Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

moving files with usb flash drive issue


  • Please log in to reply

#1
hashdog

hashdog

    Member

  • Member
  • PipPip
  • 10 posts

whenever i try to move files with an usb flash drive from another pc to my pc, the files shows up as dead shortcuts  and avg keeps spamming "VIRUS! DUDE THIS IS A VIRUS! VIIIIRUUS!!!!" and when i click remove files, they will soon come back.. When I tried to move some files from my pc to anothert pc, they showed up as shortcuts already when I had moved them to the drive folder, and then the avg spamming started. And yes im sure it says move/copy instead of make shortcut. I tried with multiple usb flash drives but its happening with all of them, which makes it obvious that the problem lies in the pc.. pleaz help ^n^

 

(I asked this question in windows 8 first but then a cat there told me it was a virus and i had to ask here instead. Oh and I did an OTL scan as u can see in Attached Files)

Attached Files

  • Attached File  OTL.Txt   99.87KB   96 downloads

Edited by hashdog, 05 August 2014 - 05:44 AM.

  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts

Hello Hashdog, welcome to Malware Removal section of the forum.

My name around here is SleepyDude and I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.
I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

.
IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.
 

«»«»«»

 

I'm in the process of checking you log and create a fix for you, in the meantime can you post the log Extras.txt generated by OTL? It should be on the Desktop.

 


  • 0

#3
hashdog

hashdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Thanks c:

Oh okay yes sorry I didn't think the extras file was that important

Oh and one more thing, sometimes AVG randomly pops up saying stuff like this: http://gyazo.com/8e5...12f418cba20bae5

(That exact one has popped up three times now in about 5 minutes.. O-O)

 

 

 

OTL Extras logfile created on: 04.08.2014 23:40:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Sigve\Desktop
64bit- Enterprise Edition N  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17028)
Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,16 Gb Available Physical Memory | 77,80% Memory free
15,91 Gb Paging File | 13,11 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,45 Gb Total Space | 62,46 Gb Free Space | 56,05% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 637,26 Gb Free Space | 68,41% Space Free | Partition Type: NTFS
 
