Possibly Infected Computers

[Tziazoui]

My first time posting here. Hope someone can tell me what this means.

 

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015
Ran by Administrator (administrator) on DT-V430-MKT (02-10-2015 16:31:18)
Running from C:\Users\mlazarou\Documents\FRST
Loaded Profiles: UpdatusUser & mlazarou & Administrator (Available Profiles: Underwriting One & UpdatusUser & eodonnell & trestivo & hmegaloudis & lenuta & gsophocleous & ppavlakos & llazarou & bdm & mlazarou & hqu & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1444600 2015-09-01] (Trend Micro Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [OE] => c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [492880 2010-08-10] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1066192 2015-07-14] (Carbonite, Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe [1156296 2015-09-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [Wallpaper] \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSetTaskbar] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [LockTaskbar] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoControlPanel] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCloseDragDropBands] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [ConfirmFileDelete] 1
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.212
Tcpip\..\Interfaces\{09709833-D190-4092-94B9-5590C41E7078}: [DhcpNameServer] 192.168.0.212

Internet Explorer:
==================
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php
HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php
HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php
SearchScopes: HKLM -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {685A4263-15C6-4854-8C2E-6354B934AD7E} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension [2015-01-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6124240 2015-07-14] (Carbonite, Inc. (www.carbonite.com))
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [2655880 2015-09-01] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [72192 2015-09-01] (Trend Micro Inc.)
R3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [367152 2015-03-23] () [File not signed]
R3 TmCCSF; c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [593880 2015-06-13] (Trend Micro Inc.)
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [2793128 2015-09-01] (Trend Micro Inc.)
R3 tmpfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497272 2013-09-26] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [694832 2014-01-22] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2010-09-17] (LogMeIn, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [94152 2015-03-23] () [File not signed]
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [293496 2015-03-23] () [File not signed]
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64264 2015-03-23] () [File not signed]
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [281400 2014-08-30] (Trend Micro Inc.)
R1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146232 2013-09-26] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [38200 2014-08-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 tmWfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282936 2013-09-26] (Trend Micro Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1557912 2014-08-30] (Trend Micro Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]
S3 rtlss; System32\Drivers\rtlss.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 16:30 - 2015-10-02 16:31 - 00000000 ____D C:\Users\mlazarou\Documents\FRST
2015-10-02 16:24 - 2015-10-02 16:31 - 00000000 ____D C:\FRST
2015-10-02 16:24 - 2015-10-02 16:26 - 00042088 _____ C:\Users\mlazarou\Documents\FRST.txt
2015-10-02 16:22 - 2015-10-02 16:22 - 01696256 _____ (Farbar) C:\Users\mlazarou\Documents\FRST.exe
2015-10-02 14:03 - 2015-10-02 14:04 - 00000000 ____D C:\WINPOINT_BAK18
2015-09-28 05:19 - 2015-09-28 05:19 - 00002104 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-09-28 05:19 - 2015-09-28 05:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-09-28 03:49 - 2015-09-28 12:57 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-28 03:48 - 2015-09-28 03:48 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-28 03:48 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-28 03:48 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-28 03:48 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-24 15:04 - 2015-09-24 15:04 - 00000000 _____ C:\Windows\system32\sho55D7.tmp
2015-09-16 09:35 - 2015-09-16 09:35 - 00000000 _____ C:\Windows\system32\sho9655.tmp
2015-09-16 09:32 - 2015-08-05 13:47 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-16 09:32 - 2015-08-05 13:47 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-16 09:32 - 2015-08-05 13:41 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-16 09:32 - 2015-08-05 13:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-09-16 09:32 - 2015-08-05 13:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-16 09:32 - 2015-08-05 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-16 09:32 - 2015-08-05 13:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-16 09:32 - 2015-08-05 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-16 09:32 - 2015-08-05 12:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-09-16 09:32 - 2015-08-05 12:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-16 09:32 - 2015-08-05 12:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-16 09:32 - 2015-08-05 12:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-16 09:30 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-08 19:58 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 19:58 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 19:58 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 19:58 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 19:58 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 19:58 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 19:58 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 19:58 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 19:58 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 19:58 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 19:58 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 19:57 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 19:57 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 19:57 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 19:57 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 19:57 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 19:57 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 19:57 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 19:57 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 19:57 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 19:57 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 19:57 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 19:57 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 19:57 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 19:57 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 19:57 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 19:57 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 19:57 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 19:57 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 19:57 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 19:57 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 19:57 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 19:57 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 19:57 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 19:57 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 19:57 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 19:57 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 19:57 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 19:57 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 19:57 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 19:57 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 19:57 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 19:57 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 19:57 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 19:57 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 19:57 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 19:57 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 19:57 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 19:57 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Security Agent
2015-09-05 23:16 - 2015-09-05 23:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-05 11:57 - 2015-09-30 09:29 - 00001480 _____ C:\Windows\setupact.log
2015-09-05 11:57 - 2015-09-05 11:57 - 00000000 _____ C:\Windows\setuperr.log
2015-09-05 11:26 - 2015-09-05 11:27 - 00000000 ____D C:\WINPOINT_BAK17
2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\AppData\Roaming\Sun
2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\.oracle_jre_usage
2015-09-05 10:54 - 2015-09-05 10:54 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
2015-09-05 10:30 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-05 10:30 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-05 10:30 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-05 10:30 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-05 10:30 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 16:19 - 2010-12-07 16:18 - 00000152 _____ C:\Windows\system32\config\netlogon.ftl
2015-10-02 15:44 - 2013-04-11 16:05 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-02 15:44 - 2013-04-11 16:05 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 14:23 - 2012-08-07 12:16 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Deployment
2015-10-02 14:20 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\TEMP
2015-10-02 14:19 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Calyx Software
2015-10-02 14:19 - 2010-12-08 00:43 - 00001113 _____ C:\Windows\winpoint.ini
2015-10-02 14:10 - 2013-02-10 14:16 - 00000000 ____D C:\WINPOINT
2015-10-02 14:09 - 2011-07-14 00:13 - 00000000 ____D C:\PNTTEMPL
2015-10-02 14:02 - 2012-08-07 12:17 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Calyx Software
2015-10-02 14:00 - 2012-08-07 12:05 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Adobe
2015-10-02 14:00 - 2012-04-16 12:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-02 14:00 - 2011-05-25 00:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-02 13:59 - 2014-10-09 11:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-10-02 11:22 - 2009-07-14 00:55 - 01891031 _____ C:\Windows\WindowsUpdate.log
2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 09:00 - 2010-12-07 12:16 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-10-02 00:46 - 2010-12-07 14:46 - 00000000 ____D C:\ProgramData\LogMeIn
2015-09-30 09:36 - 2010-11-29 18:51 - 01538680 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-30 09:31 - 2014-01-26 14:16 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-09-30 09:31 - 2014-01-26 14:16 - 00000960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-09-30 09:30 - 2010-11-29 19:13 - 00803198 _____ C:\Windows\system32\TmInstall.log
2015-09-30 09:30 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 09:29 - 2010-11-29 20:45 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-28 12:08 - 2013-12-08 02:36 - 00000000 ____D C:\temp
2015-09-28 10:06 - 2010-11-29 20:44 - 00218370 _____ C:\Windows\PFRO.log
2015-09-21 09:38 - 2010-12-07 14:46 - 00000000 ____D C:\Program Files\LogMeIn
2015-09-21 09:37 - 2010-12-07 14:46 - 00103296 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-09-21 09:37 - 2010-12-07 14:46 - 00098152 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-09-21 09:37 - 2010-12-07 14:46 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-09-16 12:53 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-09-11 22:00 - 2010-12-07 12:16 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-09-09 03:37 - 2009-07-14 00:33 - 00408064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 03:36 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 03:21 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 03:20 - 2011-07-01 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:13 - 2013-07-11 10:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 10:16 - 2012-08-07 14:46 - 00002084 _____ C:\Users\mlazarou\Desktop\Current Documents.lnk
2015-09-05 11:43 - 2012-12-04 19:00 - 00000000 ____D C:\Windows\Minidump
2015-09-05 11:16 - 2012-08-07 11:15 - 00000000 ____D C:\Users\mlazarou
2015-09-05 10:54 - 2014-10-19 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-05 10:54 - 2013-06-24 09:45 - 00000000 ____D C:\Program Files\Java
2015-09-05 10:53 - 2015-06-06 13:12 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-05 10:48 - 2010-12-07 16:20 - 00000000 ____D C:\Users\Administrator
2015-09-05 10:43 - 2013-03-17 15:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-05 10:40 - 2015-03-11 11:57 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieUserList
2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieSiteList
2015-09-05 10:21 - 2010-12-07 16:20 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2015-09-05 10:21 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

