Inactive-A Need help.

Status
Not open for further replies.
FSRT addtion.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-01-2015 03
Ran by olive at 2015-01-04 23:20:42
Running from C:\Users\olive\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5390 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4257 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG PC Tuneup (HKLM\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)
Bloons TD 5 Deluxe version 1.13 (HKLM\...\Bloons TD 5 Deluxe_is1) (Version: 1.13 - )
CDisplayEx 1.9.13 (HKLM\...\CDisplayEx_is1) (Version: - cdisplayex.com)
Chatango Message Catcher (HKLM\...\Chatango) (Version: - )
Combined Community Codec Pack 2013-05-30 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2013.05.30.0 - CCCP Project)
Command & Conquer 3 (HKLM\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Electronic Arts Inc.)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - )
CX4300_5500_DX4400 manual (HKLM\...\CX4300_5500_DX4400 manual) (Version: - )
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM\...\Dev-C++) (Version: - )
Diablo II (HKLM\...\Diablo II) (Version: - )
Dropbox (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Garena - League of Legends (HKLM\...\LoLPH) (Version: - Garena Online Pte Ltd.)
Globe Broadband (HKLM\...\Globe Broadband) (Version: 11.300.05.06.158 - Huawei Technologies Co.,Ltd)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Kingo ROOT version 1.2.9.2183 (HKLM\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.2.9.2183 - Kingosoft Technology Ltd.)
LIVE gaming on Windows Runtime Version 1.0.6027 (HKLM\...\{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}) (Version: 1.0.6027 - Microsoft Corporation)
MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.10411.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft1.5.2 (HKLM\...\Minecraft1.5.2) (Version: - )
Mobily Connect Card (HKLM\...\Mobily Connect Card) (Version: 11.300.05.07.82 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PPSSPP version 0.9.8 (HKLM\...\PPSSPP_is1) (Version: 0.9.8 - )
PSPVC :: PSP Video Converter v3.91 (HKLM\...\PSPVC) (Version: - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Cortex (HKLM\...\Razer Cortex_is1) (Version: 5.1.38.0 - Razer Inc.)
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
StarCraft II (HKLM\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sun Broadband Wireless (HKLM\...\Wave Sun Broadband Wireless_is1) (Version: - Sun_Philippines)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (remove only) (HKLM\...\Synthesia) (Version: - )
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - )
TypingMaster Pro (HKLM\...\{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1) (Version: 7.00 - TypingMaster Inc)
Unity Web Player (HKU\S-1-5-21-2864508046-1840752021-4048113893-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Warcraft III Reign of Chaos & The Frozen Throne (HKLM\...\Warcraft III Reign of Chaos & The Frozen Throne) (Version: - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
Xnxx Video Downloader 3.14 (HKLM\...\Xnxx Video Downloader_is1) (Version: - DownloadToolz, Inc.)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version: - Yahoo! Inc.)
YGOPro (HKLM\...\YGOPro) (Version: 1.033.4 - Gruntmods Studios)
YTD Video Downloader 4.8.8 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.8 - GreenTree Applications SRL) <==== ATTENTION
ZTE Connection Manager (HKLM\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\olive\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\olive\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\olive\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\olive\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe No (the data entry has 4 more characters).
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\olive\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\olive\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2864508046-1840752021-4048113893-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\olive\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