Computer Name: LIVINGROOM-PC | User Name: Sigve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program\Microsoft Ofiice Pro\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program\Microsoft Ofiice Pro\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program\Microsoft Ofiice Pro\Office15\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program\Microsoft Ofiice Pro\Office15\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = FD AF 4B BA FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{804F1BDD-B202-49DE-9DE0-CA2A42FA8339}" = lport=6004 | protocol=17 | dir=in | app=d:\program\microsoft ofiice pro\office15\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08CD954D-199F-4276-9250-1043B8B909D2}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{0C74483F-332E-4EB8-B478-E5ADFA56F1C2}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{1E309B02-75AE-4413-8DFF-2B596A2BD088}" = protocol=17 | dir=in | app=d:\program\microsoft ofiice pro\office15\ucmapi.exe |
"{2C1CECB5-962D-4629-B805-93E997ED42F0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dayz\dayz.exe |
"{2C99087D-B105-49AB-936B-B8F36E5D17C8}" = protocol=6 | dir=in | app=d:\program\microsoft ofiice pro\office15\ucmapi.exe |
"{2DAFB110-2A02-4F79-B8E6-527605597885}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{36208B88-EF97-45D3-A722-FCE81718CDC9}" = protocol=17 | dir=in | app=d:\program\avg\avgmfapx.exe |
"{3A0C9FF5-E6CF-420A-AF28-F72746805291}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3D2EB6AC-8093-4E30-9973-7E0C4AA52147}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{4DD9B951-41AE-4814-8543-AFCC408EFD78}" = dir=in | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{4EB57EFE-56CA-4E9C-99ED-1DB4EA719917}" = protocol=17 | dir=in | app=c:\users\sigve\appdata\roaming\utorrent\utorrent.exe |
"{4F18C567-5E0E-47B9-9CB9-1AD02C2ADB10}" = protocol=6 | dir=in | app=d:\program\avg\avgmfapx.exe |
"{4FCC8C38-B1B5-419A-9EA4-3C46E5374C69}" = protocol=6 | dir=in | app=d:\program\avg\avgemca.exe |
"{552EBA27-D94D-41B2-9DC5-2F640098223D}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{55EEB265-AC2A-434F-8C2E-772E69023B16}" = protocol=6 | dir=in | app=d:\program\avg\avgdiagex.exe |
"{684D7504-421E-4ACE-87C4-7949CB9093D3}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{6E420F54-EC15-4D41-BDE5-3525FA99459C}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{71A4FCF6-3F15-4D0B-9F29-767985BF533A}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{74DE26A0-B842-4CC7-A763-CB39264E86F3}" = protocol=6 | dir=in | app=d:\program\microsoft ofiice pro\office15\lync.exe |
"{78776173-6384-4A20-BCDA-16167EEFA652}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84F9D43E-5EFD-4034-99FC-6DC333617D03}" = protocol=6 | dir=in | app=c:\users\sigve\appdata\roaming\utorrent\utorrent.exe |
"{8770A547-AED3-41D9-875C-694F90984C4E}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8D78418F-FA7B-4598-BB88-F871460C01DC}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{94ED060F-DDFA-4427-8F9C-120FD173BDD6}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9D1ECAB4-EA2D-4D5A-8341-310886A29FA6}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{AF03AF89-C811-402C-93C2-E2EFBB8CC888}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{B451543B-C068-418C-890F-327AB0D1DA68}" = dir=in | app=d:\program\itunes\itunes.exe |
"{B91E23FA-87D3-48A6-A5DB-08CA8381E827}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{BBD61E5A-9DD3-463F-A681-CAAE23426542}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{BD19AFA1-53BE-4795-9FAA-C792F41114DF}" = protocol=6 | dir=in | app=d:\program\avg\avgnsa.exe |
"{BEC9CF5E-064F-42D0-93EA-B24E53F7B06B}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{C3B220D2-76DC-43F9-9F88-8AF88EDB5C07}" = protocol=17 | dir=in | app=d:\program\avg\avgnsa.exe |
"{C747B3F7-4548-4815-9100-BFA22F561B49}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{CCED4F67-CE3A-4B9B-8118-CE34F17EC28A}" = protocol=17 | dir=in | app=d:\program\avg\avgemca.exe |
"{D3F5FCFC-70FC-47E5-BCFA-A2F725573B28}" = protocol=17 | dir=in | app=d:\program\avg\avgdiagex.exe |
"{D4C5BC2B-9780-4B97-8BB7-DD1825B18D50}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC8BB7E0-10ED-46AC-8A32-4205E718F4AF}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E01D3394-36DE-4956-9C0B-2E135B9CB7F1}" = dir=out | [email protected]{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{E1CB7A13-E1EF-4436-9038-370F325E4503}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6D16308-6BDD-4683-A9FD-108149500A75}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{EA581345-D8E7-4665-A644-C64BB98E703D}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{EA8BDA3D-F77A-4115-96F5-3D6A7B814030}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dayz\dayz.exe |
"{FEBD7131-17CC-4DE8-B63D-EB6A7E75A680}" = protocol=17 | dir=in | app=d:\program\microsoft ofiice pro\office15\lync.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{19BBD0F3-7A31-480D-8A23-19AE28035E9C}" = Adobe Photoshop Lightroom 5.5 64-bit
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{2248B5A7-FBFD-3C23-3E77-F26F49FCF6CD}" = ccc-utility64
"{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{751B0A43-3B58-12DE-2F5E-987F7C177FB1}" = AMD Accelerated Video Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5BBEF15-44B1-43FA-A4B7-3AFE501B5949}" = AVG 2014
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D1C0C574-6385-4ED1-BBD9-2B62FCECE0EF}" = AVG 2014
"{D4DEB532-1003-D978-B678-D08A430CE548}" = AMD Catalyst Install Manager
"AVG" = AVG 2014
"CCleaner" = CCleaner
"Sibelius 7.0.0.23_is1" = Sibelius 7.1.0.54
"WinRAR archiver" = WinRAR 5.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}" = Adobe Premiere Pro CC 2014
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0F1436F8-902B-5134-3613-32CB0A84883E}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple-programsupport
"{26A24AE4-039D-4CA4-87B4-2F03217060FF}" = Java 7 Update 60
"{2B4B4082-8043-4646-8334-B0A29E641211}" = Adobe Illustrator CC 2014
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
"{3E9DFA00-AE49-D44F-AF6D-2FCD4D62EC4F}" = CCC Help Russian
"{3FD5C4BA-C621-298E-65E1-3C9889850313}" = CCC Help French
"{43E3EDBB-CC3A-EE64-E8E2-544ECFE0C5B9}" = Adobe® Content Viewer
"{46FBF49D-FEA1-5AF5-7C03-D7285BCD02EF}" = CCC Help Greek
"{477EA3EC-5894-8C12-2050-CAAD2FFDA493}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B1448F-B22F-5888-61FC-9EB0978F901C}" = Catalyst Control Center Localization All