==================== Files in the root of some directories =======

2015-10-02 14:04 - 2015-10-02 14:10 - 12307514 _____ () C:\ProgramData\log.txt
2010-12-08 00:46 - 2010-12-08 00:46 - 0000058 _____ () C:\ProgramData\mchguid.ini

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\lenuta\AppData\Local\Temp\samsetupnt.exe
C:\Users\mlazarou\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Underwriting One\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-01 00:56

==================== End of FRST.txt ============================

 

Additional Log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Administrator (2015-10-02 16:31:50)
Running from C:\Users\mlazarou\Documents\FRST
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-12-07 16:13:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1377516699-4148573324-3159256218-500 - Administrator - Disabled)
Guest (S-1-5-21-1377516699-4148573324-3159256218-501 - Limited - Disabled)
Underwriting One (S-1-5-21-1377516699-4148573324-3159256218-1000 - Administrator - Enabled) => C:\Users\Underwriting One
UpdatusUser (S-1-5-21-1377516699-4148573324-3159256218-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Security Agent (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Enabled) {49A8346C-6900-54B6-B1B3-5F678736DDE9}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software)
Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software)
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.7 build 5155 (Jul-14-2015) - Carbonite)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)
HP LaserJet Enterprise 500 color M551 (HKLM\...\{6D6058C2-16C9-4763-B1B5-6F1C3491069B}) (Version: 4.5.12146.539 - Hewlett-Packard)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LogMeIn (HKLM\...\{C9127212-C4B4-4BE3-9CA2-24ACB804D067}) (Version: 4.1.1568 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM\...\{2C019AC0-E2E1-4E63-8113-87F9D44EAF07}) (Version: 2.9.4919.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Point 7.3 (HKLM\...\{13D3698D-70EA-46DD-A303-7B0346D75ADA}) (Version: 7.3.1265 - Calyx Software)
Point 7.4 SP5 (HKLM\...\{8DDB7719-21CF-4449-BECE-3B2A1C416B6A}) (Version: 7.4.1325 - Calyx Software)
Point 7.4 SP6 (HKLM\...\{F398D45A-300F-486B-BC4E-6E2066F6DA10}) (Version: 7.4.1343 - Calyx Software)
Point 7.5 (HKLM\...\{04E1ED5D-B465-4F75-AB3A-9ECA26B4AAC5}) (Version: 7.5.1377 - Calyx Software)
Point 7.5 SP1 (HKLM\...\{254140F9-F1BD-4656-A0C0-4AAAB8943849}) (Version: 7.5.1381 - Calyx Software)
Point 7.6 (HKLM\...\{569FD3B2-505B-40D0-8B7A-1FC5774670D8}) (Version: 7.6.1417 - Calyx Software)
Point 7.6 SP1 (HKLM\...\{8C117A55-A427-4978-8F18-AB328E347D17}) (Version: 7.6.1419 - Calyx Software)
Point 8.0 SP1 (HKLM\...\{FF812D14-DC93-40F4-B966-28A6BDAE3048}) (Version: 8.0.1472 - Calyx Software)
Point 8.0 SP2 (HKLM\...\{471B8A01-2F1D-4A2D-85E5-77339FA387AC}) (Version: 8.0.1481 - Calyx Software)
Point 9.2 SP4 (HKLM\...\{5583AE3A-10AA-4CA5-877C-61F48FCAF732}) (Version: 9.2.1680 - Calyx Software)
Point Old Verison Clean up Tool (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Point Old Verison Clean up Tool) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - )
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.7.2565 - Trend Micro)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\webex\1225\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mlazarou\AppData\Local\Citrix\GoToMeeting\1132\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