04-01-2015 20:20:15 Removed Dawn of War - Soulstorm
04-01-2015 22:03:23 restor point after cleaning
04-01-2015 22:46:29 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2015-01-01 22:38 - 00001506 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
107.181.187.25 www.google-analytics.com.
107.181.187.25 google-analytics.com.
107.181.187.25 connect.facebook.net.
146.0.75.12 www.google-analytics.com.
146.0.75.12 google-analytics.com.
146.0.75.12 connect.facebook.net.
195.162.69.252 www.google-analytics.com.
195.162.69.252 google-analytics.com.
195.162.69.252 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B8F94AB-ED47-4CE7-99AF-B5149869E0F8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {133E28E3-C5F7-410B-A5BD-15E2D5356880} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {14AB2200-CF87-454C-96E0-A7C3719E736C} - System32\Tasks\{77741E38-1F68-412C-8F49-ECBCCEF72DF2} => E:\Razor1911\The_Sims_3_Keygen.exe
Task: {17A737B7-89D7-4E0F-8871-B32A30276055} - System32\Tasks\{4E055C94-9F0F-49F2-BF21-E4CF18C35E2F} => pcalua.exe -a C:\Users\olive\Desktop\games\rulessetup0933.exe -d C:\Users\olive\Desktop\games
Task: {2C1F9CEF-2F4F-4EB4-93B4-C7EFE25C8DC9} - System32\Tasks\{DFADD1AF-C23C-4C69-83BF-9D8A399DC4B3} => E:\Razor1911\The_Sims_3_Keygen.exe
Task: {466401D4-56FC-47EF-8051-4252453ED6B3} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-29] (Facebook Inc.)
Task: {4B24B83A-DE02-47D1-B687-D059008EF09F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-29] (Facebook Inc.)
Task: {6307A82D-C66C-4E42-9BF1-26536013807D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2001-01-01] (Google Inc.)
Task: {6C46BC62-04E1-47D8-AE86-95C807470114} - System32\Tasks\{F62A3D01-010D-4AA5-99FA-3F8F1FF8B4CD} => pcalua.exe -a "C:\Users\olive\Desktop\New folder\McAFee_TechCheck.exe" -d "C:\Users\olive\Desktop\New folder"
Task: {7667BFF6-5BFC-4AE9-9855-7FD3756F94EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14] (Google Inc.)
Task: {77F44CC3-67F9-49D1-9B94-8D90F1830034} - System32\Tasks\{74C84DF2-1482-4BA1-A13E-8773B3EF1E37} => C:\Program Files\Activision\Call of Duty 2\CoD2SP_s.exe
Task: {7E6477FA-AA0A-4E7A-97F9-47145D1434CA} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {8F629D75-8DC6-43D4-BCEA-C76DF22737B5} - \LuckyTab No Task File <==== ATTENTION
Task: {90321A72-78C2-4E21-A31B-47637CC6FB62} - System32\Tasks\{59CB9FF6-268D-4343-B90C-04E47C073099} => pcalua.exe -a C:\Users\olive\AppData\Local\Temp\is1218200230\fciv_installer.exe -d C:\Users\olive\Downloads -c /Q /T:"C:\Users\olive\AppData\Local\Temp\is1218200230\"
Task: {93D2323B-4C5B-4626-9F1D-F45B77021EDE} - System32\Tasks\{8390B176-6B61-4DFA-89B8-60D7724AAD4A} => pcalua.exe -a "C:\Users\olive\Desktop\games\Command &amp; Conquer 3\ComradeSetup1.1.4.143_cc3.exe" -d "C:\Users\olive\Desktop\games\Command &amp; Conquer 3"
Task: {9CB774FE-E0C9-4B25-9A7F-4925E1562CB0} - System32\Tasks\{B73BB167-CB87-4D85-AE4F-2F305DCCDE22} => E:\TiNYiSO\AlienShooter.exe
Task: {9D9B7D19-91D8-450F-A8A2-AE46BC14CD3B} - System32\Tasks\{EA296440-4B11-4BC7-B1EC-E1D93C76FE7D} => pcalua.exe -a E:\IMATION\CuteWriter\converter.exe -d E:\IMATION\CuteWriter
Task: {AF00C888-A797-49CF-8B44-405CB06B5873} - System32\Tasks\gg_uac_daemon_olive => C:\Program Files\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {B1D9150E-6F06-4958-B275-A0D14427804D} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On olive Logon => C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)
Task: {BE18C563-F4EF-4D1F-B005-F62195B88B55} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {C343AA83-5684-400C-90F3-C4474832B62F} - System32\Tasks\{7F428642-9A01-4771-8AF2-607A419AE16D} => pcalua.exe -a F:\hadith\unins000.exe -d F:\hadith
Task: {E94215E8-E069-4AEE-80CA-5726F3CD67ED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2001-01-01] (Google Inc.)
Task: {EA14D3F5-7B88-4147-83E9-E5253F0DA053} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {EC1B9852-33BB-47ED-A4E7-9A7A93981AD2} - System32\Tasks\gg_uac_daemon_Administrator => C:\Program Files\Garena Plus\ggdllhost.exe [2014-04-03] ()
Task: {F56FE420-72BC-4FD2-8FC0-4DF844E1DF39} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2864508046-1840752021-4048113893-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core.job => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA.job => C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000Core.job => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864508046-1840752021-4048113893-1000UA.job => C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-03 01:29 - 2007-07-13 13:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2011-03-14 23:27 - 2011-03-14 23:27 - 00271712 _____ () C:\ProgramData\DatacardService\HWDeviceService.exe
2012-05-03 01:27 - 2007-09-21 09:34 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2012-08-15 18:01 - 2011-11-03 21:21 - 00350024 _____ () C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl
2012-08-15 18:01 - 2011-11-03 21:21 - 00184136 _____ () C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl
2012-08-15 18:01 - 2011-11-03 21:21 - 00050504 _____ () C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl
2014-04-03 16:33 - 2014-04-03 16:33 - 00049456 _____ () C:\Program Files\Garena Plus\ggdllhost.exe
2014-04-03 16:33 - 2014-04-03 16:33 - 00553776 _____ () C:\Program Files\Garena Plus\ggspawn.dll
2013-03-06 07:21 - 2013-03-06 07:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-06-16 19:56 - 2010-07-23 11:24 - 00252784 _____ () C:\Program Files\ZTE Connection Manager\AssistantServices.exe
2014-11-01 06:27 - 2014-11-01 06:27 - 00183488 _____ () C:\Program Files\Razer\Razer Services\GSS\GameScannerService.exe
2014-04-03 16:33 - 2014-10-27 15:22 - 09974576 _____ () C:\Program Files\Garena Plus\GarenaMessenger.exe
