HITAKU
Posts: 18 +0
FSRT addtion.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by olive at 2015-01-04 23:20:42
Running from C:\Users\olive\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5390 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG PC Tuneup (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Bloons TD 5 Deluxe version 1.13 (HKLM\...\Bloons TD 5 Deluxe_is1) (Version: 1.13 - )
CDisplayEx 1.9.13 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)
Chatango Message Catcher (HKLM\...\Chatango) (Version: - )
Combined Community Codec Pack 2013-05-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2013.05.30.0 - CCCP Project)
Command & Conquer 3 (HKLM\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
CX4300_5500_DX4400 manual (HKLM\...\CX4300_5500_DX4400 manual) (Version: - )
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
Diablo II (HKLM\...\Diablo II) (Version: - )
Dropbox (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Garena - League of Legends (HKLM\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Globe Broadband (HKLM\...\Globe Broadband) (Version: 11.300.05.06.158 - Huawei Technologies Co.,Ltd)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Kingo ROOT version 1.2.9.2183 (HKLM\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.9.2183 - Kingosoft Technology Ltd.)
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft1.5.2 (HKLM\...\Minecraft1.5.2) (Version: - )
Mobily Connect Card (HKLM\...\Mobily Connect Card) (Version: 11.300.05.07.82 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PPSSPP version 0.9.8 (HKLM\...\PPSSPP_is1) (Version: 0.9.8 - )
PSPVC :: PSP Video Converter v3.91 (HKLM\...\PSPVC) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 5.1.38.0 - Razer Inc.)
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sun Broadband Wireless (HKLM\...\Wave Sun Broadband Wireless_is1) (Version: - Sun_Philippines)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (remove only) (HKLM\...\Synthesia) (Version: - )
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
TypingMaster Pro (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Unity Web Player (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Xnxx Video Downloader 3.14 (HKLM\...\Xnxx Video Downloader_is1) (Version: - DownloadToolz, Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YGOPro (HKLM\...\YGOPro) (Version: 1.033.4 - Gruntmods Studios)
YTD Video Downloader 4.8.8 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.8 - GreenTree Applications SRL) <==== ATTENTION
ZTE Connection Manager (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\olive\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\olive\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\olive\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\olive\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\olive\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
04-01-2015 20:20:15 Removed Dawn of War - Soulstorm
04-01-2015 22:03:23 restor point after cleaning
04-01-2015 22:46:29 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:04 - 2015-01-01 22:38 - 00001506 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
107.181.187.25 www.google-analytics.com.
107.181.187.25 google-analytics.com.
107.181.187.25 connect.facebook.net.
146.0.75.12 www.google-analytics.com.
146.0.75.12 google-analytics.com.
146.0.75.12 connect.facebook.net.
195.162.69.252 www.google-analytics.com.
195.162.69.252 google-analytics.com.
195.162.69.252 connect.facebook.net.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B8F94AB-ED47-4CE7-99AF-B5149869E0F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {133E28E3-C5F7-410B-A5BD-15E2D5356880} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {14AB2200-CF87-454C-96E0-A7C3719E736C} - System32\Tasks\{77741E38-1F68-412C-8F49-ECBCCEF72DF2} => E:\Razor1911\The_Sims_3_Keygen.exe
Task: {17A737B7-89D7-4E0F-8871-B32A30276055} - System32\Tasks\{4E055C94-9F0F-49F2-BF21-E4CF18C35E2F} => pcalua.exe -a C:\Users\olive\Desktop\games\rulessetup0933.exe -d C:\Users\olive\Desktop\games
Task: {2C1F9CEF-2F4F-4EB4-93B4-C7EFE25C8DC9} - System32\Tasks\{DFADD1AF-C23C-4C69-83BF-9D8A399DC4B3} => E:\Razor1911\The_Sims_3_Keygen.exe
Task: {466401D4-56FC-47EF-8051-4252453ED6B3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-29] (Facebook Inc.)
Task: {4B24B83A-DE02-47D1-B687-D059008EF09F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-29] (Facebook Inc.)
Task: {6307A82D-C66C-4E42-9BF1-26536013807D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2001-01-01] (Google Inc.)