"{55F0E086-2E1C-4478-B52E-DA6025A46434}_is1" = WBFS to ISO
"{5D7BD461-6826-9B86-4D08-89C6AAA27CC7}" = CCC Help Turkish
"{5E8550AD-6C16-45FB-4DF3-FED15B175DB0}" = CCC Help Dutch
"{63026099-C53A-765A-3188-7A6D327BD650}" = CCC Help Spanish
"{654DCA89-32D7-4CE0-D45A-40805711726C}" = CCC Help Swedish
"{663DEEEF-EF34-4DCB-8687-73A7AA146E02}" = Adobe Media Encoder CC 2014
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.1
"{6F18F9D2-FF95-B5D7-4930-8097B38437D2}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7325A8DF-C8C3-4425-B0CA-8CAEE5E6464B}" = Sibelius 7 OpenType Fonts
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80B6AC7C-B97E-573A-83C0-764AE4836147}" = CCC Help Hungarian
"{89A9B9EE-839E-4820-9450-2912C82F46AF}" = Avid License Control
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A044FD78-A618-A2C3-6BE1-493F0DEC11EB}" = CCC Help German
"{A1BB7D32-018E-ABBD-E6CC-1F5B550CAE20}" = CCC Help Portuguese
"{A667118C-FF91-2ADD-8F31-7440F9E34823}" = CCC Help Czech
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B6EFE631-7B05-2119-43D2-B3028C19AAC5}" = CCC Help Italian
"{B9524F8B-B927-6DFC-6AE1-A70B720054E6}" = Catalyst Control Center InstallProxy
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{C4757EB4-D705-12A9-FCB8-EDFAEE190C90}" = CCC Help Chinese Standard
"{C812D34C-977E-CB4A-8AE0-3AEDD31B83FD}" = CCC Help Japanese
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}" = Adobe InDesign CC 2014
"{CFB6425C-903A-1905-1CF3-93902CEFFEBC}" = CCC Help Chinese Traditional
"{D0FAADCA-5006-995B-105F-AA74C449EC9F}" = CCC Help Thai
"{D26625B4-9B77-885C-D371-C841EC9C252B}" = CCC Help Finnish
"{D48C13A9-21B1-A0E4-277C-C1B770DF45CB}" = CCC Help Danish
"{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}" = Adobe Photoshop CC 2014
"{DBE19556-18D2-D43B-479A-FC1E3202D560}" = CCC Help Korean
"{E0272F7D-99D8-D8AA-83B9-C55A3470F1D1}" = Catalyst Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Among The Sleep_is1" = Among The Sleep
"com.adobe.dmp.contentviewer" = Adobe® Content Viewer
"DAEMON Tools Ultra" = DAEMON Tools Ultra
"IObit_StartMenu8_is1" = Start Menu 8
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Mozilla Firefox 30.0 (x86 nb-NO)" = Mozilla Firefox 30.0 (x86 nb-NO)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neuratron PhotoScore Lite" = Neuratron PhotoScore Lite
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"PDFtoMusic" = PDFtoMusic
"Steam" = Steam
"Steam App 221100" = DayZ
"VLC media player" = VLC media player 2.1.3
"Watch Dogs_R.G. Mechanics_is1" = Watch Dogs
"WBFS Manager 3.0" = WBFS Manager 3.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 31.0 (x86 nb-NO)" = Mozilla Firefox 31.0 (x86 nb-NO)
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2014 05:22:20 | Computer Name = livingroom-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line
 arguments:  RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error - 04.08.2014 05:22:28 | Computer Name = livingroom-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line
 arguments:  RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 04.08.2014 06:21:44 | Computer Name = livingroom-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line
 arguments:  RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 04.08.2014 06:21:49 | Computer Name = livingroom-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line
 arguments:  RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error - 04.08.2014 11:47:13 | Computer Name = livingroom-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line
 arguments:  RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error - 04.08.2014 11:57:08 | Computer Name = livingroom-pc | Source = Software Protection Platform Service | ID = 8198
Description = License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line
 arguments:  RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error - 04.08.2014 12:56:55 | Computer Name = livingroom-pc | Source = Application Error | ID = 1000
Description = Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp:
 0x51498820  Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception
 code: 0xc0000005  Fault offset: 0x0027ea45  Faulting process id: 0x14b8  Faulting application
 start time: 0x01cfb0050b142c9c  Faulting application path: C:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.563\FPM.exe
Faulting
 module path: C:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.563\FPM.exe  Report Id: 5659e899-1bf8-11e4-b345-d43d7ebe16fa
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 04.08.2014 12:57:38 | Computer Name = livingroom-pc | Source = Application Error | ID = 1000
Description = Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp:
 0x51498820  Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception
 code: 0xc0000005  Fault offset: 0x0027ea45  Faulting process id: 0x1578  Faulting application
 start time: 0x01cfb0052451a59b  Faulting application path: C:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.153\FPM.exe
Faulting
 module path: C:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.153\FPM.exe  Report Id: 70642ee0-1bf8-11e4-b345-d43d7ebe16fa
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 04.08.2014 12:59:38 | Computer Name = livingroom-pc | Source = Application Error | ID = 1000
Description = Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp:
 0x51498820  Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception
 code: 0xc0000005  Fault offset: 0x0027ea45  Faulting process id: 0xe0c  Faulting application
 start time: 0x01cfb00576502e17  Faulting application path: C:\Users\Sigve\Desktop\FPM.exe
Faulting
 module path: C:\Users\Sigve\Desktop\FPM.exe  Report Id: b7692172-1bf8-11e4-b345-d43d7ebe16fa
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 04.08.2014 13:10:24 | Computer Name = livingroom-pc | Source = Application Error | ID = 1000
Description = Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp:
 0x51498820  Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception
 code: 0xc0000005  Fault offset: 0x0027ea45  Faulting process id: 0x1700  Faulting application
 start time: 0x01cfb00584d9f100  Faulting application path: C:\Users\Sigve\Desktop\FPM.exe
Faulting
 module path: C:\Users\Sigve\Desktop\FPM.exe  Report Id: 38f76465-1bfa-11e4-b345-d43d7ebe16fa
Faulting
 package full name:   Faulting package-relative application ID:
 
