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {BAA8AD14-D7C7-4A6A-9962-3F2E9B3ECCB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {FD8B30E5-2E72-45BE-9EE3-B38AF8AE7D07} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe ==================== Loaded Modules (Whitelisted) ============== 2013-09-17 08:51 - 2013-08-09 15:58 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll 2015-01-07 19:23 - 2011-08-31 13:55 - 00499712 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\sqlite3.dll 2015-09-30 09:30 - 2015-09-30 09:30 - 00098816 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32api.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00110080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pywintypes27.dll 2015-09-30 09:30 - 2015-09-30 09:30 - 00364544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pythoncom27.dll 2015-09-30 09:30 - 2015-09-30 09:30 - 00045568 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_socket.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 01161216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ssl.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00320512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32com.shell.shell.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00713216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_hashlib.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 01176576 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._core_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00806400 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._gdi_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00816128 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._windows_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 01067008 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._controls_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00733184 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._misc_.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00682496 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pysqlite2._sqlite.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00087552 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ctypes.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00119808 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32file.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00108544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32security.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00007168 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\hashobjs_ext.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00068096 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\usb_ext.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00167936 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32gui.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00018432 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32event.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00128512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_elementtree.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00127488 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pyexpat.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00013824 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\common.time34.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00036864 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_psutil_windows.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00038912 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32inet.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00011264 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32crypt.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00077312 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._html2.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00027136 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_multiprocessing.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00020480 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_yappi.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00035840 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32process.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00686080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\unicodedata.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00123392 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._wizard.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00024064 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pipe.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00010240 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\select.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00025600 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pdh.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00525640 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\windows._lib_cacheinvalidation.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00017408 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32profile.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00022528 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32ts.pyd 2015-09-30 09:30 - 2015-09-30 09:30 - 00078848 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._animate.pyd 2013-01-16 09:50 - 2013-01-16 09:50 - 00039424 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_date_time-vc110-mt-1_49.dll 2013-04-02 12:25 - 2013-04-02 12:25 - 00543744 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\sqlite3.dll 2013-01-16 09:55 - 2013-01-16 09:55 - 00049152 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_thread-vc110-mt-1_49.dll 2014-10-15 10:26 - 2014-10-15 10:26 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll 2010-11-29 19:02 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2010-12-07 13:17 - 2015-03-23 16:08 - 00367152 _____ () c:\Program Files\Trend Micro\BM\TMBMSRV.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:C41CE1F6 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Control Panel\Desktop\\Wallpaper -> \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg HKU\S-1-5-21-3119066785-3410617908-954626951-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.212 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{77B91471-1F7C-4246-9FB8-D0FB6BDB0500}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{FC192AEC-0EB2-4E00-B0DE-C3AC1095B982}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{74B6A4CF-FDC9-4626-AA6E-9FE83B17D16E}] => (Allow) svchost.exe FirewallRules: [{401C384E-097D-4C0A-AA23-221001797D12}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{E61D1666-C4DC-4BC8-B034-C197B959F4B0}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{EBD5AEDF-CC4E-4787-AECB-669073CBB479}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{778CAF80-CF0F-4F4A-B47C-9D6BFA5E2322}] => (Allow) LPort=1542 FirewallRules: [{CBD264C0-7ACF-4B7B-950C-962A969E645D}] => (Allow) LPort=1542 FirewallRules: [{94ACBE5E-B207-4FD3-9B2C-6C4A7709BE3E}] => (Allow) LPort=53 FirewallRules: [{A99A14F5-4101-467F-A9BA-94A13F834ADC}] => (Allow) LPort=67 FirewallRules: [{6AD0742E-B557-4A93-A603-17F0A9329631}] => (Allow) LPort=68 FirewallRules: [{A20E97E9-E35C-4541-B93C-1CE5547648BC}] => (Allow) LPort=53 FirewallRules: [{3330A293-3871-470E-AE39-EBC946E9F61E}] => (Allow) LPort=53 FirewallRules: [{CC9C3E84-B4AF-4D42-A664-1F190054E0FF}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\Rtldhcp.exe FirewallRules: [{EB77E6E4-7B71-4585-A06F-7BEB86E53CA0}] => (Allow) D:\Installer\hpbcsiInstaller.exe FirewallRules: [{0CB444C2-9068-47F4-BC8B-5A848C0F9D44}] => (Allow) D:\Installer\hpbcsiInstaller.exe FirewallRules: [{B994F989-1E95-4545-92A5-F6A257D01754}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [{559A401D-3CDE-46EA-82F1-6DAED01C4E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{4B8BD70A-E7F2-4947-B82C-759C91CB8F8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{8A78BEB8-87DD-4C88-844C-5E3F1DF357C5}] => (Allow) LPort=61117 FirewallRules: [{CF093BBC-4BC1-4AD7-BF2F-CF15D59F77D9}] => (Allow) LPort=61117 FirewallRules: [{10A6A654-5A5B-4F84-B3BB-DB217F29A3DE}] => (Allow) LPort=61116 FirewallRules: [{5341A4F4-31C8-460A-B273-04247CEC1A51}] => (Allow) LPort=21112 ==================== Faulty Device Manager Devices ============= Name: 802.11n WLAN Adapter Description: 802.11n WLAN Adapter Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/02/2015 03:51:02 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (10/02/2015 12:47:58 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (10/01/2015 12:54:39 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013, The media is write protected. . Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected. ] Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070013, The media is write protected. . Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected. ] Error: (09/30/2015 01:26:08 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (09/29/2015 12:43:20 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (09/28/2015 11:01:58 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Winpoint.exe version 9.2.1650.804 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 10a0 Start Time: 01d0f9fd9c00aaa8 Termination Time: 15 Application Path: C:\WINPOINT\Winpoint.exe Report Id: d985c204-65f1-11e5-a0fe-f04da2db75d8 System errors: ============= Error: (10/02/2015 02:01:04 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 01:49:31 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 01:37:17 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 01:02:11 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{09709833-D190-4092-94B9-5590C41E7078}. The backup browser is stopping. Error: (10/02/2015 12:18:22 PM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:55:02 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:35:12 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:28:24 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:22:24 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. Error: (10/02/2015 11:10:54 AM) (Source: Ntfs) (EventID: 55) (User: ) Description: The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS. ==================== Memory info =========================== Processor: Intel® Core i3 CPU 540 @ 3.07GHz Percentage of memory in use: 43% Total physical RAM: 3063.11 MB Available physical RAM: 1735.92 MB Total Virtual: 6124.54 MB Available Virtual: 3335.5 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:236.7 GB) (Free:176.66 GB) NTFS Drive z: (BackUp) (Fixed) (Total:228.29 GB) (Free:40.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 259D4594) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=236.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=228.3 GB) - (Type=OF Extended) ==================== End of Addition.txt ============================
  3. Good afternoon, First time posting here on the forums and I am looking for some help reading my log files. I apologize if this isn't the right area to submit this log, but I am having a hard time finding where. If you can please assist in reading this log and/or point me in the right subforum, it is greatly appreciative. Much appreciated and thanks in advance. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/28/2015 Scan Time: 9:07 AM Logfile: NicholasMBAMlog.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.28.03 Rootkit Database: v2015.09.22.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x86 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 838490 Time Elapsed: 51 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 10 Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [9fa47fb62f5cff37398da71abe4530d0] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [60e3e1547d0e270f735328999172718f] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [bc876cc934575adc9432e8d9cd36ac54] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [9ca773c2e6a5c373bb0ba61b966d9a66] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [7ec5999c28633afcb1157150e41f9e62] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [73d041f4404b152141850ab7847ffc04] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [380b22139deed3639f2720a142c1c13f] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [90b30431107b49edf1d52a97729158a8] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [62e167ced0bb94a2279fffc2e91a738d] Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [5de62d08127966d0893d2d94e91a04fc] Registry Data: 44 PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[59eaac894843ce68a8601165986db44c] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[f74c260f0982df578be636452bda4cb4] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[2d1675c0fa91b58135d493e313f2cb35] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[192abb7a35568caa8a7e8aec37ce4eb2] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[f1525fd6b7d4c86eff27bbbbbf4634cc] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[d0732d08e3a80432d523ed8820e58f71] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[88bb0e27305b9b9be09191eaaa5bf60a] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[d66dae87395238fe19f0e78f5da8d927] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[6fd472c36d1e68ce4ebadb9bea1b33cd] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[3c07db5a0685ea4c32f46d09ad589f61] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[7ac944f14c3ff442a157d4a1669f17e9] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[7ac90c29a8e3b185551cd4a7798c24dc] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[3d0657deec9fa88e9b6ed79fff06c739] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[63e05cd9d6b5c76fec1ce09661a4966a] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[073ce74e018a38fe47dfcfa72fd62bd5] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[a3a062d3662538fe8870472ede2716ea] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[162d89ace8a367cf0e630a71dc2910f0] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[3310092cc1ca3bfb7692eb8bc83d3ec2] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[94afe94ca0eb5bdb74fddba0749155ab] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[5ee577beddaed26423e6ea8cc3428b75] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[71d25ed7adde77bf0ff9146209fc15eb] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[60e38da8b8d3d16555d1591d18edc63a] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[79ca9e9785068ea81bdda6cf9a6bf20e] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[21228ca97d0eba7c7af76b109e67be42] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[0c3721142566b77fc2479adc51b415eb] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[93b0a78ed4b7e15515f3afc77491d12f] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[94afb085b5d6ad89052187ef43c2fd03] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[2e1540f5503b83b31ade443126df06fa] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[4bf8d362b6d5d6601b56106bbe47bb45] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[9ea583b22a610b2b39d082f47095bd43] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[ad9674c1dcafa591cd3b7ff78e7715eb] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[d17295a0e1aa12244cdac4b2a2638f71] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[b192bb7a602bdb5b54a4571eb64ffe02] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[88bb3005692224127af70675fc094bb5] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[71d2cb6a870453e30801ff777d8859a7] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[df64dc59701bfe38dc2c10665ca95fa1] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[65de3ff6ed9ed066081efb7be61f02fe] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[85bebe773a5189adc53379fc75901ae6] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[2c17d164c1caf73ff27f5823c342d927] PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[be85fb3a7a114de989807501798ce020] PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[45fec4715338c2740bfda0d620e524dc] PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[90b35fd68b009c9a35f19cda36cfeb15] PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[11326ec78cffcd69cc2c6b0a7a8b47b9] PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[da6921140b800333f57c5b200ff6827e] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.