Osiris1975

Members

View Profile See their activity

Posts
3
Joined
October 21, 2014
Last visited
October 23, 2014

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Osiris1975

Malware not removed

Osiris1975 replied to Osiris1975's topic in Resolved Malware Removal Logs

Thanks very much! I tried to post the logs but the post hung, so I copied and pasted all of them into an RTF file. I hope that is okay. Each log has a header in bold indicating which log it is. The link is as follows: http://www.aaleil.com/wp-content/uploads/2014/10/logs.rtf
- October 23, 2014
- 6 replies
Malware not removed

Osiris1975 replied to Osiris1975's topic in Resolved Malware Removal Logs

Thanks very much for your response! I have run Malwarebytes as specified. Here is the log. Please note I ran it previously a few days ago and quarantined the stuff it found so if this log doesn't show anything that might be why: Malwarebytes scan log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/22/2014Scan Time: 5:41:51 PMLogfile: mwb.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.10.22.10Rootkit Database: v2014.10.22.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Osiris Scan Type: Threat ScanResult: CompletedObjects Scanned: 325016Time Elapsed: 2 min, 26 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) RogueKiller Report: RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Osiris [Administrator]Mode : Scan -- Date : 10/22/2014 17:47:41 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 16 ¤¤¤[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2204402082-798408575-2457952216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2204402082-798408575-2457952216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Found[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-2204402082-798408575-2457952216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-2204402082-798408575-2457952216-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Found[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Found[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:13081 -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C1C15B8-CDD2-49D0-8C60-F27A5C846F95} | NameServer : 69.173.64.11,69.173.64.12 -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AC6EBC74-4E64-4366-B248-02F8826E5725} | DhcpNameServer : 192.168.1.1 71.243.0.12 -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8C1C15B8-CDD2-49D0-8C60-F27A5C846F95} | NameServer : 69.173.64.11,69.173.64.12 -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AC6EBC74-4E64-4366-B248-02F8826E5725} | DhcpNameServer : 192.168.1.1 71.243.0.12 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: INTEL SSDSC2CW120A3 +++++--- User ---[MBR] 02685bdbaefb30166a70d2072f92fe01[bSP] 44a68472f5c91fa84c8a5026066b9233 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 114371 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: ST3320620AS +++++--- User ---[MBR] a6842e6266d27813610eedcd7027a42f[bSP] 5287ae5af139f2f07973f946156bc5b7 : Windows XP MBR CodePartition table:1 - [ACTIVE] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 16065 | Size: 305235 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive2: MAXTOR 6L080J4 +++++--- User ---[MBR] 8cd2ca3c93893605d06f13f91ebcf854[bSP] 6f14cc46bf77c3a8d88c975bd5202451 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76343 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive3: WDC WD800JD-00MSA1 +++++--- User ---[MBR] fdf364c3421b5cedfa661842b4d14caa[bSP] db6118eecfd1ea188b4290c061683b70 : Windows Vista/7/8 MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76317 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive4: USB Mass Storage Device USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) ============================================RKreport_DEL_10202014_122152.log - RKreport_DEL_10202014_122214.log - RKreport_SCN_10202014_121409.log
- October 22, 2014
- 6 replies
Malware not removed