Error - 04.08.2014 13:11:29 | Computer Name = livingroom-pc | Source = Application Error | ID = 1000
Description = Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp:
 0x51498820  Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception
 code: 0xc0000005  Fault offset: 0x0027ea45  Faulting process id: 0x1590  Faulting application
 start time: 0x01cfb0071e2e38a6  Faulting application path: D:\Spill\Spill PC\First
 Person Mario\FPM.exe  Faulting module path: D:\Spill\Spill PC\First Person Mario\FPM.exe
Report
 Id: 5f397382-1bfa-11e4-b345-d43d7ebe16fa  Faulting package full name:   Faulting package-relative
 application ID:
 
[ System Events ]
Error - 20.07.2014 17:45:25 | Computer Name = livingroom-pc | Source = DCOM | ID = 10016
Description =
 
Error - 23.07.2014 08:44:53 | Computer Name = livingroom-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:04:14 PM on ?7/?23/?2014 was unexpected.
 
Error - 23.07.2014 08:44:54 | Computer Name = livingroom-pc | Source = BugCheck | ID = 1001
Description =
 
Error - 23.07.2014 13:31:21 | Computer Name = livingroom-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:53:57 PM on ?7/?23/?2014 was unexpected.
 
Error - 23.07.2014 13:31:21 | Computer Name = livingroom-pc | Source = BugCheck | ID = 1001
Description =
 
Error - 29.07.2014 07:18:48 | Computer Name = livingroom-pc | Source = DCOM | ID = 10016
Description =
 
Error - 29.07.2014 16:14:58 | Computer Name = livingroom-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:39:38 PM on ?7/?29/?2014 was unexpected.
 
Error - 29.07.2014 16:14:58 | Computer Name = LIVINGROOM-PC | Source = BugCheck | ID = 1001
Description =
 
Error - 03.08.2014 06:56:33 | Computer Name = livingroom-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:28:24 PM on ?8/?3/?2014 was unexpected.
 
Error - 04.08.2014 11:46:17 | Computer Name = livingroom-pc | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:01:20 PM on ?8/?4/?2014 was unexpected.
 
 
< End of report >
 


  • 0

#4
hashdog

hashdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Wowowoooah what did just happen

http://gyazo.com/03b...707e919874887b2


  • 0

#5
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts

Hi,

 

Thanks for the heads up about those warnings, please run the following scan it will provide more information for me about your system than OTL because you have Windows 8.

 

 

Farbar Recovery Scan Tool (FRST)
 

  • Download FRST x64 and save it to the Desktop.
  • Execute FRST64 right click on the icon FRST.gif and choose Run as Administrator. Make sure all other windows are closed.
    (When the Tool opens for the first time you must click Yes on the disclaimer.)
    FRST.png
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the Tool is run from.
  • The first time the Tool is run, it makes also another log (Addition.txt).
  • Please copy and paste the logs to your post.

 

Things I would like to see in your next reply:

  • The FRST.txt log and Addition.txt

 