Task: {6C46BC62-04E1-47D8-AE86-95C807470114} - System32\Tasks\{F62A3D01-010D-4AA5-99FA-3F8F1FF8B4CD} => pcalua.exe -a "C:\Users\olive\Desktop\New folder\McAFee_TechCheck.exe" -d "C:\Users\olive\Desktop\New folder"
Task: {7667BFF6-5BFC-4AE9-9855-7FD3756F94EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {77F44CC3-67F9-49D1-9B94-8D90F1830034} - System32\Tasks\{74C84DF2-1482-4BA1-A13E-8773B3EF1E37} => C:\Program Files\Activision\Call of Duty 2\CoD2SP_s.exe
Task: {7E6477FA-AA0A-4E7A-97F9-47145D1434CA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {8F629D75-8DC6-43D4-BCEA-C76DF22737B5} - \LuckyTab No Task File <==== ATTENTION
Task: {90321A72-78C2-4E21-A31B-47637CC6FB62} - System32\Tasks\{59CB9FF6-268D-4343-B90C-04E47C073099} => pcalua.exe -a C:\Users\olive\AppData\Local\Temp\is1218200230\fciv_installer.exe -d C:\Users\olive\Downloads -c /Q /T:"C:\Users\olive\AppData\Local\Temp\is1218200230\"
Task: {93D2323B-4C5B-4626-9F1D-F45B77021EDE} - System32\Tasks\{8390B176-6B61-4DFA-89B8-60D7724AAD4A} => pcalua.exe -a "C:\Users\olive\Desktop\games\Command & Conquer 3\ComradeSetup1.1.4.143_cc3.exe" -d "C:\Users\olive\Desktop\games\Command & Conquer 3"
Task: {9CB774FE-E0C9-4B25-9A7F-4925E1562CB0} - System32\Tasks\{B73BB167-CB87-4D85-AE4F-2F305DCCDE22} => E:\TiNYiSO\AlienShooter.exe
Task: {9D9B7D19-91D8-450F-A8A2-AE46BC14CD3B} - System32\Tasks\{EA296440-4B11-4BC7-B1EC-E1D93C76FE7D} => pcalua.exe -a E:\IMATION\CuteWriter\converter.exe -d E:\IMATION\CuteWriter
Task: {AF00C888-A797-49CF-8B44-405CB06B5873} - System32\Tasks\gg_uac_daemon_olive => C:\Program Files\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {B1D9150E-6F06-4958-B275-A0D14427804D} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On olive Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {BE18C563-F4EF-4D1F-B005-F62195B88B55} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {C343AA83-5684-400C-90F3-C4474832B62F} - System32\Tasks\{7F428642-9A01-4771-8AF2-607A419AE16D} => pcalua.exe -a F:\hadith\unins000.exe -d F:\hadith
Task: {E94215E8-E069-4AEE-80CA-5726F3CD67ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2001-01-01] (Google Inc.)
Task: {EA14D3F5-7B88-4147-83E9-E5253F0DA053} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {EC1B9852-33BB-47ED-A4E7-9A7A93981AD2} - System32\Tasks\gg_uac_daemon_Administrator => C:\Program Files\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {F56FE420-72BC-4FD2-8FC0-4DF844E1DF39} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core.job => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA.job => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core.job => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA.job => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-05-03 01:29 - 2007-07-13 13:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2012-05-03 01:27 - 2007-09-21 09:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2012-08-15 18:01 - 2011-11-03 21:21 - 00350024 _____ () C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
2012-08-15 18:01 - 2011-11-03 21:21 - 00184136 _____ () C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
2012-08-15 18:01 - 2011-11-03 21:21 - 00050504 _____ () C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
2014-04-03 16:33 - 2014-04-03 16:33 - 00049456 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2014-04-03 16:33 - 2014-04-03 16:33 - 00553776 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2013-03-06 07:21 - 2013-03-06 07:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-06-16 19:56 - 2010-07-23 11:24 - 00252784 _____ () C:\Program Files\ZTE Connection Manager\AssistantServices.exe
2014-11-01 06:27 - 2014-11-01 06:27 - 00183488 _____ () C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
2014-04-03 16:33 - 2014-10-27 15:22 - 09974576 _____ () C:\Program Files\Garena Plus\GarenaMessenger.exe
2014-04-03 16:33 - 2014-04-03 16:33 - 00104752 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00033584 _____ () C:\Program Files\Garena Plus\DibModule.dll