13-09-2015 19:01:08 Windows Backup
16-09-2015 09:32:17 Windows Update
20-09-2015 19:01:04 Windows Backup
27-09-2015 19:00:56 Windows Backup
02-10-2015 14:04:43 Installed Point 9.2 SP4.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19E7C814-9521-47C0-BF46-C7BAF269CBBE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {375BBC32-0090-4DE2-B853-F165B1974C80} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {507CE31B-4409-4E07-88DB-0169376D20C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {599FA52D-071F-475E-A8B0-3045D17DFF07} - System32\Tasks\{828257E7-AC3B-4715-A126-0E53F7D55D46} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPKRSIUK\JavaSetup6u31[1].exe" -d C:\Users\Administrator\Desktop
Task: {91ED21F1-F356-4DEE-AEE6-14A9164523D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B677A73F-D01E-4222-937B-4C69D49C5EF3} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {BAA8AD14-D7C7-4A6A-9962-3F2E9B3ECCB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD8B30E5-2E72-45BE-9EE3-B38AF8AE7D07} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-17 08:51 - 2013-08-09 15:58 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-07 19:23 - 2011-08-31 13:55 - 00499712 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\sqlite3.dll
2015-09-30 09:30 - 2015-09-30 09:30 - 00098816 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32api.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00110080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pywintypes27.dll
2015-09-30 09:30 - 2015-09-30 09:30 - 00364544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pythoncom27.dll
2015-09-30 09:30 - 2015-09-30 09:30 - 00045568 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_socket.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 01161216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ssl.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00320512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32com.shell.shell.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00713216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_hashlib.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 01176576 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._core_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00806400 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._gdi_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00816128 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._windows_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 01067008 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._controls_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00733184 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._misc_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00682496 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pysqlite2._sqlite.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00087552 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ctypes.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00119808 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32file.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00108544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32security.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00007168 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\hashobjs_ext.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00068096 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\usb_ext.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00167936 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32gui.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00018432 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32event.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00128512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_elementtree.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00127488 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pyexpat.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00013824 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\common.time34.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00036864 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_psutil_windows.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00038912 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32inet.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00011264 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32crypt.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00077312 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._html2.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00027136 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_multiprocessing.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00020480 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_yappi.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00035840 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32process.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00686080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\unicodedata.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00123392 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._wizard.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00024064 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pipe.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00010240 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\select.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00025600 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pdh.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00525640 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\windows._lib_cacheinvalidation.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00017408 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32profile.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00022528 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32ts.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00078848 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._animate.pyd
2013-01-16 09:50 - 2013-01-16 09:50 - 00039424 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-04-02 12:25 - 2013-04-02 12:25 - 00543744 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\sqlite3.dll
2013-01-16 09:55 - 2013-01-16 09:55 - 00049152 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_thread-vc110-mt-1_49.dll
2014-10-15 10:26 - 2014-10-15 10:26 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-11-29 19:02 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-12-07 13:17 - 2015-03-23 16:08 - 00367152 _____ () c:\Program Files\Trend Micro\BM\TMBMSRV.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C41CE1F6

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Control Panel\Desktop\\Wallpaper -> \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg
HKU\S-1-5-21-3119066785-3410617908-954626951-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.212
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{77B91471-1F7C-4246-9FB8-D0FB6BDB0500}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{FC192AEC-0EB2-4E00-B0DE-C3AC1095B982}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{74B6A4CF-FDC9-4626-AA6E-9FE83B17D16E}] => (Allow) svchost.exe
FirewallRules: [{401C384E-097D-4C0A-AA23-221001797D12}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E61D1666-C4DC-4BC8-B034-C197B959F4B0}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{EBD5AEDF-CC4E-4787-AECB-669073CBB479}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{778CAF80-CF0F-4F4A-B47C-9D6BFA5E2322}] => (Allow) LPort=1542
FirewallRules: [{CBD264C0-7ACF-4B7B-950C-962A969E645D}] => (Allow) LPort=1542
FirewallRules: [{94ACBE5E-B207-4FD3-9B2C-6C4A7709BE3E}] => (Allow) LPort=53
FirewallRules: [{A99A14F5-4101-467F-A9BA-94A13F834ADC}] => (Allow) LPort=67
FirewallRules: [{6AD0742E-B557-4A93-A603-17F0A9329631}] => (Allow) LPort=68
FirewallRules: [{A20E97E9-E35C-4541-B93C-1CE5547648BC}] => (Allow) LPort=53
FirewallRules: [{3330A293-3871-470E-AE39-EBC946E9F61E}] => (Allow) LPort=53
FirewallRules: [{CC9C3E84-B4AF-4D42-A664-1F190054E0FF}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{EB77E6E4-7B71-4585-A06F-7BEB86E53CA0}] => (Allow) D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{0CB444C2-9068-47F4-BC8B-5A848C0F9D44}] => (Allow) D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B994F989-1E95-4545-92A5-F6A257D01754}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{559A401D-3CDE-46EA-82F1-6DAED01C4E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4B8BD70A-E7F2-4947-B82C-759C91CB8F8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8A78BEB8-87DD-4C88-844C-5E3F1DF357C5}] => (Allow) LPort=61117
FirewallRules: [{CF093BBC-4BC1-4AD7-BF2F-CF15D59F77D9}] => (Allow) LPort=61117
FirewallRules: [{10A6A654-5A5B-4F84-B3BB-DB217F29A3DE}] => (Allow) LPort=61116
FirewallRules: [{5341A4F4-31C8-460A-B273-04247CEC1A51}] => (Allow) LPort=21112

==================== Faulty Device Manager Devices =============

Name: 802.11n WLAN Adapter
Description: 802.11n WLAN Adapter
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2015 03:51:02 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (10/02/2015 12:47:58 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (10/01/2015 12:54:39 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (09/30/2015 01:26:08 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/29/2015 12:43:20 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/28/2015 11:01:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Winpoint.exe version 9.2.1650.804 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a0

Start Time: 01d0f9fd9c00aaa8

Termination Time: 15

Application Path: C:\WINPOINT\Winpoint.exe

Report Id: d985c204-65f1-11e5-a0fe-f04da2db75d8

System errors:
=============
Error: (10/02/2015 02:01:04 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 01:49:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 01:37:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 01:02:11 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{09709833-D190-4092-94B9-5590C41E7078}.
The backup browser is stopping.