Osiris1975 posted a topic in Resolved Malware Removal Logs

Hi, I have some malware that forces internet explorer to open and gives fake messages about my computer's health. Malwarebytes didn't remove it. Here are my log files, and I really appreciate any help you can give! Thanks. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014Ran by Osiris (administrator) on OSIRIS-PC on 21-10-2014 19:27:03Running from E:\Loaded Profile: Osiris (Available profiles: Osiris)Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe() C:\Program Files (x86)\Windows NT\Accessories\bootmanager\bootmanager.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(AMD) C:\Windows\System32\atieclxx.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe() C:\Windows\SysWOW64\PnkBstrA.exe(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() D:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe(Dropbox, Inc.) C:\Users\Osiris\AppData\Roaming\Dropbox\bin\Dropbox.exe(Cerulean Studios) D:\Program Files (x86)\Trillian\trillian.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe(TeamViewer GmbH) D:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(StarNet Communications Corp) D:\Program Files (x86)\X-Win32 2010\xwin32.exe() D:\Program Files (x86)\X-Win32 2010\esd.exe() D:\Program Files (x86)\X-Win32 2010\elpd.exe(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.5134\Battle.net.exe() D:\Program Files (x86)\X-Win32 2010\ime.exe() C:\Program Files (x86)\Windows Mail\mailagent\mailagent.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)HKLM-x32\...\Run: [iJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKU\S-1-5-21-2204402082-798408575-2457952216-1000\...\Run: [GoogleChromeAutoLaunch_59F915BC00DAE530CE6B66678FAFCD67] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-09] (Google Inc.)HKU\S-1-5-21-2204402082-798408575-2457952216-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-25] (Electronic Arts)HKU\S-1-5-21-2204402082-798408575-2457952216-1000\...\Run: [Google Update] => C:\Users\Osiris\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-12] (Google Inc.)HKU\S-1-5-21-2204402082-798408575-2457952216-1000\...\Run: [FreeDesktopTimer] => D:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()HKU\S-1-5-21-2204402082-798408575-2457952216-1000\...\MountPoints2: {c7df79e0-d09f-11e3-9b38-806e6f6e6963} - G:\Bin\ASSETUP.exeHKU\S-1-5-21-2204402082-798408575-2457952216-1000\...\MountPoints2: {f1b321cb-d095-11e3-97de-806e6f6e6963} - "G:\Install Lightroom 3.exe"HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-04-30] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnkShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)Startup: C:\Users\Osiris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Osiris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnkShortcutTarget: Trillian.lnk -> D:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.ProxyServer: http=127.0.0.1:13081HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usBHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12Tcpip\..\Interfaces\{8C1C15B8-CDD2-49D0-8C60-F27A5C846F95}: [NameServer] 69.173.64.11,69.173.64.12 FireFox:========FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Osiris\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Osiris\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Osiris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Osiris\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\Osiris\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\Osiris\AppData\Roaming\mozilla\plugins\npo1d.dll (Google) Chrome: =======CHR HomePage: Default -> CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.google.com"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-04-30]CHR Extension: (Google Docs) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]CHR Extension: (Google Drive) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]CHR Extension: (Google Groups) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfmbadcfdhiklafcdohpfphhhakmiakk [2014-04-30]CHR Extension: (Ancient Map) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2014-06-27]CHR Extension: (YouTube) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-30]CHR Extension: (Google Search) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-30]CHR Extension: (Gmail Offline) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-04-30]CHR Extension: (Google Calendar) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-04-30]CHR Extension: (Google Sheets) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-04-30]CHR Extension: (Google Keep - notes and lists) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-07-07]CHR Extension: (Hangouts) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-07-25]CHR Extension: (Google Wallet) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]CHR Extension: (Gmail) - C:\Users\Osiris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "MailAgent" service was unlocked successfully. <===== ATTENTION R2 BootManager; C:\Program Files (x86)\Windows NT\Accessories\bootmanager\bootmanager.exe [216576 2014-10-17] () [File not signed]R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [146984 2012-07-24] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)R2 MailAgent; C:\Program Files (x86)\\Windows Mail\mailagent\mailagent.exe [425984 2014-10-17] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-30] ()S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\RpcAgentSrv.exe [72344 2008-04-08] (SiSoftware) [File not signed]R2 TeamViewer9; D:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4799760 2014-09-12] (TeamViewer GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] ()R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-21] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP2\WNt500x64\Sandra.sys [23112 2009-08-07] (SiSoftware)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-20] ()R3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-10-20] ()S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]S3 tsusbhub; system32\drivers\tsusbhub.