2014-04-03 16:33 - 2014-04-03 16:33 - 00104752 _____ () C:\Program Files\Garena Plus\CommonLib.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00033584 _____ () C:\Program Files\Garena Plus\DibModule.dll
2014-04-03 16:33 - 2014-12-30 11:30 - 00034960 _____ () C:\Program Files\Garena Plus\VersionModule.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00051504 _____ () C:\Program Files\Garena Plus\FileLoader.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00087344 _____ () C:\Program Files\Garena Plus\PluginKernel.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00487216 _____ () C:\Program Files\Garena Plus\CxImage.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00025392 _____ () C:\Program Files\Garena Plus\PluginModule.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00170800 _____ () C:\Program Files\Garena Plus\lib\fs\YYFileSystem.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00374064 _____ () C:\Program Files\Garena Plus\lib\Http.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00184624 _____ () C:\Program Files\Garena Plus\lib\MP3Module.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00162304 _____ () C:\Program Files\Garena Plus\lame_enc.DLL
2014-04-03 16:33 - 2014-04-03 16:33 - 00219952 _____ () C:\Program Files\Garena Plus\lib\TaskManagerLib.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00106288 _____ () C:\Program Files\Garena Plus\lib\UILayout.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00958256 _____ () C:\Program Files\Garena Plus\lib\XLL.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00055088 _____ () C:\Program Files\Garena Plus\lib\XmlUIModule.dll
2012-02-22 16:52 - 2012-02-22 16:52 - 00573100 _____ () C:\Program Files\Garena Plus\sqlite3.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00224560 _____ () C:\Program Files\Garena Plus\Plugins\StatsPlugin.dll
2014-04-03 16:33 - 2014-11-20 15:54 - 00961680 _____ () C:\Program Files\Garena Plus\Plugins\ggplugin.dll
2014-04-03 16:33 - 2014-06-11 21:45 - 00192816 _____ () C:\Program Files\Garena Plus\ImageModule.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00155440 _____ () C:\Program Files\Garena Plus\libmpg123.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 02941232 _____ () C:\Program Files\Garena Plus\ggdownloader.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00065840 _____ () C:\Program Files\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00016688 _____ () C:\Program Files\Garena Plus\lib\delay_load\ClientTcp.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 01545520 _____ () C:\Program Files\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 13:42 - 2013-02-01 13:42 - 00153088 _____ () C:\Program Files\Garena Plus\libzmq.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00956208 _____ () C:\Program Files\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00245040 _____ () C:\Program Files\Garena Plus\lib\delay_load\MediaEngine.dll
2014-04-03 16:33 - 2014-04-03 16:33 - 00026416 _____ () C:\Program Files\Garena Plus\ServerMemAlloc.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00516912 _____ () C:\Program Files\Garena Plus\lib\delay_load\RSALib.dll
2014-04-03 16:34 - 2014-04-03 16:34 - 00068400 _____ () C:\Program Files\Garena Plus\lib\delay_load\UdtLib.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00716616 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00126280 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 04217672 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 00414536 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-14 07:15 - 2014-06-05 21:58 - 01732424 _____ () C:\Program Files\Google\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-14 07:38 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\olive\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sun_Philippines Wave Modem Device Helper => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^olive^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warcraft Config.lnk => C:\Windows\pss\Warcraft Config.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: ATNworks => C:\Windows\System32\regsvr32.exe C:\Users\olive\AppData\Local\Awrdworks\jgmd400.dll
MSCONFIG\startupreg: Awrdworks => C:\Users\olive\AppData\Local\Awrdworks\tmpFB8F.exe
MSCONFIG\startupreg: BigDog303 => C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
MSCONFIG\startupreg: EPSON Stylus CX5500 Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\Windows\TEMP\E_S2FC7.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Users\olive\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GarenaPlus => "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
MSCONFIG\startupreg: Google Update => "C:\Users\olive\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Okivul => C:\Users\olive\AppData\Roaming\Aksolai\ogmyafq.exe
MSCONFIG\startupreg: Owpics => regsvr32.exe C:\Users\olive\AppData\Local\Owpics\PIM.dll
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RazerCortex => C:\Program Files\Razer\Razer Cortex\RazerCortex.exe -autorun
MSCONFIG\startupreg: SearchProtection => "C:\Users\olive\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sun_Philippines Wave ModemListener => C:\Program Files\Sun Broadband Wireless\BackgroundService\ModemListener.exe start
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: UIExec => "C:\Program Files\ZTE Connection Manager\UIExec.exe"
MSCONFIG\startupreg: vProt => "C:\Program Files\AVG Secure Search\vprot.exe"
MSCONFIG\startupreg: Zauzrimaop => C:\Users\olive\AppData\Roaming\Oqtaovi\ebisr.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2864508046-1840752021-4048113893-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2864508046-1840752021-4048113893-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2864508046-1840752021-4048113893-1002 - Limited - Enabled)
olive (S-1-5-21-2864508046-1840752021-4048113893-1000 - Administrator - Enabled) => C:\Users\olive