Error: (10/02/2015 12:18:22 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:55:02 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:35:12 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:28:24 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:22:24 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:10:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

==================== Memory info ===========================

Processor: Intel® Core i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 43%
Total physical RAM: 3063.11 MB
Available physical RAM: 1735.92 MB
Total Virtual: 6124.54 MB
Available Virtual: 3335.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:236.7 GB) (Free:176.66 GB) NTFS
Drive z: (BackUp) (Fixed) (Total:228.29 GB) (Free:40.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 259D4594)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=236.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=228.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

 

[Tziazoui]

Good morning y'all.  I had posted a few days ago seeking help in reading these logs but I hadn't heard from anyone and I got a little worried. Hoping it can get some traction this time around. Appreciate the help !

 

Linking MBAMLOG FIRST , Followed by FRST Log.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/28/2015
Scan Time: 9:07 AM
Logfile: NicholasMBAMlog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.28.03
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 838490
Time Elapsed: 51 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 10
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [9fa47fb62f5cff37398da71abe4530d0]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [60e3e1547d0e270f735328999172718f]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [bc876cc934575adc9432e8d9cd36ac54]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [9ca773c2e6a5c373bb0ba61b966d9a66]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [7ec5999c28633afcb1157150e41f9e62]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [73d041f4404b152141850ab7847ffc04]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [380b22139deed3639f2720a142c1c13f]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [90b30431107b49edf1d52a97729158a8]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [62e167ced0bb94a2279fffc2e91a738d]
Hijack.FolderOptions, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, , [5de62d08127966d0893d2d94e91a04fc]

Registry Data: 44
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[59eaac894843ce68a8601165986db44c]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1135\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[f74c260f0982df578be636452bda4cb4]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[2d1675c0fa91b58135d493e313f2cb35]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[192abb7a35568caa8a7e8aec37ce4eb2]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[f1525fd6b7d4c86eff27bbbbbf4634cc]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[d0732d08e3a80432d523ed8820e58f71]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1142\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[88bb0e27305b9b9be09191eaaa5bf60a]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[d66dae87395238fe19f0e78f5da8d927]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[6fd472c36d1e68ce4ebadb9bea1b33cd]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[3c07db5a0685ea4c32f46d09ad589f61]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[7ac944f14c3ff442a157d4a1669f17e9]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1143\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[7ac90c29a8e3b185551cd4a7798c24dc]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[3d0657deec9fa88e9b6ed79fff06c739]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[63e05cd9d6b5c76fec1ce09661a4966a]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[073ce74e018a38fe47dfcfa72fd62bd5]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[a3a062d3662538fe8870472ede2716ea]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1144\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[162d89ace8a367cf0e630a71dc2910f0]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[3310092cc1ca3bfb7692eb8bc83d3ec2]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1146\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[94afe94ca0eb5bdb74fddba0749155ab]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[5ee577beddaed26423e6ea8cc3428b75]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[71d25ed7adde77bf0ff9146209fc15eb]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[60e38da8b8d3d16555d1591d18edc63a]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[79ca9e9785068ea81bdda6cf9a6bf20e]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1175\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[21228ca97d0eba7c7af76b109e67be42]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[0c3721142566b77fc2479adc51b415eb]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[93b0a78ed4b7e15515f3afc77491d12f]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[94afb085b5d6ad89052187ef43c2fd03]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[2e1540f5503b83b31ade443126df06fa]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1241\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[4bf8d362b6d5d6601b56106bbe47bb45]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[9ea583b22a610b2b39d082f47095bd43]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[ad9674c1dcafa591cd3b7ff78e7715eb]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[d17295a0e1aa12244cdac4b2a2638f71]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[b192bb7a602bdb5b54a4571eb64ffe02]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1256\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[88bb3005692224127af70675fc094bb5]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[71d2cb6a870453e30801ff777d8859a7]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[df64dc59701bfe38dc2c10665ca95fa1]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[65de3ff6ed9ed066081efb7be61f02fe]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[85bebe773a5189adc53379fc75901ae6]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[2c17d164c1caf73ff27f5823c342d927]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\ACTIVEDESKTOP|NoChangingWallPaper, 1, Good: (0), Bad: (1),,[be85fb3a7a114de989807501798ce020]
PUM.Hijack.Desktop, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[45fec4715338c2740bfda0d620e524dc]
PUM.Hijack.DriveView, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoViewOnDrive, 67108863, Good: (0), Bad: (67108863),,[90b35fd68b009c9a35f19cda36cfeb15]
PUM.Disable.MCProperties, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoPropertiesMyComputer, 1, Good: (0), Bad: (1),,[11326ec78cffcd69cc2c6b0a7a8b47b9]
PUM.Hijack.HomepageControl, HKU\S-1-5-21-3119066785-3410617908-954626951-1261\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),,[da6921140b800333f57c5b200ff6827e]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

 

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-09-2015
Ran by Administrator (administrator) on DT-V430-MKT (02-10-2015 16:31:18)
Running from C:\Users\mlazarou\Documents\FRST
Loaded Profiles: UpdatusUser & mlazarou & Administrator (Available Profiles: Underwriting One & UpdatusUser & eodonnell & trestivo & hmegaloudis & lenuta & gsophocleous & ppavlakos & llazarou & bdm & mlazarou & hqu & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Broadcom Corp.) C:\Program Files\Broadcom\BPowMon\BPowMon.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7711264 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [OfficeScanNT Monitor] => c:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [1444600 2015-09-01] (Trend Micro Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [OE] => c:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe [492880 2010-08-10] (Trend Micro Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1066192 2015-07-14] (Carbonite, Inc.)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_18_0_0_232_ActiveX.exe [1156296 2015-09-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [Wallpaper] \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSharedDocuments] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoManageMyComputerVerb] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuNetworkPlaces] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSetTaskbar] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [LockTaskbar] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoPropertiesMyDocuments] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoControlPanel] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCloseDragDropBands] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Policies\Explorer: [ConfirmFileDelete] 1
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.212
Tcpip\..\Interfaces\{09709833-D190-4092-94B9-5590C41E7078}: [DhcpNameServer] 192.168.0.212