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 19:26 - 2014-10-21 19:27 - 00000000 ____D () C:\FRST2014-10-20 12:12 - 2014-10-20 12:12 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-10-20 12:12 - 2014-10-20 12:12 - 00000000 ____D () C:\ProgramData\RogueKiller2014-10-20 12:08 - 2014-10-20 12:11 - 00000000 ____D () C:\AdwCleaner2014-10-20 09:03 - 2014-10-21 18:32 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-20 09:02 - 2014-10-20 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-20 09:02 - 2014-10-20 09:02 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-20 09:02 - 2014-10-20 09:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-10-20 09:02 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-20 09:02 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-20 09:02 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-19 09:50 - 2014-10-19 09:50 - 00000000 ____D () C:\ProgramData\TEMP2014-10-19 09:46 - 2014-10-19 09:47 - 00000000 ____D () C:\Users\Osiris\AppData\Roaming\Open Download Manager2014-10-19 09:44 - 2014-10-19 09:48 - 00000000 ____D () C:\Program Files (x86)\OpenDownloaderManager2014-09-28 09:49 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-09-28 09:49 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-09-28 09:49 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-09-28 09:49 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-09-28 09:49 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-09-28 09:49 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-09-28 09:49 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-09-28 09:49 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-09-28 09:49 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-09-28 09:49 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-09-28 09:49 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-09-28 09:49 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-09-28 09:49 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-09-28 09:49 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-09-28 09:49 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-09-28 09:49 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-09-28 09:49 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-09-28 09:49 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-09-28 09:49 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-09-28 09:49 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-09-28 09:49 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-09-28 09:49 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-09-28 09:49 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-09-28 09:49 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-09-28 09:49 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-09-28 09:49 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-09-28 09:49 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-09-28 09:49 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-09-28 09:49 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-09-28 09:49 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-09-28 09:49 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-09-28 09:49 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-09-28 09:49 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-09-28 09:49 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-09-28 09:49 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-09-28 09:49 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-09-28 09:49 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-09-28 09:49 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-09-28 09:49 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-09-28 09:49 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-09-28 09:49 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-09-28 09:49 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-09-28 09:49 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-09-28 09:49 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-09-28 09:49 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-09-28 09:49 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-09-28 09:49 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-09-28 09:49 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-09-28 09:49 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-09-28 09:49 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-09-28 09:49 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-09-28 09:49 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-09-28 09:49 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-09-28 09:49 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-09-28 09:49 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-09-28 09:49 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-09-28 09:46 