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 10:46:27 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {0ee2d9fb-a735-4abb-ad20-0c8d1a86c0b7}

Error: (01/04/2015 08:20:12 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {46c590d8-b630-4a49-aa54-a06f8f35f3dd}

Error: (01/04/2015 07:27:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ggdllhost.exe, version: 1.0.0.1, time stamp: 0x5215da4d
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x000555fe
Faulting process id: 0x1a58
Faulting application start time: 0xggdllhost.exe0
Faulting application path: ggdllhost.exe1
Faulting module path: ggdllhost.exe2
Report Id: ggdllhost.exe3

Error: (01/04/2015 01:01:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/04/2015 01:01:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/02/2015 11:59:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GarenaMessenger.exe, version: 1.2.45.1, time stamp: 0x544a29b0
Faulting module name: ntdll.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdadb
Exception code: 0xc0000005
Fault offset: 0x00028c72
Faulting process id: 0xe6c
Faulting application start time: 0xGarenaMessenger.exe0
Faulting application path: GarenaMessenger.exe1
Faulting module path: GarenaMessenger.exe2
Report Id: GarenaMessenger.exe3

Error: (01/01/2015 00:41:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc60d
Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdade
Exception code: 0xc0020043
Fault offset: 0x00060c93
Faulting process id: 0x66c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (01/01/2001 00:02:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (01/04/2015 11:05:05 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (01/04/2015 11:02:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:58:18 PM on ‎1/‎4/‎2015 was unexpected.