  • 0

#6
hashdog

hashdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Sigve (administrator) on LIVINGROOM-PC on 05-08-2014 22:34:05
Running from C:\Users\Sigve\Desktop
Platform: Windows 8 Enterprise N (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgfws.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(IObit) D:\Program\Start Menu 8\StartMenuServices.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgnsa.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgemca.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgcsrva.exe
(IObit) D:\Program\Start Menu 8\StartMenu8.exe
(IObit) D:\Program\Start Menu 8\InstallServices64.exe
(IObit) D:\Program\Start Menu 8\StartMenu_Hook.exe
(Disc Soft Ltd) D:\Program\DAEMON Tools Ultra\DiscSoftBusService.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) D:\Program\AVG\avgui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) D:\Program\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-02-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVG_UI] => D:\Program\AVG\avgui.exe [5179408 2014-06-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => D:\Program\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\Run: [DAEMON Tools Ultra Agent] => D:\Program\DAEMON Tools Ultra\DTAgent.exe [3198224 2014-04-28] (Disc Soft Ltd)
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [2993376 2014-05-08] (Nota Inc.)
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\Run: [Thumbs] => wscript.exe //B "C:\Users\Sigve\AppData\Local\Temp\Thumbs.vbs" <===== ATTENTION
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\MountPoints2: {9c79a74e-f89e-11e3-b315-d43d7ebe16fa} - "L:\start.exe"
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\MountPoints2: {c6bbd9d7-fcb1-11e3-b31e-d43d7ebe16fa} - "M:\Installer\Sibelius7SoundsInstaller.exe"
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\MountPoints2: {c6bbd9f5-fcb1-11e3-b31e-d43d7ebe16fa} - "N:\Installer\Sibelius7SoundsInstaller.exe"
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\MountPoints2: {c6bbda0a-fcb1-11e3-b31e-d43d7ebe16fa} - "O:\Installer\Sibelius7SoundsInstaller.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.vbs ()
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => D:\Program\Microsoft Ofiice Pro\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => D:\Program\Microsoft Ofiice Pro\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => D:\Program\Microsoft Ofiice Pro\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.no.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x61ACE6064FA0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nb-NO
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program\Microsoft Ofiice Pro\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> D:\Program\Microsoft Ofiice Pro\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program\Java\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program\Microsoft Ofiice Pro\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 85.252.202.15 85.252.202.10 85.252.202.11