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2014-09-28 09:46 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll2014-09-28 09:46 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe2014-09-28 09:46 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2014-09-28 09:46 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2014-09-28 09:46 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2014-09-28 09:46 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe2014-09-28 09:46 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll2014-09-28 09:44 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-09-28 09:44 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-09-28 09:44 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-09-28 09:44 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-09-28 09:44 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-09-28 09:43 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-09-28 09:43 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-09-28 09:43 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-09-28 09:43 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2014-09-28 09:43 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2014-09-28 09:43 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe2014-09-28 09:43 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe2014-09-28 09:43 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-09-28 09:43 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-09-28 09:43 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-09-28 09:43 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-09-28 09:43 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-09-28 09:43 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-09-28 09:43 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-09-28 09:43 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-09-28 09:43 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-09-28 09:43 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-09-28 09:43 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-21 19:14 - 2014-06-12 12:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204402082-798408575-2457952216-1000UA.job2014-10-21 18:43 - 2014-04-30 14:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-21 13:28 - 2014-06-12 12:04 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204402082-798408575-2457952216-1000Core.job2014-10-21 13:28 - 2014-04-30 14:08 - 01995565 _____ () C:\Windows\WindowsUpdate.log2014-10-21 13:17 - 2014-07-08 08:36 - 00000000 ____D () C:\Users\Osiris\AppData\Local\Battle.net2014-10-21 03:59 - 2014-05-02 15:12 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-10-20 20:43 - 2014-04-30 14:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-20 17:16 - 2009-07-14 00:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-10-20 17:16 - 2009-07-14 00:45 - 00020800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-10-20 12:16 - 2009-07-14 01:13 - 00006182 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-20 12:12 - 2014-05-05 10:57 - 00000000 ____D () C:\Users\Osiris\AppData\Roaming\Dropbox2014-10-20 12:12 - 2014-04-30 22:17 - 00000000 ____D () C:\ProgramData\Origin2014-10-20 12:12 - 2014-04-30 22:17 - 00000000 ____D () C:\Program Files (x86)\Origin2014-10-20 12:12 - 2014-04-30 14:38 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp2014-10-20 12:12 - 2014-04-30 14:38 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys2014-10-20 12:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-20 12:12 - 2009-07-14 00:51 - 00032238 _____ () C:\Windows\setupact.log2014-10-20 12:11 - 2014-04-30 14:23 - 00064188 _____ () C:\Windows\PFRO.log2014-10-20 09:09 - 2009-07-14 01:37 - 00000000 ____D () C:\Windows\DigitalLocker2014-10-20 09:09 - 2009-07-14 01:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-10-19 14:40 - 2014-04-30 23:07 - 00000000 ____D () C:\Program Files (x86)\Steam2014-10-19 10:00 - 2014-06-29 13:07 - 00000000 ____D () C:\Users\Osiris\AppData\Roaming\uTorrent2014-10-18 20:38 - 2014-04-30 14:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-18 20:38 - 2014-04-30 14:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-15 20:27 - 2014-07-08 08:36 - 00000000 ____D () C:\Program Files (x86)\Battle.net2014-10-09 16:15 - 2014-05-01 15:02 - 00000000 ____D () C:\Users\Osiris\AppData\Roaming\Mozilla2014-10-07 07:09 - 2014-05-09 09:55 - 00002278 ____H () C:\Users\Osiris\Documents\Default.rdp2014-10-03 10:30 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-09-30 20:08 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-09-28 11:06 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache2014-09-28 09:53 - 2009-07-14 03:46 - 00000000 ____D () C:\Program Files\Windows Journal2014-09-28 09:53 - 2009-07-14 00:45 - 00437904 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-28 09:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-09-28 09:48 - 2014-04-30 15:17 - 00000000 ____D () C:\Windows\system32\MRT2014-09-25 11:04 - 2014-08-06 16:43 - 00000849 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk2014-09-25 11:04 - 2014-08-06 16:43 - 00000849 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk2014-09-25 10:01 - 2014-06-27 10:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk2014-09-22 19:04 - 2014-07-08 08:40 - 00000000 ____D () C:\Program Files (x86)\Hearthstone Some content of TEMP:====================C:\Users\Osiris\AppData\Local\Temp\dllnt_dump.dllC:\Users\Osiris\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn_wxep.dllC:\Users\Osiris\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Osiris\AppData\Local\Temp\Quarantine.exeC:\Users\Osiris\AppData\Local\Temp\restarter7209095735851759532.exeC:\Users\Osiris\AppData\Local\Temp\sonarinst.exeC:\Users\Osiris\AppData\Local\Temp\sqlite3.dllC:\Users\Osiris\AppData\Local\Temp\_is581D.exeC:\Users\Osiris\AppData\Local\Temp\_is729F.exeC:\Users\Osiris\AppData\Local\Temp\__pythonRunner.