Error: (01/04/2015 08:39:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WindowsMangerProtect Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/04/2015 08:36:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.5 service failed to start due to the following error:
%%2

Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error:
%%1190

Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error:
%%1190

Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/04/2015 08:31:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

Error: (01/04/2015 08:16:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.5 service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz
Percentage of memory in use: 53%
Total physical RAM: 3062.02 MB
Available physical RAM: 1434.35 MB
Total Pagefile: 6122.32 MB
Available Pagefile: 4130.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:7.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 38033802)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
And here's for JRT.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x86
Ran by olive on Thu 01/22/2015 at 13:41:06.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util browsemark



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\olive\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\olive\AppData\Roaming\mozilla\firefox\profiles\1a3szy42.default\prefs.js

user_pref("browser.search.defaultengine", "Privitize VPN");
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_593152.value", "%22try%7B%5Cr%5Cn%5Ct%5Cr%5
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_593157.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_593158.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_593159.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.internaldb.Resources_resource_593161.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a2ea36bf108774aaa882cff78f7d9d95cdfb1672d116a4eb48be044786bd1d3ddcom34068.34068.name", "GoPhoto.it V9.0");
user_pref("extensions.alnaddyToolbar.admin", false);
user_pref("extensions.alnaddyToolbar.aflt", "sfto");
user_pref("extensions.alnaddyToolbar.autoRvrt", "false");
user_pref("extensions.alnaddyToolbar.cntry", "PH");
user_pref("extensions.alnaddyToolbar.dfltLng", "");
user_pref("extensions.alnaddyToolbar.dfltSrch", true);
user_pref("extensions.alnaddyToolbar.dfltlng", "en");
user_pref("extensions.alnaddyToolbar.dfltsrch", true);
user_pref("extensions.alnaddyToolbar.envrmnt", "production");
user_pref("extensions.alnaddyToolbar.excTlbr", false);
user_pref("extensions.alnaddyToolbar.hdrMd5", "122EF82A8A370F1E6A450D734BD464E5");
user_pref("extensions.alnaddyToolbar.hmpg", true);
user_pref("extensions.alnaddyToolbar.hmpgUrl", "hxxp://www.alnaddy.com/?afltid=sfto");
user_pref("extensions.alnaddyToolbar.hrdid", "fa31dd7a00000000000000ff52235e54");
user_pref("extensions.alnaddyToolbar.id", "fa31dd7a00000000000000ff52235e54");
user_pref("extensions.alnaddyToolbar.instlDay", "15633");
user_pref("extensions.alnaddyToolbar.instlRef", "");
user_pref("extensions.alnaddyToolbar.instlday", "15633");
user_pref("extensions.alnaddyToolbar.instlref", "");
user_pref("extensions.alnaddyToolbar.isdcmntcmplt", "false");
user_pref("extensions.alnaddyToolbar.keyWordUrl", "hxxp://www.alnaddy.com/search/?q=");
user_pref("extensions.alnaddyToolbar.keywordurl", "hxxp://www.alnaddy.com/search/?q=");
user_pref("extensions.alnaddyToolbar.lastVrsnTs", "1.6.4.511:15:41");
user_pref("extensions.alnaddyToolbar.mntrvrsn", "1.3.0");
user_pref("extensions.alnaddyToolbar.monitorreport", true);
user_pref("extensions.alnaddyToolbar.newTab", true);
user_pref("extensions.alnaddyToolbar.newTabUrl", "hxxp://www.alnaddy.com/?afltid=sfto");
user_pref("extensions.alnaddyToolbar.newtab", true);
user_pref("extensions.alnaddyToolbar.newtaburl", "hxxp://www.alnaddy.com/?afltid=sfto");