Internet Explorer:
==================
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php
HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php
HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pricing2.elyons.com/pslogin.php
HKU\S-1-5-21-3119066785-3410617908-954626951-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://pricing2.elyons.com/pslogin.php
SearchScopes: HKLM -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {685A4263-15C6-4854-8C2E-6354B934AD7E} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-1259 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> DefaultScope {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
SearchScopes: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> {BCC58E4C-B1E7-4260-8F84-C1A7EA03E98C} URL =
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14] (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-05] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-05] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-3119066785-3410617908-954626951-500 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\TmIEPlg.dll [2014-06-10] (Trend Micro Inc.)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-09] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - c:\Program Files\Trend Micro\Client Server Security Agent\FirefoxExtension [2015-01-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6124240 2015-07-14] (Carbonite, Inc. (www.carbonite.com))
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 ntrtscan; c:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [2655880 2015-09-01] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 svcGenericHost; c:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [72192 2015-09-01] (Trend Micro Inc.)
R3 TMBMServer; c:\Program Files\Trend Micro\BM\TMBMSRV.exe [367152 2015-03-23] () [File not signed]
R3 TmCCSF; c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\TmCCSF.exe [593880 2015-06-13] (Trend Micro Inc.)
R2 tmlisten; c:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [2793128 2015-09-01] (Trend Micro Inc.)
R3 tmpfw; c:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497272 2013-09-26] (Trend Micro Inc.)
R3 TmProxy; c:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [694832 2014-01-22] (Trend Micro Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [13408 2010-09-17] (LogMeIn, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [94152 2015-03-23] () [File not signed]
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [293496 2015-03-23] () [File not signed]
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64264 2015-03-23] () [File not signed]
R2 TmFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [281400 2014-08-30] (Trend Micro Inc.)
R1 TmLwf; C:\Windows\System32\DRIVERS\tmlwf.sys [146232 2013-09-26] (Trend Micro Inc.)
R2 TmPreFilter; c:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [38200 2014-08-30] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-01-09] (Trend Micro Inc.)
R2 tmWfp; C:\Windows\System32\DRIVERS\tmwfp.sys [282936 2013-09-26] (Trend Micro Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 VSApiNt; c:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1557912 2014-08-30] (Trend Micro Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]
S3 rtlss; System32\Drivers\rtlss.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 16:30 - 2015-10-02 16:31 - 00000000 ____D C:\Users\mlazarou\Documents\FRST
2015-10-02 16:24 - 2015-10-02 16:31 - 00000000 ____D C:\FRST
2015-10-02 16:24 - 2015-10-02 16:26 - 00042088 _____ C:\Users\mlazarou\Documents\FRST.txt
2015-10-02 16:22 - 2015-10-02 16:22 - 01696256 _____ (Farbar) C:\Users\mlazarou\Documents\FRST.exe
2015-10-02 14:03 - 2015-10-02 14:04 - 00000000 ____D C:\WINPOINT_BAK18
2015-09-28 05:19 - 2015-09-28 05:19 - 00002104 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-09-28 05:19 - 2015-09-28 05:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-09-28 03:49 - 2015-09-28 12:57 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-28 03:48 - 2015-09-28 03:48 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-28 03:48 - 2015-09-28 03:48 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-09-28 03:48 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-28 03:48 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-28 03:48 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-24 15:04 - 2015-09-24 15:04 - 00000000 _____ C:\Windows\system32\sho55D7.tmp
2015-09-16 09:35 - 2015-09-16 09:35 - 00000000 _____ C:\Windows\system32\sho9655.tmp
2015-09-16 09:32 - 2015-08-05 13:47 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-16 09:32 - 2015-08-05 13:47 - 00068952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-16 09:32 - 2015-08-05 13:41 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-16 09:32 - 2015-08-05 13:41 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-16 09:32 - 2015-08-05 13:40 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-16 09:32 - 2015-08-05 13:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2015-09-16 09:32 - 2015-08-05 13:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-16 09:32 - 2015-08-05 13:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-16 09:32 - 2015-08-05 13:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-16 09:32 - 2015-08-05 13:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-16 09:32 - 2015-08-05 12:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-09-16 09:32 - 2015-08-05 12:33 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-16 09:32 - 2015-08-05 12:33 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-16 09:32 - 2015-08-05 12:32 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-16 09:30 - 2015-07-18 09:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-16 09:30 - 2015-07-18 09:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-08 19:58 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-08 19:58 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-08 19:58 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-08 19:58 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-08 19:58 - 2015-08-05 13:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-08 19:58 - 2015-08-05 13:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-08 19:58 - 2015-08-04 13:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-08 19:58 - 2015-08-04 13:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-08 19:58 - 2015-08-04 13:47 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-08 19:58 - 2015-08-04 13:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-08 19:58 - 2015-08-04 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-08 19:58 - 2015-08-04 12:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-08 19:57 - 2015-09-01 22:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-08 19:57 - 2015-09-01 22:48 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-08 19:57 - 2015-09-01 22:48 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-08 19:57 - 2015-09-01 22:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-08 19:57 - 2015-09-01 21:36 - 02384896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-08 19:57 - 2015-09-01 21:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-08 19:57 - 2015-08-17 21:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-08 19:57 - 2015-08-15 02:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-08 19:57 - 2015-08-15 01:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-08 19:57 - 2015-08-15 01:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-08 