2014-04-03 16:33 - 2014-12-30 11:30 - 00034960 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00051504 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00087344 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00487216 _____ () C:\Program Files\Garena Plus\CxImage.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00025392 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00170800 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00374064 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00184624 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2014-04-03 16:33 - 2014-04-03 16:33 - 00219952 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00106288 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00958256 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00055088 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00224560 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2014-04-03 16:33 - 2014-11-20 15:54 - 00961680 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2014-04-03 16:33 - 2014-06-11 21:45 - 00192816 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00155440 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 02941232 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00065840 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00016688 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 01545520 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00956208 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00245040 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00026416 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00516912 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00068400 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-14 07:38 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\olive\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sun_Philippines Wave Modem Device Helper => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warcraft Config.lnk => C:\Windows\pss\Warcraft Config.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: ATNworks => C:\Windows\System32\regsvr32.exe C:\Users\olive\AppData\Local\Awrdworks\jgmd400.dll
MSCONFIG\startupreg: Awrdworks => C:\Users\olive\AppData\Local\Awrdworks\tmpFB8F.exe
MSCONFIG\startupreg: BigDog303 => C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
MSCONFIG\startupreg: EPSON Stylus CX5500 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\Windows\TEMP\E_S2FC7.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Okivul => C:\Users\olive\AppData\Roaming\Aksolai\ogmyafq.exe
MSCONFIG\startupreg: Owpics => regsvr32.exe C:\Users\olive\AppData\Local\Owpics\PIM.dll
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RazerCortex => C:\Program Files\Razer\Razer Cortex\RazerCortex.exe -autorun
MSCONFIG\startupreg: SearchProtection => "C:\Users\olive\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sun_Philippines Wave ModemListener => C:\Program Files\Sun Broadband Wireless\BackgroundService\ModemListener.exe start
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UIExec => "C:\Program Files\ZTE Connection Manager\UIExec.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Zauzrimaop => C:\Users\olive\AppData\Roaming\Oqtaovi\ebisr.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2864508046-1840752021-4048113893-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2864508046-1840752021-4048113893-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2864508046-1840752021-4048113893-1002 - Limited - Enabled)
olive (S-1-5-21-2864508046-1840752021-4048113893-1000 - Administrator - Enabled) => C:\Users\olive
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2015 10:46:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0ee2d9fb-a735-4abb-ad20-0c8d1a86c0b7}
Error: (01/04/2015 08:20:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {46c590d8-b630-4a49-aa54-a06f8f35f3dd}
Error: (01/04/2015 07:27:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ggdllhost.exe, version: 1.0.0.1, time stamp: 0x5215da4d
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x000555fe
Faulting process id: 0x1a58
Faulting application start time: 0xggdllhost.exe0
Faulting application path: ggdllhost.exe1
Faulting module path: ggdllhost.exe2
Report Id: ggdllhost.exe3
Error: (01/04/2015 01:01:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/04/2015 01:01:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/02/2015 11:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarenaMessenger.exe, version: 1.2.45.1, time stamp: 0x544a29b0
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x00028c72
Faulting process id: 0xe6c
Faulting application start time: 0xGarenaMessenger.exe0
Faulting application path: GarenaMessenger.exe1
Faulting module path: GarenaMessenger.exe2
Report Id: GarenaMessenger.exe3
Error: (01/01/2015 00:41:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc60d
Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdade
Exception code: 0xc0020043
Fault offset: 0x00060c93
Faulting process id: 0x66c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (01/04/2015 11:05:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/04/2015 11:02:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:18 PM on 1/4/2015 was unexpected.