user_pref("extensions.alnaddyToolbar.prdct", "alnaddyToolbar");
user_pref("extensions.alnaddyToolbar.prtnrId", "alnaddy");
user_pref("extensions.alnaddyToolbar.prtnrid", "alnaddy");
user_pref("extensions.alnaddyToolbar.savedVrsnTs", "1");
user_pref("extensions.alnaddyToolbar.sg", "none");
user_pref("extensions.alnaddyToolbar.smplGrp", "none");
user_pref("extensions.alnaddyToolbar.smplgrp", "none");
user_pref("extensions.alnaddyToolbar.srch", "");
user_pref("extensions.alnaddyToolbar.srchPrvdr", "Alnaddy");
user_pref("extensions.alnaddyToolbar.srchprvdr", "Alnaddy");
user_pref("extensions.alnaddyToolbar.tlbrId", "alnaddy1");
user_pref("extensions.alnaddyToolbar.tlbrSrchUrl", "hxxp://www.alnaddy.com/search/?q=");
user_pref("extensions.alnaddyToolbar.tlbrid", "alnaddy1");
user_pref("extensions.alnaddyToolbar.tlbrsrchurl", "hxxp://www.alnaddy.com/search/?q=");
user_pref("extensions.alnaddyToolbar.vrsn", "1.6.4.5");
user_pref("extensions.alnaddyToolbar.vrsnTs", "1.6.4.511:15:41");
user_pref("extensions.alnaddyToolbar.vrsni", "1.6.4.5");
user_pref("extensions.alnaddyToolbar.vrsnts", "1.6.4.511:15:41");
user_pref("extensions.alnaddyToolbar_i.dnsErr", true);
user_pref("extensions.alnaddyToolbar_i.hmpg", true);
user_pref("extensions.alnaddyToolbar_i.newTab", true);
user_pref("extensions.alnaddyToolbar_i.smplGrp", "none");
user_pref("extensions.alnaddyToolbar_i.vrsnTs", "1.6.4.511:15:41");
Emptied folder: C:\Users\olive\AppData\Roaming\mozilla\firefox\profiles\1a3szy42.default\minidumps [53 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/22/2015 at 13:52:00.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    6.2 KB · Views: 1
Here's the fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-01-2015 03
Ran by olive at 2015-01-23 16:45:13 Run:1
Running from C:\Users\olive\Downloads
Loaded Profile: olive (Available profiles: olive & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-02-11 02:44 - 2014-02-11 18:42 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Osqyild
2014-02-11 02:41 - 2014-02-11 02:41 - 00068921 _____ () C:\Users\ian\AppData\Local\lttfmitj.exe
2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Users\ian\AppData\Local\SearchProtect
2014-02-10 22:58 - 2014-02-10 23:02 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Iqicymlo
2014-02-10 22:44 - 2014-02-11 00:09 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Baxypub
2014-02-10 21:13 - 2014-02-10 23:02 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wyzapei
2014-02-10 16:06 - 2014-02-10 16:06 - 00143360 _____ () C:\Users\ian\AppData\Local\cffoxkmm.exe
2014-02-10 14:51 - 2014-02-10 15:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Yvagcify
2014-02-10 14:47 - 2014-02-10 21:15 - 00126265 _____ () C:\Users\ian\AppData\Local\omvaaqtq.exe
2014-02-10 10:43 - 2014-02-10 21:55 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wetaup
2014-02-10 10:38 - 2014-02-10 21:06 - 00126265 _____ () C:\Users\ian\AppData\Local\iltjspig.exe
2014-02-10 06:43 - 2014-02-10 17:30 - 00126265 _____ () C:\Users\ian\AppData\Local\doavscfh.exe
2014-02-10 02:35 - 2014-02-10 17:18 - 00126265 _____ () C:\Users\ian\AppData\Local\bdgcidkd.exe
2014-02-09 22:40 - 2014-02-10 17:30 - 00126265 _____ () C:\Users\ian\AppData\Local\cbdmebgj.exe
2014-02-09 06:39 - 2014-02-09 07:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Afybir
2014-02-09 02:44 - 2014-02-09 03:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Abidva
2014-02-09 01:12 - 2014-02-09 02:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Aksawa
2014-02-08 23:37 - 2014-02-08 23:37 - 00090112 _____ () C:\Users\ian\AppData\Local\gtadbiof.exe
2014-02-08 23:24 - 2014-02-08 23:24 - 00090112 _____ () C:\Users\ian\AppData\Local\hsswacxt.exe
2014-02-08 23:11 - 2014-02-08 23:11 - 00090112 _____ () C:\Users\ian\AppData\Local\hcfjownm.exe