FireFox:
========
FF ProfilePath: C:\Users\Sigve\AppData\Roaming\Mozilla\Firefox\Profiles\8gsfv2z4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> D:\Program\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> D:\Program\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\Program\Microsoft Ofiice Pro\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\Program\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: DownloadHelper - C:\Users\Sigve\AppData\Roaming\Mozilla\Firefox\Profiles\8gsfv2z4.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-06-21]
FF Extension: New Tab Tools - C:\Users\Sigve\AppData\Roaming\Mozilla\Firefox\Profiles\8gsfv2z4.default\Extensions\[email protected] [2014-06-20]
FF Extension: Bluhell Firewall - C:\Users\Sigve\AppData\Roaming\Mozilla\Firefox\Profiles\8gsfv2z4.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-06-20]
FF Extension: YouTube High Definition - C:\Users\Sigve\AppData\Roaming\Mozilla\Firefox\Profiles\8gsfv2z4.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-11]
FF StartMenuInternet: FIREFOX.EXE - D:\Program\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgfws; D:\Program\AVG\avgfws.exe [1417160 2014-06-18] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; D:\Program\AVG\avgidsagent.exe [3241488 2014-06-28] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\Program\AVG\avgwdsvc.exe [289328 2014-06-18] (AVG Technologies CZ, s.r.o.)
R3 Disc Soft Bus Service; D:\Program\DAEMON Tools Ultra\DiscSoftBusService.exe [813328 2014-04-28] (Disc Soft Ltd)
R2 StartMenuService; D:\Program\Start Menu 8\StartMenuServices.exe [72992 2014-06-06] (IObit)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [305200 2012-09-19] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-18] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-18] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-18] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-05-15] (AVG Technologies CZ, s.r.o.)
R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2014-06-20] (Disc Soft Ltd)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-01-19] ()
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [29472 2012-09-05] (SerComm Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 22:34 - 2014-08-05 22:34 - 00013571 _____ () C:\Users\Sigve\Desktop\FRST.txt
2014-08-05 22:33 - 2014-08-05 22:34 - 00000000 ____D () C:\FRST
2014-08-05 22:33 - 2014-08-05 22:33 - 02094080 _____ (Farbar) C:\Users\Sigve\Desktop\FRST64.exe
2014-08-05 13:26 - 2014-08-05 13:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-05 13:26 - 2014-08-05 13:26 - 00000000 _____ () C:\Windows\setupact.log
2014-08-04 18:20 - 2014-08-04 18:20 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Awesomium
2014-08-04 16:41 - 2014-08-04 16:41 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\.technic
2014-08-04 16:17 - 2014-08-04 16:17 - 00000929 _____ () C:\Users\Sigve\Desktop\Steam.lnk
2014-08-04 11:23 - 2014-05-20 04:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-04 11:23 - 2014-05-20 01:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-04 11:23 - 2014-05-20 01:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-04 11:23 - 2014-05-20 01:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-04 11:23 - 2014-05-20 01:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-04 11:23 - 2014-05-20 01:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-04 11:23 - 2014-05-20 01:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-04 11:23 - 2014-05-20 01:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-04 11:23 - 2014-05-20 01:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-04 11:23 - 2014-05-15 00:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-04 11:23 - 2014-05-15 00:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-04 11:23 - 2014-05-15 00:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-04 11:23 - 2014-05-15 00:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-02 19:55 - 2014-08-03 22:54 - 00000016 _____ () C:\Users\Sigve\AppData\Roaming\Firefox.exe.tmp
2014-07-29 22:14 - 2014-07-29 22:14 - 00280832 _____ () C:\Windows\Minidump\072914-9234-01.dmp
2014-07-23 19:31 - 2014-07-23 19:31 - 00280832 _____ () C:\Windows\Minidump\072314-9703-01.dmp
2014-07-23 14:44 - 2014-07-29 22:14 - 749078527 _____ () C:\Windows\MEMORY.DMP
2014-07-23 14:44 - 2014-07-29 22:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 14:44 - 2014-07-23 14:44 - 00280832 _____ () C:\Windows\Minidump\072314-10593-01.dmp
2014-07-20 21:01 - 2014-08-04 16:55 - 00074458 _____ () C:\Windows\WindowsUpdate.log
2014-07-20 19:05 - 2014-07-20 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 19:05 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-17 19:29 - 2014-07-17 19:29 - 00001010 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2014-07-17 19:19 - 2014-07-17 19:19 - 00001002 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2014-07-17 19:19 - 2014-07-17 19:19 - 00000000 ____D () C:\Program Files\Adobe
2014-07-17 19:19 - 2014-07-17 19:19 - 00000000 ____D () C:\adobeTemp
2014-07-17 19:04 - 2014-07-17 19:04 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-07-17 19:04 - 2014-07-17 19:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-17 19:04 - 2014-07-17 19:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-17 19:03 - 2014-07-17 19:03 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2014-07-17 18:55 - 2014-07-17 18:55 - 00001327 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-07-17 18:55 - 2014-07-17 18:55 - 00000000 ____D () C:\ProgramData\ALM
2014-07-17 18:12 - 2014-07-17 18:12 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.5 64-bit.lnk
2014-07-17 18:00 - 2014-07-17 18:00 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\PDAppFlex
2014-07-17 17:49 - 2014-07-17 19:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-17 17:27 - 2014-07-17 17:27 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-17 17:16 - 2014-08-04 16:44 - 00001323 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-07-17 17:16 - 2014-08-04 16:44 - 00001311 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-07-17 17:16 - 2014-07-17 17:16 - 00000000 ___RD () C:\Users\Sigve\Creative Cloud Files ([email protected])
2014-07-17 17:15 - 2014-08-04 16:44 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-17 01:25 - 2014-07-18 19:30 - 05174384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-15 19:14 - 2014-07-15 19:15 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Apple Computer
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\Users\Sigve\AppData\Local\Apple Computer
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:14 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-07-15 19:13 - 2014-07-15 19:13 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Users\Sigve\AppData\Local\Apple
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\ProgramData\Apple
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-15 19:03 - 2014-07-15 19:19 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\redsn0w
2014-07-15 00:13 - 2014-07-15 00:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-13 21:40 - 2014-07-13 21:40 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-07-11 23:40 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-11 23:40 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-11 23:40 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-11 23:40 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-11 23:40 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-11 23:40 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-11 23:40 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-11 23:40 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-11 23:40 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-11 23:40 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-11 23:40 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-11 23:40 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-11 23:40 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-07-11 23:40 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-07-11 23:40 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-07-11 23:40 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-07-11 23:40 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-07-11 23:40 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-07-11 23:40 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-11 23:40 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 23:40 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-11 23:40 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-11 23:40 - 2014-02-08 06:34 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-07-11 23:39 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-11 23:39 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-11 23:39 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-11 23:39 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-11 23:39 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-11 23:39 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-11 23:39 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-11 23:39 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-11 23:39 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-11 23:39 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-11 23:39 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-11 23:39 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-11 23:39 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-11 23:39 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-11 23:39 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-11 23:39 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-11 23:39 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-11 23:39 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-11 23:39 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-11 23:39 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-11 23:39 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-11 23:39 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-11 23:39 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-11 23:39 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-11 23:39 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 23:15 - 2014-07-09 23:15 - 00000000 ____D () C:\ProgramData\Orbit
2014-07-09 23:06 - 2014-07-10 00:25 - 00000000 ____D () C:\Users\Sigve\Desktop\Mayz
2014-07-09 22:35 - 2014-07-09 22:35 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Watch Dogs
2014-07-08 19:48 - 2014-07-08 19:48 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-07 19:34 - 2014-07-07 19:34 - 00000000 ____D () C:\Users\Sigve\Documents\Wolfire
2014-07-06 01:51 - 2014-07-06 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to WBFS
2014-07-06 01:27 - 2014-07-06 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WBFS to ISO
2014-07-06 01:19 - 2014-07-06 15:24 - 00000000 ____D () C:\Users\Sigve\AppData\Local\WBFSManager