Error: (01/04/2015 08:39:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2015 08:36:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.5 service failed to start due to the following error:
%%2
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
%%1190
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:
%%1190
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
Error: (01/04/2015 08:16:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.5 service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
Percentage of memory in use: 53%
Total physical RAM: 3062.02 MB
Available physical RAM: 1434.35 MB
Total Pagefile: 6122.32 MB
Available Pagefile: 4130.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:7.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 38033802)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by olive at 2015-01-04 23:20:42
Running from C:\Users\olive\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5390 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG PC Tuneup (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Bloons TD 5 Deluxe version 1.13 (HKLM\...\Bloons TD 5 Deluxe_is1) (Version: 1.13 - )
CDisplayEx 1.9.13 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)
Chatango Message Catcher (HKLM\...\Chatango) (Version: - )
Combined Community Codec Pack 2013-05-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2013.05.30.0 - CCCP Project)
Command & Conquer 3 (HKLM\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
CX4300_5500_DX4400 manual (HKLM\...\CX4300_5500_DX4400 manual) (Version: - )
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
Diablo II (HKLM\...\Diablo II) (Version: - )
Dropbox (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Garena - League of Legends (HKLM\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Globe Broadband (HKLM\...\Globe Broadband) (Version: 11.300.05.06.158 - Huawei Technologies Co.,Ltd)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Kingo ROOT version 1.2.9.2183 (HKLM\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.9.2183 - Kingosoft Technology Ltd.)
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft1.5.2 (HKLM\...\Minecraft1.5.2) (Version: - )
Mobily Connect Card (HKLM\...\Mobily Connect Card) (Version: 11.300.05.07.82 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PPSSPP version 0.9.8 (HKLM\...\PPSSPP_is1) (Version: 0.9.8 - )
PSPVC :: PSP Video Converter v3.91 (HKLM\...\PSPVC) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 5.1.38.0 - Razer Inc.)
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sun Broadband Wireless (HKLM\...\Wave Sun Broadband Wireless_is1) (Version: - Sun_Philippines)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (remove only) (HKLM\...\Synthesia) (Version: - )
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
TypingMaster Pro (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Unity Web Player (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Xnxx Video Downloader 3.14 (HKLM\...\Xnxx Video Downloader_is1) (Version: - DownloadToolz, Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YGOPro (HKLM\...\YGOPro) (Version: 1.033.4 - Gruntmods Studios)
YTD Video Downloader 4.8.8 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.8 - GreenTree Applications SRL) <==== ATTENTION
ZTE Connection Manager (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\olive\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\olive\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\olive\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\olive\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\olive\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
==================== Restore Points =========================
04-01-2015 20:20:15 Removed Dawn of War - Soulstorm
04-01-2015 22:03:23 restor point after cleaning
04-01-2015 22:46:29 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:04 - 2015-01-01 22:38 - 00001506 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
107.181.187.25 www.google-analytics.com.
107.181.187.25 google-analytics.com.
107.181.187.25 connect.facebook.net.
146.0.75.12 www.google-analytics.com.
146.0.75.12 google-analytics.com.
146.0.75.12 connect.facebook.net.
195.162.69.252 www.google-analytics.com.
195.162.69.252 google-analytics.com.
195.162.69.252 connect.facebook.net.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B8F94AB-ED47-4CE7-99AF-B5149869E0F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {133E28E3-C5F7-410B-A5BD-15E2D5356880} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {14AB2200-CF87-454C-96E0-A7C3719E736C} - System32\Tasks\{77741E38-1F68-412C-8F49-ECBCCEF72DF2} => E:\Razor1911\The_Sims_3_Keygen.exe
Task: {17A737B7-89D7-4E0F-8871-B32A30276055} - System32\Tasks\{4E055C94-9F0F-49F2-BF21-E4CF18C35E2F} => pcalua.exe -a C:\Users\olive\Desktop\games\rulessetup0933.exe -d C:\Users\olive\Desktop\games
Task: {2C1F9CEF-2F4F-4EB4-93B4-C7EFE25C8DC9} - System32\Tasks\{DFADD1AF-C23C-4C69-83BF-9D8A399DC4B3} => E:\Razor1911\The_Sims_3_Keygen.exe
Task: {466401D4-56FC-47EF-8051-4252453ED6B3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-29] (Facebook Inc.)
Task: {4B24B83A-DE02-47D1-B687-D059008EF09F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-29] (Facebook Inc.)
Task: {6307A82D-C66C-4E42-9BF1-26536013807D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2001-01-01] (Google Inc.)