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 00:36 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-10-2014Ran by Osiris at 2014-10-21 19:27:16Running from E:\Boot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Photoshop Lightroom 3.2 64-bit (HKLM\...\{A94AABAE-52F0-48C4-9F94-A4CA4B423576}) (Version: 3.2.1 - Adobe)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)AIDA64 Extreme v4.30 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.30 - FinalWire Ltd.)AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) HiddenAMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) HiddenAsmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.2.0 - Asmedia Technology)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - Canon Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) HiddenCisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) HiddenCPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version: - )DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)Divinity: Original Sin (HKLM-x32\...\Steam App 230230) (Version: - Larian Studios)Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)FileZilla Client 3.9.0.3 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.3 - Tim Kosse)Fraps (HKLM-x32\...\Fraps) (Version: - )Free Desktop Timer 1.2 (HKLM-x32\...\Free Desktop Timer_is1) (Version: - Drive Software Company)Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.5.56756 - HearthstoneTracker.com)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)Intel® Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenJava 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJetBrains PyCharm 3.4.1 (HKLM-x32\...\PyCharm 3.4.1) (Version: 135.1057 - JetBrains s.r.o.)mailagent (HKLM-x32\...\mailagent) (Version: - )Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)Mozilla Thunderbird 24.6.0 (x86 en-US) (HKCU\...\Mozilla Thunderbird 24.6.0 (x86 en-US)) (Version: 24.6.0 - Mozilla)Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) HiddenOrigin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)Scrivener (HKLM-x32\...\Scrivener 1610) (Version: 1610 - Literature and Latte)SiSoftware Sandra Lite 2014.SP2 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.28.2014.5 - SiSoftware)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)Total War: ROME II (HKLM-x32\...\Steam App 214950) (Version: - Creative Assembly)Trillian (HKLM-x32\...\Trillian) (Version: - Cerulean Studios, LLC)Tropico 5 (HKLM-x32\...\Steam App 245620) (Version: - Haemimont Games)Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 3.0.4.3 - Wrye & Wrye Bash Development Team)XCom Long War EW Mod version Beta 9a (HKLM-x32\...\{860C3266-65B9-4BF2-937A-1778483046B5}_is1) (Version: Beta 9a - JohnnyLump)XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Osiris\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Osiris\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Osiris\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-2204402082-798408575-2457952216-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Osiris\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 30-04-2014 16:05:36 Windows Backup28-09-2014 13:46:29 Windows Update28-09-2014 13:55:27 Windows Backup06-10-2014 04:00:03 Scheduled Checkpoint13-10-2014 04:00:03 Scheduled Checkpoint20-10-2014 04:00:03 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01896B92-908F-4B05-A41E-924A9926351F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {4092254E-5A6B-4262-8A0A-4F56FF3483D0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)Task: {46F6771C-753F-4D2F-BAC0-B2469F3F83C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)Task: {61F3420C-9AEC-45F7-944B-8F860A389447} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2204402082-798408575-2457952216-1000Core => C:\Users\Osiris\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)Task: {8D7B3E0F-2D9A-46FA-BAF4-6FF0AD4EE893} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)Task: {BB6619AD-5050-4C9C-A0AC-8EBF67A33BD4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2204402082-798408575-2457952216-1000UA => C:\Users\Osiris\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)Task: {CE7FE003-2FE2-444E-841C-9DDA2A3079B1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)Task: {FC7B21F6-279D-43EB-9FB2-7EBE8B84BF0B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204402082-798408575-2457952216-1000Core.job => C:\Users\Osiris\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2204402082-798408575-2457952216-1000UA.job => C:\Users\Osiris\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-17 02:55 - 2014-10-17 02:55 - 00216576 _____ () C:\Program Files (x86)\Windows NT\Accessories\bootmanager\bootmanager.exe2012-07-24 10:43 - 2012-07-24 10:43 - 00146984 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe2012-07-24 10:43 - 2012-07-24 10:43 - 00058920 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll2014-04-30 23:06 - 2014-04-30 23:06 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2014-10-21 