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-05 22:34 - 2014-08-05 22:34 - 00013571 _____ () C:\Users\Sigve\Desktop\FRST.txt
2014-08-05 22:34 - 2014-08-05 22:33 - 00000000 ____D () C:\FRST
2014-08-05 22:33 - 2014-08-05 22:33 - 02094080 _____ (Farbar) C:\Users\Sigve\Desktop\FRST64.exe
2014-08-05 21:48 - 2014-06-20 05:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-05 21:42 - 2014-06-20 04:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-05 21:38 - 2014-06-20 03:18 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3688747210-2462762282-3808994931-1001
2014-08-05 21:00 - 2012-07-26 10:13 - 00000000 ____D () C:\Windows\system32\sru
2014-08-05 13:26 - 2014-08-05 13:26 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-05 13:26 - 2014-08-05 13:26 - 00000000 _____ () C:\Windows\setupact.log
2014-08-05 13:21 - 2012-07-26 09:27 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-05 13:14 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-04 23:47 - 2014-07-02 22:02 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\uTorrent
2014-08-04 23:21 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-04 19:11 - 2014-06-21 05:49 - 00000000 ____D () C:\Users\Sigve\Desktop\SPILL
2014-08-04 18:20 - 2014-08-04 18:20 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Awesomium
2014-08-04 17:49 - 2014-06-20 20:13 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\vlc
2014-08-04 16:55 - 2014-07-20 21:01 - 00074458 _____ () C:\Windows\WindowsUpdate.log
2014-08-04 16:46 - 2014-06-21 05:56 - 00000000 ____D () C:\Users\Sigve\Desktop\ADOBE
2014-08-04 16:44 - 2014-07-17 17:16 - 00001323 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-08-04 16:44 - 2014-07-17 17:16 - 00001311 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-08-04 16:44 - 2014-07-17 17:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-04 16:44 - 2014-06-21 07:04 - 00000000 ____D () C:\Users\Sigve\AppData\Local\Adobe
2014-08-04 16:41 - 2014-08-04 16:41 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\.technic
2014-08-04 16:17 - 2014-08-04 16:17 - 00000929 _____ () C:\Users\Sigve\Desktop\Steam.lnk
2014-08-04 16:15 - 2012-07-26 10:13 - 00000000 ____D () C:\Windows\rescache
2014-08-04 11:35 - 2012-07-26 10:00 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-04 11:24 - 2014-06-20 04:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-08-03 22:54 - 2014-08-02 19:55 - 00000016 _____ () C:\Users\Sigve\AppData\Roaming\Firefox.exe.tmp
2014-07-29 22:14 - 2014-07-29 22:14 - 00280832 _____ () C:\Windows\Minidump\072914-9234-01.dmp
2014-07-29 22:14 - 2014-07-23 14:44 - 749078527 _____ () C:\Windows\MEMORY.DMP
2014-07-29 22:14 - 2014-07-23 14:44 - 00000000 ____D () C:\Windows\Minidump
2014-07-29 13:18 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-29 13:17 - 2014-06-20 03:12 - 00000000 ____D () C:\Users\Sigve
2014-07-29 13:11 - 2014-06-20 03:22 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-07-23 19:31 - 2014-07-23 19:31 - 00280832 _____ () C:\Windows\Minidump\072314-9703-01.dmp
2014-07-23 14:44 - 2014-07-23 14:44 - 00280832 _____ () C:\Windows\Minidump\072314-10593-01.dmp
2014-07-20 19:06 - 2014-06-20 05:20 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-20 19:05 - 2014-07-20 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-19 17:41 - 2012-07-26 10:13 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-19 15:02 - 2014-06-21 07:02 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Adobe
2014-07-18 19:30 - 2014-07-17 01:25 - 05174384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-17 19:29 - 2014-07-17 19:29 - 00001010 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2014.lnk
2014-07-17 19:29 - 2014-07-17 17:49 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-17 19:19 - 2014-07-17 19:19 - 00001002 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2014.lnk
2014-07-17 19:19 - 2014-07-17 19:19 - 00000000 ____D () C:\Program Files\Adobe
2014-07-17 19:19 - 2014-07-17 19:19 - 00000000 ____D () C:\adobeTemp
2014-07-17 19:04 - 2014-07-17 19:04 - 00001107 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
2014-07-17 19:04 - 2014-07-17 19:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-17 19:04 - 2014-07-17 19:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-17 19:04 - 2014-06-21 04:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-17 19:03 - 2014-07-17 19:03 - 00000938 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2014.lnk
2014-07-17 18:55 - 2014-07-17 18:55 - 00001327 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2014.lnk
2014-07-17 18:55 - 2014-07-17 18:55 - 00000000 ____D () C:\ProgramData\ALM
2014-07-17 18:12 - 2014-07-17 18:12 - 00002085 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.5 64-bit.lnk
2014-07-17 18:00 - 2014-07-17 18:00 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\PDAppFlex
2014-07-17 17:50 - 2014-06-21 07:24 - 00001050 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-07-17 17:27 - 2014-07-17 17:27 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-07-17 17:16 - 2014-07-17 17:16 - 00000000 ___RD () C:\Users\Sigve\Creative Cloud Files ([email protected])
2014-07-17 00:44 - 2014-06-21 06:12 - 00000000 ____D () C:\Users\Sigve\Documents\Adobe
2014-07-16 20:55 - 2014-06-27 02:13 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Gyazo
2014-07-15 19:19 - 2014-07-15 19:03 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\redsn0w
2014-07-15 19:15 - 2014-07-15 19:14 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Apple Computer
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\Users\Sigve\AppData\Local\Apple Computer
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\Program Files\iTunes
2014-07-15 19:14 - 2014-07-15 19:14 - 00000000 ____D () C:\Program Files\iPod
2014-07-15 19:13 - 2014-07-15 19:13 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Users\Sigve\AppData\Local\Apple
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\ProgramData\Apple
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-15 19:13 - 2014-07-15 19:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-07-15 00:13 - 2014-07-15 00:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-15 00:13 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:13 - 2012-07-26 10:13 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-15 00:13 - 2012-07-26 10:13 - 00000000 ____D () C:\Windows\WinStore
2014-07-15 00:13 - 2012-07-26 10:07 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-14 21:40 - 2014-07-05 22:32 - 00000000 ____D () C:\Users\Sigve\Documents\WBFS Manager Covers
2014-07-13 21:40 - 2014-07-13 21:40 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2014-07-13 03:00 - 2014-06-21 21:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-13 03:00 - 2014-06-21 21:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-12 17:16 - 2014-06-20 07:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-12 17:15 - 2014-06-20 07:07 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 23:38 - 2014-07-01 01:27 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\.minecraft
2014-07-11 03:02 - 2014-06-20 05:20 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-20 19:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-06-20 05:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-06-20 05:20 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 00:25 - 2014-07-09 23:06 - 00000000 ____D () C:\Users\Sigve\Desktop\Mayz
2014-07-09 23:37 - 2014-07-01 06:22 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\.mcRPW
2014-07-09 23:15 - 2014-07-09 23:15 - 00000000 ____D () C:\ProgramData\Orbit
2014-07-09 23:15 - 2014-06-20 23:38 - 00000000 ____D () C:\Users\Sigve\Documents\My Games
2014-07-09 22:35 - 2014-07-09 22:35 - 00000000 ____D () C:\Users\Sigve\AppData\Roaming\Watch Dogs
2014-07-08 19:48 - 2014-07-08 19:48 - 05659136 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-07-08 19:48 - 2014-06-20 05:25 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 19:34 - 2014-07-07 19:34 - 00000000 ____D () C:\Users\Sigve\Documents\Wolfire
2014-07-06 15:24 - 2014-07-06 01:19 - 00000000 ____D () C:\Users\Sigve\AppData\Local\WBFSManager
2014-07-06 01:51 - 2014-07-06 01:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to WBFS
2014-07-06 01:27 - 2014-07-06 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WBFS to ISO