Task: {6C46BC62-04E1-47D8-AE86-95C807470114} - System32\Tasks\{F62A3D01-010D-4AA5-99FA-3F8F1FF8B4CD} => pcalua.exe -a "C:\Users\olive\Desktop\New folder\McAFee_TechCheck.exe" -d "C:\Users\olive\Desktop\New folder"
Task: {7667BFF6-5BFC-4AE9-9855-7FD3756F94EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {77F44CC3-67F9-49D1-9B94-8D90F1830034} - System32\Tasks\{74C84DF2-1482-4BA1-A13E-8773B3EF1E37} => C:\Program Files\Activision\Call of Duty 2\CoD2SP_s.exe
Task: {7E6477FA-AA0A-4E7A-97F9-47145D1434CA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {8F629D75-8DC6-43D4-BCEA-C76DF22737B5} - \LuckyTab No Task File <==== ATTENTION
Task: {90321A72-78C2-4E21-A31B-47637CC6FB62} - System32\Tasks\{59CB9FF6-268D-4343-B90C-04E47C073099} => pcalua.exe -a C:\Users\olive\AppData\Local\Temp\is1218200230\fciv_installer.exe -d C:\Users\olive\Downloads -c /Q /T:"C:\Users\olive\AppData\Local\Temp\is1218200230\"
Task: {93D2323B-4C5B-4626-9F1D-F45B77021EDE} - System32\Tasks\{8390B176-6B61-4DFA-89B8-60D7724AAD4A} => pcalua.exe -a "C:\Users\olive\Desktop\games\Command & Conquer 3\ComradeSetup1.1.4.143_cc3.exe" -d "C:\Users\olive\Desktop\games\Command & Conquer 3"
Task: {9CB774FE-E0C9-4B25-9A7F-4925E1562CB0} - System32\Tasks\{B73BB167-CB87-4D85-AE4F-2F305DCCDE22} => E:\TiNYiSO\AlienShooter.exe
Task: {9D9B7D19-91D8-450F-A8A2-AE46BC14CD3B} - System32\Tasks\{EA296440-4B11-4BC7-B1EC-E1D93C76FE7D} => pcalua.exe -a E:\IMATION\CuteWriter\converter.exe -d E:\IMATION\CuteWriter
Task: {AF00C888-A797-49CF-8B44-405CB06B5873} - System32\Tasks\gg_uac_daemon_olive => C:\Program Files\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {B1D9150E-6F06-4958-B275-A0D14427804D} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On olive Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {BE18C563-F4EF-4D1F-B005-F62195B88B55} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {C343AA83-5684-400C-90F3-C4474832B62F} - System32\Tasks\{7F428642-9A01-4771-8AF2-607A419AE16D} => pcalua.exe -a F:\hadith\unins000.exe -d F:\hadith
Task: {E94215E8-E069-4AEE-80CA-5726F3CD67ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2001-01-01] (Google Inc.)
Task: {EA14D3F5-7B88-4147-83E9-E5253F0DA053} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {EC1B9852-33BB-47ED-A4E7-9A7A93981AD2} - System32\Tasks\gg_uac_daemon_Administrator => C:\Program Files\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {F56FE420-72BC-4FD2-8FC0-4DF844E1DF39} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core.job => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA.job => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core.job => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA.job => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-05-03 01:29 - 2007-07-13 13:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2012-05-03 01:27 - 2007-09-21 09:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2012-08-15 18:01 - 2011-11-03 21:21 - 00350024 _____ () C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
2012-08-15 18:01 - 2011-11-03 21:21 - 00184136 _____ () C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
2012-08-15 18:01 - 2011-11-03 21:21 - 00050504 _____ () C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
2014-04-03 16:33 - 2014-04-03 16:33 - 00049456 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2014-04-03 16:33 - 2014-04-03 16:33 - 00553776 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2013-03-06 07:21 - 2013-03-06 07:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-06-16 19:56 - 2010-07-23 11:24 - 00252784 _____ () C:\Program Files\ZTE Connection Manager\AssistantServices.exe
2014-11-01 06:27 - 2014-11-01 06:27 - 00183488 _____ () C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
2014-04-03 16:33 - 2014-10-27 15:22 - 09974576 _____ () C:\Program Files\Garena Plus\GarenaMessenger.exe
2014-04-03 16:33 - 2014-04-03 16:33 - 00104752 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00033584 _____ () C:\Program Files\Garena Plus\DibModule.dll
2014-04-03 16:33 - 2014-12-30 11:30 - 00034960 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00051504 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00087344 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00487216 _____ () C:\Program Files\Garena Plus\CxImage.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00025392 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00170800 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00374064 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00184624 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2014-04-03 16:33 - 2014-04-03 16:33 - 00219952 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00106288 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00958256 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00055088 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00224560 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2014-04-03 16:33 - 2014-11-20 15:54 - 00961680 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2014-04-03 16:33 - 2014-06-11 21:45 - 00192816 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00155440 