19:57 - 2015-08-15 01:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-08 19:57 - 2015-08-15 01:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-08 19:57 - 2015-08-15 01:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-08 19:57 - 2015-08-15 01:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-08 19:57 - 2015-08-15 01:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-08 19:57 - 2015-08-15 01:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-08 19:57 - 2015-08-15 01:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-08 19:57 - 2015-08-15 01:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-08 19:57 - 2015-08-15 01:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-08 19:57 - 2015-08-15 01:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-08 19:57 - 2015-08-15 01:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-08 19:57 - 2015-08-15 01:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-08 19:57 - 2015-08-15 01:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-08 19:57 - 2015-08-15 01:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-08 19:57 - 2015-08-15 01:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-08 19:57 - 2015-08-15 01:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-08 19:57 - 2015-08-15 01:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-08 19:57 - 2015-08-15 01:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-08 19:57 - 2015-08-15 01:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-08 19:57 - 2015-08-15 01:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-08 19:57 - 2015-08-15 01:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-08 19:57 - 2015-08-15 01:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-08 19:57 - 2015-08-15 01:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-08 19:57 - 2015-08-15 01:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-08 19:57 - 2015-08-15 01:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-08 19:57 - 2015-08-15 00:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-08 19:57 - 2015-08-15 00:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-08 19:57 - 2015-08-15 00:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-05 23:17 - 2015-09-05 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Security Agent
2015-09-05 23:16 - 2015-09-05 23:16 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-05 11:57 - 2015-09-30 09:29 - 00001480 _____ C:\Windows\setupact.log
2015-09-05 11:57 - 2015-09-05 11:57 - 00000000 _____ C:\Windows\setuperr.log
2015-09-05 11:26 - 2015-09-05 11:27 - 00000000 ____D C:\WINPOINT_BAK17
2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\AppData\Roaming\Sun
2015-09-05 11:16 - 2015-09-05 11:16 - 00000000 ____D C:\Users\mlazarou\.oracle_jre_usage
2015-09-05 10:54 - 2015-09-05 10:54 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2015-09-05 10:48 - 2015-09-05 10:48 - 00000000 ____D C:\Users\Administrator\.oracle_jre_usage
2015-09-05 10:30 - 2015-08-26 13:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-05 10:30 - 2015-08-26 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-05 10:30 - 2015-08-26 13:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-05 10:30 - 2015-08-26 13:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-05 10:30 - 2015-08-26 13:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-05 10:30 - 2015-08-26 13:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-02 16:19 - 2010-12-07 16:18 - 00000152 _____ C:\Windows\system32\config\netlogon.ftl
2015-10-02 15:44 - 2013-04-11 16:05 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-02 15:44 - 2013-04-11 16:05 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-02 14:23 - 2012-08-07 12:16 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Deployment
2015-10-02 14:20 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\TEMP
2015-10-02 14:19 - 2010-12-08 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Calyx Software
2015-10-02 14:19 - 2010-12-08 00:43 - 00001113 _____ C:\Windows\winpoint.ini
2015-10-02 14:10 - 2013-02-10 14:16 - 00000000 ____D C:\WINPOINT
2015-10-02 14:09 - 2011-07-14 00:13 - 00000000 ____D C:\PNTTEMPL
2015-10-02 14:02 - 2012-08-07 12:17 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Calyx Software
2015-10-02 14:00 - 2012-08-07 12:05 - 00000000 ____D C:\Users\mlazarou\AppData\Local\Adobe
2015-10-02 14:00 - 2012-04-16 12:49 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-02 14:00 - 2011-05-25 00:14 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-02 13:59 - 2014-10-09 11:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-10-02 11:22 - 2009-07-14 00:55 - 01891031 _____ C:\Windows\WindowsUpdate.log
2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-02 10:44 - 2009-07-14 00:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-02 09:00 - 2010-12-07 12:16 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-10-02 00:46 - 2010-12-07 14:46 - 00000000 ____D C:\ProgramData\LogMeIn
2015-09-30 09:36 - 2010-11-29 18:51 - 01538680 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-30 09:31 - 2014-01-26 14:16 - 00000976 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-09-30 09:31 - 2014-01-26 14:16 - 00000960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-09-30 09:30 - 2010-11-29 19:13 - 00803198 _____ C:\Windows\system32\TmInstall.log
2015-09-30 09:30 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-30 09:29 - 2010-11-29 20:45 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-28 12:08 - 2013-12-08 02:36 - 00000000 ____D C:\temp
2015-09-28 10:06 - 2010-11-29 20:44 - 00218370 _____ C:\Windows\PFRO.log
2015-09-21 09:38 - 2010-12-07 14:46 - 00000000 ____D C:\Program Files\LogMeIn
2015-09-21 09:37 - 2010-12-07 14:46 - 00103296 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-09-21 09:37 - 2010-12-07 14:46 - 00098152 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-09-21 09:37 - 2010-12-07 14:46 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-09-16 12:53 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2015-09-11 22:00 - 2010-12-07 12:16 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-09-09 03:37 - 2009-07-14 00:33 - 00408064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 03:36 - 2009-07-14 03:50 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 03:21 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-09 03:20 - 2011-07-01 17:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 03:13 - 2013-07-11 10:01 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 10:16 - 2012-08-07 14:46 - 00002084 _____ C:\Users\mlazarou\Desktop\Current Documents.lnk
2015-09-05 11:43 - 2012-12-04 19:00 - 00000000 ____D C:\Windows\Minidump
2015-09-05 11:16 - 2012-08-07 11:15 - 00000000 ____D C:\Users\mlazarou
2015-09-05 10:54 - 2014-10-19 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-05 10:54 - 2013-06-24 09:45 - 00000000 ____D C:\Program Files\Java
2015-09-05 10:53 - 2015-06-06 13:12 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-05 10:48 - 2010-12-07 16:20 - 00000000 ____D C:\Users\Administrator
2015-09-05 10:43 - 2013-03-17 15:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-05 10:40 - 2015-03-11 11:57 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieUserList
2015-09-05 10:40 - 2014-06-14 11:56 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieSiteList
2015-09-05 10:21 - 2010-12-07 16:20 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2015-09-05 10:21 - 2009-07-14 00:46 - 00001515 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