03:57 - 2014-09-09 10:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2014-06-20 14:00 - 2013-01-26 17:52 - 00623616 _____ () D:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe2014-05-06 08:47 - 2010-10-05 14:45 - 00172712 _____ () D:\Program Files (x86)\X-Win32 2010\esd.exe2014-05-06 08:47 - 2010-10-05 14:45 - 00045736 _____ () D:\Program Files (x86)\X-Win32 2010\elpd.exe2014-05-06 08:47 - 2010-10-05 14:45 - 00602792 _____ () D:\Program Files (x86)\X-Win32 2010\ime.exe2014-10-17 02:55 - 2014-10-17 02:55 - 00425984 _____ () C:\Program Files (x86)\Windows Mail\mailagent\mailagent.exe2014-05-02 15:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-12-12 18:36 - 2013-12-12 18:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll2014-10-21 03:57 - 2014-09-09 09:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll2014-08-13 10:09 - 2014-08-13 10:09 - 00035328 _____ () D:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll2014-05-24 12:41 - 2014-05-24 12:41 - 00091648 _____ () D:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll2014-05-24 12:41 - 2014-05-24 12:41 - 00892416 _____ () D:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll2014-10-20 12:12 - 2014-10-20 12:12 - 00043008 _____ () c:\users\osiris\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpn_wxep.dll2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Osiris\AppData\Roaming\Dropbox\bin\libcef.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00059904 _____ () D:\Program Files (x86)\Trillian\zlib1.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00187392 _____ () D:\Program Files (x86)\Trillian\libpng15.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00006656 _____ () d:\program files (x86)\trillian\languages\en\trillian.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00065536 _____ () D:\Program Files (x86)\Trillian\libungif.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00003584 _____ () d:\program files (x86)\trillian\languages\en\toolkit.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00006656 _____ () d:\program files (x86)\trillian\languages\en\events.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00010752 _____ () d:\program files (x86)\trillian\languages\en\buddy.dll2013-10-21 00:00 - 2013-10-21 00:00 - 00007168 _____ () d:\program files (x86)\trillian\languages\en\talk.dll2014-09-28 10:04 - 2014-09-28 10:04 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\27372090b75ca919048606aad2206bf4\IsdiInterop.ni.dll2014-04-30 14:32 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2014-04-30 14:18 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2014-05-06 08:47 - 2009-10-06 16:52 - 02076672 _____ () D:\Program Files (x86)\X-Win32 2010\QtCore4.dll2014-05-06 08:47 - 2009-09-29 05:46 - 07745536 _____ () D:\Program Files (x86)\X-Win32 2010\QtGui4.dll2014-05-06 08:47 - 2009-09-29 05:32 - 00921600 _____ () D:\Program Files (x86)\X-Win32 2010\QtNetwork4.dll2014-05-06 08:47 - 2009-09-29 05:31 - 00364544 _____ () D:\Program Files (x86)\X-Win32 2010\QtXml4.dll2014-10-07 20:09 - 2014-10-07 20:09 - 26065408 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libcef.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00739840 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libGLESv2.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00905216 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\platforms\qwindows.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00130048 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\libEGL.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qgif.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00020992 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qico.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00205312 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qjpeg.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00225792 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qmng.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00312832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\imageformats\qtiff.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick.2\qtquick2plugin.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00054272 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQuick\Layouts\qquicklayoutsplugin.dll2014-10-07 20:09 - 2014-10-07 20:09 - 00010240 _____ () C:\Program Files (x86)\Battle.net\Battle.net.5134\qml\QtQml\Models.2\modelsplugin.dll2014-10-15 12:37 - 2014-10-09 22:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll2014-10-15 12:37 - 2014-10-09 22:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll2014-10-15 12:37 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll2014-10-15 12:37 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2204402082-798408575-2457952216-500 - Administrator - Disabled)Guest (S-1-5-21-2204402082-798408575-2457952216-501 - Limited - Disabled)Osiris (S-1-5-21-2204402082-798408575-2457952216-1000 - Administrator - Enabled) => C:\Users\Osiris ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/21/2014 07:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 980 Start Time: 01cfed4874481c19 Termination Time: 6 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: Error: (10/20/2014 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mailagent.exe, version: 0.0.0.0, time stamp: 0x5440bd6cFaulting module name: mailagent.exe, version: 0.0.0.0, time stamp: 0x5440bd6cException code: 0xc0000417Fault