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 02941232 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00065840 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00016688 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 01545520 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00956208 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00245040 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00026416 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00516912 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00068400 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-14 07:38 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\olive\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sun_Philippines Wave Modem Device Helper => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warcraft Config.lnk => C:\Windows\pss\Warcraft Config.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: ATNworks => C:\Windows\System32\regsvr32.exe C:\Users\olive\AppData\Local\Awrdworks\jgmd400.dll
MSCONFIG\startupreg: Awrdworks => C:\Users\olive\AppData\Local\Awrdworks\tmpFB8F.exe
MSCONFIG\startupreg: BigDog303 => C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
MSCONFIG\startupreg: EPSON Stylus CX5500 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\Windows\TEMP\E_S2FC7.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Okivul => C:\Users\olive\AppData\Roaming\Aksolai\ogmyafq.exe
MSCONFIG\startupreg: Owpics => regsvr32.exe C:\Users\olive\AppData\Local\Owpics\PIM.dll
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RazerCortex => C:\Program Files\Razer\Razer Cortex\RazerCortex.exe -autorun
MSCONFIG\startupreg: SearchProtection => "C:\Users\olive\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sun_Philippines Wave ModemListener => C:\Program Files\Sun Broadband Wireless\BackgroundService\ModemListener.exe start
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UIExec => "C:\Program Files\ZTE Connection Manager\UIExec.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Zauzrimaop => C:\Users\olive\AppData\Roaming\Oqtaovi\ebisr.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-2864508046-1840752021-4048113893-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2864508046-1840752021-4048113893-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2864508046-1840752021-4048113893-1002 - Limited - Enabled)
olive (S-1-5-21-2864508046-1840752021-4048113893-1000 - Administrator - Enabled) => C:\Users\olive
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/04/2015 10:46:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0ee2d9fb-a735-4abb-ad20-0c8d1a86c0b7}
Error: (01/04/2015 08:20:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {46c590d8-b630-4a49-aa54-a06f8f35f3dd}
Error: (01/04/2015 07:27:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ggdllhost.exe, version: 1.0.0.1, time stamp: 0x5215da4d
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x000555fe
Faulting process id: 0x1a58
Faulting application start time: 0xggdllhost.exe0
Faulting application path: ggdllhost.exe1
Faulting module path: ggdllhost.exe2
Report Id: ggdllhost.exe3
Error: (01/04/2015 01:01:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/04/2015 01:01:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (01/02/2015 11:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarenaMessenger.exe, version: 1.2.45.1, time stamp: 0x544a29b0
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x00028c72
Faulting process id: 0xe6c
Faulting application start time: 0xGarenaMessenger.exe0
Faulting application path: GarenaMessenger.exe1
Faulting module path: GarenaMessenger.exe2
Report Id: GarenaMessenger.exe3
Error: (01/01/2015 00:41:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc60d
Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdade
Exception code: 0xc0020043
Fault offset: 0x00060c93
Faulting process id: 0x66c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
System errors:
=============
Error: (01/04/2015 11:05:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/04/2015 11:02:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:18 PM on 1/4/2015 was unexpected.
Error: (01/04/2015 08:39:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s).
Error: (01/04/2015 08:36:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.5 service failed to start due to the following error:
%%2
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
%%1190
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:
%%1190
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
Error: (01/04/2015 08:16:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.5 service failed to start due to the following error:
%%2
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
Percentage of memory in use: 53%
Total physical RAM: 3062.02 MB
Available physical RAM: 1434.35 MB
Total Pagefile: 6122.32 MB
Available Pagefile: 4130.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.39 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:7.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 38033802)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================