==================== Files in the root of some directories =======

2015-10-02 14:04 - 2015-10-02 14:10 - 12307514 _____ () C:\ProgramData\log.txt
2010-12-08 00:46 - 2010-12-08 00:46 - 0000058 _____ () C:\ProgramData\mchguid.ini

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\lenuta\AppData\Local\Temp\samsetupnt.exe
C:\Users\mlazarou\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Underwriting One\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-01 00:56

==================== End of FRST.txt ============================

 

Additional Log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-09-2015
Ran by Administrator (2015-10-02 16:31:50)
Running from C:\Users\mlazarou\Documents\FRST
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2010-12-07 16:13:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1377516699-4148573324-3159256218-500 - Administrator - Disabled)
Guest (S-1-5-21-1377516699-4148573324-3159256218-501 - Limited - Disabled)
Underwriting One (S-1-5-21-1377516699-4148573324-3159256218-1000 - Administrator - Enabled) => C:\Users\Underwriting One
UpdatusUser (S-1-5-21-1377516699-4148573324-3159256218-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Security Agent (Enabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Enabled) {49A8346C-6900-54B6-B1B3-5F678736DDE9}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Broadcom Management Programs (HKLM\...\{5DB87A63-9420-48CC-9F9A-B8801D38D6B5}) (Version: 12.35.01 - Broadcom Corporation)
Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software)
Calyx Installer (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\70930c74b7b66430) (Version: 1.0.0.371 - Calyx Software)
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.7 build 5155 (Jul-14-2015) - Carbonite)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.0.5621.01 - Dell Inc.)
Dell Support Center (Version: 3.0.5621.01 - PC-Doctor, Inc.) Hidden
Google Drive (HKLM\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 5.5.0.1132 (HKU\S-1-5-21-3119066785-3410617908-954626951-1259\...\GoToMeeting) (Version: 5.5.0.1132 - CitrixOnline)
HP LaserJet Enterprise 500 color M551 (HKLM\...\{6D6058C2-16C9-4763-B1B5-6F1C3491069B}) (Version: 4.5.12146.539 - Hewlett-Packard)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
LogMeIn (HKLM\...\{C9127212-C4B4-4BE3-9CA2-24ACB804D067}) (Version: 4.1.1568 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM\...\{2C019AC0-E2E1-4E63-8113-87F9D44EAF07}) (Version: 2.9.4919.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.78 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Point 7.3 (HKLM\...\{13D3698D-70EA-46DD-A303-7B0346D75ADA}) (Version: 7.3.1265 - Calyx Software)
Point 7.4 SP5 (HKLM\...\{8DDB7719-21CF-4449-BECE-3B2A1C416B6A}) (Version: 7.4.1325 - Calyx Software)
Point 7.4 SP6 (HKLM\...\{F398D45A-300F-486B-BC4E-6E2066F6DA10}) (Version: 7.4.1343 - Calyx Software)
Point 7.5 (HKLM\...\{04E1ED5D-B465-4F75-AB3A-9ECA26B4AAC5}) (Version: 7.5.1377 - Calyx Software)
Point 7.5 SP1 (HKLM\...\{254140F9-F1BD-4656-A0C0-4AAAB8943849}) (Version: 7.5.1381 - Calyx Software)
Point 7.6 (HKLM\...\{569FD3B2-505B-40D0-8B7A-1FC5774670D8}) (Version: 7.6.1417 - Calyx Software)
Point 7.6 SP1 (HKLM\...\{8C117A55-A427-4978-8F18-AB328E347D17}) (Version: 7.6.1419 - Calyx Software)
Point 8.0 SP1 (HKLM\...\{FF812D14-DC93-40F4-B966-28A6BDAE3048}) (Version: 8.0.1472 - Calyx Software)
Point 8.0 SP2 (HKLM\...\{471B8A01-2F1D-4A2D-85E5-77339FA387AC}) (Version: 8.0.1481 - Calyx Software)
Point 9.2 SP4 (HKLM\...\{5583AE3A-10AA-4CA5-877C-61F48FCAF732}) (Version: 9.2.1680 - Calyx Software)
Point Old Verison Clean up Tool (HKU\S-1-5-21-3119066785-3410617908-954626951-500\...\Point Old Verison Clean up Tool) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - )
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Trend Micro Client/Server Security Agent (HKLM\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.7.2565 - Trend Micro)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\webex\1225\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-3119066785-3410617908-954626951-1259_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\mlazarou\AppData\Local\Citrix\GoToMeeting\1132\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

13-09-2015 19:01:08 Windows Backup
16-09-2015 09:32:17 Windows Update
20-09-2015 19:01:04 Windows Backup
27-09-2015 19:00:56 Windows Backup
02-10-2015 14:04:43 Installed Point 9.2 SP4.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {19E7C814-9521-47C0-BF46-C7BAF269CBBE} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\pcdrcui.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {375BBC32-0090-4DE2-B853-F165B1974C80} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2010-08-05] (PC-Doctor, Inc.)
Task: {507CE31B-4409-4E07-88DB-0169376D20C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {599FA52D-071F-475E-A8B0-3045D17DFF07} - System32\Tasks\{828257E7-AC3B-4715-A126-0E53F7D55D46} => pcalua.exe -a "C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPKRSIUK\JavaSetup6u31[1].exe" -d C:\Users\Administrator\Desktop
Task: {91ED21F1-F356-4DEE-AEE6-14A9164523D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B677A73F-D01E-4222-937B-4C69D49C5EF3} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {BAA8AD14-D7C7-4A6A-9962-3F2E9B3ECCB6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FD8B30E5-2E72-45BE-9EE3-B38AF8AE7D07} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\pcdrcui.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-17 08:51 - 2013-08-09 15:58 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-01-07 19:23 - 2011-08-31 13:55 - 00499712 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\sqlite3.dll
2015-09-30 09:30 - 2015-09-30 09:30 - 00098816 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32api.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00110080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pywintypes27.dll
2015-09-30 09:30 - 2015-09-30 09:30 - 00364544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pythoncom27.dll
2015-09-30 09:30 - 2015-09-30 09:30 - 00045568 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_socket.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 01161216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ssl.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00320512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32com.shell.shell.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00713216 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_hashlib.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 01176576 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._core_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00806400 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._gdi_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00816128 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._windows_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 01067008 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._controls_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00733184 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._misc_.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00682496 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pysqlite2._sqlite.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00087552 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_ctypes.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00119808 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32file.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00108544 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32security.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00007168 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\hashobjs_ext.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00068096 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\usb_ext.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00167936 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32gui.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00018432 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32event.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00128512 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_elementtree.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00127488 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\pyexpat.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00013824 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\common.time34.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00036864 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_psutil_windows.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00038912 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32inet.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00011264 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32crypt.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00077312 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._html2.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00027136 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_multiprocessing.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00020480 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\_yappi.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00035840 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32process.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00686080 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\unicodedata.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00123392 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._wizard.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00024064 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pipe.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00010240 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\select.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00025600 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32pdh.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00525640 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\windows._lib_cacheinvalidation.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00017408 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32profile.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00022528 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\win32ts.pyd
2015-09-30 09:30 - 2015-09-30 09:30 - 00078848 _____ () C:\Users\mlazarou\AppData\Local\Temp\_MEI27962\wx._animate.pyd
2013-01-16 09:50 - 2013-01-16 09:50 - 00039424 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_date_time-vc110-mt-1_49.dll
2013-04-02 12:25 - 2013-04-02 12:25 - 00543744 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\sqlite3.dll
2013-01-16 09:55 - 2013-01-16 09:55 - 00049152 _____ () c:\Program Files\Trend Micro\Client Server Security Agent\CCSF\boost_thread-vc110-mt-1_49.dll
2014-10-15 10:26 - 2014-10-15 10:26 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-11-29 19:02 - 2010-03-03 22:08 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2010-12-07 13:17 - 2015-03-23 16:08 - 00367152 _____ () c:\Program Files\Trend Micro\BM\TMBMSRV.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C41CE1F6