2014-02-08 22:58 - 2014-02-08 22:58 - 00090112 _____ () C:\Users\ian\AppData\Local\flchicob.exe
2014-02-08 22:45 - 2014-02-08 22:45 - 00090112 _____ () C:\Users\ian\AppData\Local\nkbppbcb.exe
2014-02-08 21:52 - 2014-02-08 21:52 - 00090112 _____ () C:\Users\ian\AppData\Local\xhsucbxm.exe
2014-02-08 21:39 - 2014-02-08 21:39 - 00090112 _____ () C:\Users\ian\AppData\Local\xobgcvmx.exe
2014-02-08 21:26 - 2014-02-08 21:26 - 00090112 _____ () C:\Users\ian\AppData\Local\upeqgtan.exe
2014-02-08 21:13 - 2014-02-08 21:13 - 00090112 _____ () C:\Users\ian\AppData\Local\eafcpgkr.exe
2014-02-08 19:42 - 2014-02-08 19:42 - 00090112 _____ () C:\Users\ian\AppData\Local\fqehtdip.exe
2014-02-08 19:29 - 2014-02-08 19:29 - 00090112 _____ () C:\Users\ian\AppData\Local\lemotnld.exe
2014-02-08 19:16 - 2014-02-08 19:16 - 00090112 _____ () C:\Users\ian\AppData\Local\pudlxtxg.exe
2014-02-08 19:03 - 2014-02-08 19:03 - 00090112 _____ () C:\Users\ian\AppData\Local\dnmfqofh.exe
2014-02-08 18:50 - 2014-02-08 18:50 - 00090112 _____ () C:\Users\ian\AppData\Local\jgoptgtf.exe
2014-02-08 18:37 - 2014-02-08 18:37 - 00090112 _____ () C:\Users\ian\AppData\Local\mnfkcvrx.exe
2014-02-08 14:46 - 2014-02-10 16:16 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Obykbiwa
2014-02-07 22:50 - 2014-02-07 23:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ydveos
2014-02-07 18:41 - 2014-02-10 16:13 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ocugorg
2014-02-07 07:45 - 2014-02-07 08:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Reweyfv
2014-02-07 03:40 - 2014-02-07 04:01 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Qoviekba
2014-02-06 23:01 - 2014-02-10 16:13 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Idydufmi
2014-02-06 23:01 - 2014-02-06 23:01 - 00012326 _____ () C:\Users\ian\AppData\Local\niomwjlk
2014-02-06 23:00 - 2014-02-06 23:00 - 00068260 _____ () C:\Users\ian\AppData\Local\elieicsp
C:\Users\ian\AppData\Local\Temp\ffmpegcodec.dll
C:\Users\ian\AppData\Local\Temp\ffmpegcodec1.dll
C:\Users\ian\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\ian\AppData\Local\Temp\htmlayout.dll
C:\Users\ian\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ian\AppData\Local\Temp\oi_{742160EE-1377-469E-9979-1A55A6585798}.exe
C:\Users\ian\AppData\Local\Temp\Resource.exe
C:\Users\ian\AppData\Local\Temp\sp58915.exe
C:\Users\ian\AppData\Local\Temp\sp64126.exe
C:\Users\ian\AppData\Local\Temp\uninstall-need4videovc.exe
C:\Users\ian\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\ian\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_3dd39581.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_486705ec.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_7897b9de.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_a23bd31a.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_c8d4adca.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_ca61653b.exe
Task: {03A69FE8-2E34-45F9-98C5-7C4C50C92725} - System32\Tasks\Torntv 2-enabler => C:\Program Files (x86)\Torntv 2\Torntv 2-enabler.exe [2013-11-03] (installdaddy) <==== ATTENTION
Task: {19AAB081-0E7D-4318-A490-9F3827EBEF2C} - System32\Tasks\Torntv 2-codedownloader => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe [2013-11-03] (installdaddy) <==== ATTENTION
AlternateDataStreams: C:\Users\ian\Desktop\mbam-rules.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\mbar-1.07.0.1009.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\ian\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\ian\Downloads\minecraft_server.1.6.2.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\bdgcidkd.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\cbdmebgj.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\doavscfh.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\iltjspig.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\omvaaqtq.exe:BDU
*****************