offset: 0x00036501Faulting process id: 0x790Faulting application start time: 0xmailagent.exe0Faulting application path: mailagent.exe1Faulting module path: mailagent.exe2Report Id: mailagent.exe3 Error: (10/20/2014 00:16:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (10/20/2014 00:16:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (10/20/2014 00:00:20 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a30 Start Time: 01cfec7e6ba6168c Termination Time: 3 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: Error: (10/20/2014 09:15:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (10/20/2014 09:15:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (10/20/2014 08:57:05 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 18a0 Start Time: 01cfec65375092fd Termination Time: 8 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: Error: (10/19/2014 00:00:04 AM) (Source: Windows Backup) (EventID: 4103) (User: )Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). Error: (10/12/2014 00:00:03 AM) (Source: Windows Backup) (EventID: 4103) (User: )Description: The backup did not complete because of an error writing to the backup location I:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006). System errors:=============Error: (10/20/2014 02:51:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )Description: The MailAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. Error: (10/20/2014 00:12:49 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (09/28/2014 09:38:19 AM) (Source: volsnap) (EventID: 29) (User: )Description: The shadow copies of volume I: were aborted during detection. Error: (09/27/2014 11:42:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (09/27/2014 11:42:10 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (09/27/2014 10:44:12 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 9:28:40 PM on ‎9/‎27/‎2014 was unexpected. Error: (09/27/2014 09:27:43 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 9:26:25 PM on ‎9/‎27/‎2014 was unexpected. Error: (09/25/2014 10:08:43 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 10:04:34 AM on ‎9/‎25/‎2014 was unexpected. Error: (09/07/2014 02:26:11 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 70. The internal error state is 105. Error: (09/02/2014 06:02:54 PM) (Source: Disk) (EventID: 11) (User: )Description: The driver detected a controller error on \Device\Harddisk4\DR7. Microsoft Office Sessions:=========================Error: (10/21/2014 07:26:43 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: IEXPLORE.EXE11.0.9600.1728098001cfed4874481c196C:\Program Files\Internet Explorer\IEXPLORE.EXE Error: (10/20/2014 02:51:26 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mailagent.exe0.0.0.05440bd6cmailagent.exe0.0.0.05440bd6cc00004170003650179001cfec80957feeafC:\Program Files (x86)\Windows Mail\mailagent\mailagent.exeC:\Program Files (x86)\Windows Mail\mailagent\mailagent.exe17feaf1d-588a-11e4-92da-00059a3c7a00 Error: (10/20/2014 00:16:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (10/20/2014 00:16:11 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (10/20/2014 00:00:20 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: IEXPLORE.EXE11.0.9600.17280a3001cfec7e6ba6168c3C:\Program Files\Internet Explorer\IEXPLORE.EXE Error: (10/20/2014 09:15:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)Description: WmiApRplWmiApRpl8F20300004D070000 Error: (10/20/2014 09:15:28 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)Description: Performance1637070000000000000000000009030000 Error: (10/20/2014 08:57:05 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: IEXPLORE.EXE11.0.9600.1728018a001cfec65375092fd8C:\Program Files\Internet Explorer\IEXPLORE.EXE Error: (10/19/2014 00:00:04 AM) (Source: Windows Backup) (EventID: 4103) (User: )Description: I:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) Error: (10/12/2014 00:00:03 AM) (Source: Windows Backup) (EventID: 4103) (User: )Description: I:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006) ==================== Memory info =========================== Processor: Intel® Core i5-3570K CPU @ 3.40GHzPercentage of memory in use: 35%Total physical RAM: 8130.21 MBAvailable physical RAM: 5235.19 MBTotal Pagefile: 16258.61 MBAvailable Pagefile: 13129.5 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows SSD) (Fixed) (Total:111.69 GB) (Free:33.67 GB) NTFSDrive d: (Programs) (Fixed) (Total:298.08 GB) (Free:154.55 GB) NTFSDrive e: (Downloads) (Fixed) (Total:74.55 GB) (Free:37.79 GB) NTFSDrive f: (Windows HDD & Documents) (Fixed) (Total:74.53 GB) (Free:45.57 GB) NTFSDrive g: (Lightroom 3) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 16DF21D3)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 88984526)Partition 2: (Active) - (Size=298.1 GB) - (Type=OF Extended) ========================================================Disk: 2 (MBR Code: Windows XP) (Size: 74.6 GB) (Disk ID: 3F103F0F)Partition 1: (Not Active) - (Size=74.6 GB) - (Type=07 NTFS) ========================================================Disk: 3 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 8EA88EA8)Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================
- October 21, 2014
- 6 replies

Sign In

Osiris1975

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Osiris1975

Malware not removed

Malware not removed

Malware not removed

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information