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3119066785-3410617908-954626951-1259\Control Panel\Desktop\\Wallpaper -> \\pe1900\point$\PNTTEMPL\pb2_eLyons.jpg
HKU\S-1-5-21-3119066785-3410617908-954626951-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.212
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{77B91471-1F7C-4246-9FB8-D0FB6BDB0500}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{FC192AEC-0EB2-4E00-B0DE-C3AC1095B982}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{74B6A4CF-FDC9-4626-AA6E-9FE83B17D16E}] => (Allow) svchost.exe
FirewallRules: [{401C384E-097D-4C0A-AA23-221001797D12}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E61D1666-C4DC-4BC8-B034-C197B959F4B0}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{EBD5AEDF-CC4E-4787-AECB-669073CBB479}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{778CAF80-CF0F-4F4A-B47C-9D6BFA5E2322}] => (Allow) LPort=1542
FirewallRules: [{CBD264C0-7ACF-4B7B-950C-962A969E645D}] => (Allow) LPort=1542
FirewallRules: [{94ACBE5E-B207-4FD3-9B2C-6C4A7709BE3E}] => (Allow) LPort=53
FirewallRules: [{A99A14F5-4101-467F-A9BA-94A13F834ADC}] => (Allow) LPort=67
FirewallRules: [{6AD0742E-B557-4A93-A603-17F0A9329631}] => (Allow) LPort=68
FirewallRules: [{A20E97E9-E35C-4541-B93C-1CE5547648BC}] => (Allow) LPort=53
FirewallRules: [{3330A293-3871-470E-AE39-EBC946E9F61E}] => (Allow) LPort=53
FirewallRules: [{CC9C3E84-B4AF-4D42-A664-1F190054E0FF}] => (Allow) C:\Program Files\Realtek\11n USB Wireless LAN Utility\Rtldhcp.exe
FirewallRules: [{EB77E6E4-7B71-4585-A06F-7BEB86E53CA0}] => (Allow) D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{0CB444C2-9068-47F4-BC8B-5A848C0F9D44}] => (Allow) D:\Installer\hpbcsiInstaller.exe
FirewallRules: [{B994F989-1E95-4545-92A5-F6A257D01754}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
FirewallRules: [{559A401D-3CDE-46EA-82F1-6DAED01C4E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4B8BD70A-E7F2-4947-B82C-759C91CB8F8A}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8A78BEB8-87DD-4C88-844C-5E3F1DF357C5}] => (Allow) LPort=61117
FirewallRules: [{CF093BBC-4BC1-4AD7-BF2F-CF15D59F77D9}] => (Allow) LPort=61117
FirewallRules: [{10A6A654-5A5B-4F84-B3BB-DB217F29A3DE}] => (Allow) LPort=61116
FirewallRules: [{5341A4F4-31C8-460A-B273-04247CEC1A51}] => (Allow) LPort=21112

==================== Faulty Device Manager Devices =============

Name: 802.11n WLAN Adapter
Description: 802.11n WLAN Adapter
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/02/2015 03:51:02 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (10/02/2015 12:47:58 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (10/01/2015 12:54:39 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070013, The media is write protected.
.

Error: (09/30/2015 09:28:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x80070013, The media is write protected.
]

Error: (09/30/2015 01:26:08 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/29/2015 12:43:20 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (09/28/2015 11:01:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Winpoint.exe version 9.2.1650.804 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a0

Start Time: 01d0f9fd9c00aaa8

Termination Time: 15

Application Path: C:\WINPOINT\Winpoint.exe

Report Id: d985c204-65f1-11e5-a0fe-f04da2db75d8

System errors:
=============
Error: (10/02/2015 02:01:04 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 01:49:31 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 01:37:17 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 01:02:11 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{09709833-D190-4092-94B9-5590C41E7078}.
The backup browser is stopping.

Error: (10/02/2015 12:18:22 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:55:02 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:35:12 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:28:24 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:22:24 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (10/02/2015 11:10:54 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 43%
Total physical RAM: 3063.11 MB
Available physical RAM: 1735.92 MB
Total Virtual: 6124.54 MB
Available Virtual: 3335.5 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:236.7 GB) (Free:176.66 GB) NTFS
Drive z: (BackUp) (Fixed) (Total:228.29 GB) (Free:40.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 259D4594)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=236.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=228.3 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================

[Naathim]

Hello and

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

• Analysis and research take some time, also sometimes real life gets in the way, please be patient.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Paste the logs in your posts, attachments make my work harder and more complicated.
• Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
• Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

If you could tel me what exactly issues do you experience, it would help me with the logfiles analysis and hopefully resolving your issue.

[Naathim]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!