HKLM-x32\...\Run: [] - [X] => Error: No automatic fix found for this entry.
\\SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie => Value not found.
\\SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie => Value not found.
\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
"C:\Users\ian\AppData\Roaming\Osqyild" => File/Directory not found.
"C:\Users\ian\AppData\Local\lttfmitj.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\SearchProtect" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Iqicymlo" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Baxypub" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Wyzapei" => File/Directory not found.
"C:\Users\ian\AppData\Local\cffoxkmm.exe" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Yvagcify" => File/Directory not found.
"C:\Users\ian\AppData\Local\omvaaqtq.exe" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Wetaup" => File/Directory not found.
"C:\Users\ian\AppData\Local\iltjspig.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\doavscfh.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\bdgcidkd.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\cbdmebgj.exe" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Afybir" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Abidva" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Aksawa" => File/Directory not found.
"C:\Users\ian\AppData\Local\gtadbiof.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\hsswacxt.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\hcfjownm.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\flchicob.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\nkbppbcb.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\xhsucbxm.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\xobgcvmx.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\upeqgtan.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\eafcpgkr.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\fqehtdip.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\lemotnld.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\pudlxtxg.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\dnmfqofh.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\jgoptgtf.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\mnfkcvrx.exe" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Obykbiwa" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Ydveos" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Ocugorg" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Reweyfv" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Qoviekba" => File/Directory not found.
"C:\Users\ian\AppData\Roaming\Idydufmi" => File/Directory not found.
"C:\Users\ian\AppData\Local\niomwjlk" => File/Directory not found.
"C:\Users\ian\AppData\Local\elieicsp" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\ffmpegcodec.dll" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\ffmpegcodec1.dll" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\HPHelpUpdater.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\htmlayout.dll" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\oi_{742160EE-1377-469E-9979-1A55A6585798}.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\Resource.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\sp58915.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\sp64126.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\uninstall-need4videovc.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UNINSTALL.EXE" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UninstallHPSA.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_3dd39581.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_486705ec.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_7897b9de.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_a23bd31a.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_c8d4adca.exe" => File/Directory not found.
"C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_ca61653b.exe" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03A69FE8-2E34-45F9-98C5-7C4C50C92725} => Key not found.
C:\Windows\System32\Tasks\Torntv 2-enabler not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Torntv 2-enabler => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19AAB081-0E7D-4318-A490-9F3827EBEF2C} => Key not found.
C:\Windows\System32\Tasks\Torntv 2-codedownloader not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Torntv 2-codedownloader => Key not found.
"C:\Users\ian\Desktop\mbam-rules.exe" => ":BDU" ADS not found.
"C:\Users\ian\Desktop\mbar-1.07.0.1009.exe" => ":BDU" ADS not found.
"C:\Users\ian\Desktop\Minecraft.exe" => ":BDU" ADS not found.
"C:\Users\ian\Desktop\RogueKiller.exe" => ":BDU" ADS not found.
"C:\Users\ian\Downloads\dds.com" => ":BDU" ADS not found.
"C:\Users\ian\Downloads\minecraft_server.1.6.2.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\bdgcidkd.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\cbdmebgj.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\doavscfh.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\iltjspig.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\omvaaqtq.exe" => ":BDU" ADS not found.

==== End of Fixlog 16:45:15 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.
Back