Some content of TEMP:
====================
C:\Users\Sigve\AppData\Local\Temp\adobeee.exe
C:\Users\Sigve\AppData\Local\Temp\adoby.exe
C:\Users\Sigve\AppData\Local\Temp\age.exe
C:\Users\Sigve\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Sigve\AppData\Local\Temp\h-Chrome.exe
C:\Users\Sigve\AppData\Local\Temp\tiiiiiiiiiiiiiiiiiii.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-04 13:02

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Sigve at 2014-08-05 22:34:26
Running from C:\Users\Sigve\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2014 (HKLM-x32\...\{663DEEEF-EF34-4DCB-8687-73A7AA146E02}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.5 64-bit (HKLM\...\{19BBD0F3-7A31-480D-8A23-19AE28035E9C}) (Version: 5.5.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.0 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Adobe® Content Viewer (x32 Version: 3.4.3 - Adobe Systems, Incorporated) Hidden
AMD Accelerated Video Transcoding (Version: 12.10.100.30215 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1124.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{D4DEB532-1003-D978-B678-D08A430CE548}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version:  - )
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple-programsupport (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Avid License Control (HKLM-x32\...\{89A9B9EE-839E-4820-9450-2912C82F46AF}) (Version: 6.0.0 - Avid Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0215.1631.29608 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0215.1631.29608 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0215.1631.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0215.1630.29608 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0215.1631.29608 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.3.0.0254 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{65480649-2AA6-4C5C-AAE8-DB35335D98A7}) (Version:  - Microsoft)
Gyazo 2.1 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.9 - Magical Jelly Bean)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 nb-NO) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 nb-NO)) (Version: 30.0 - Mozilla)
Mozilla Firefox 31.0 (x86 nb-NO) (HKCU\...\Mozilla Firefox 31.0 (x86 nb-NO)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NETGEAR WNDA3100v2 wireless USB 2.0 adapter (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.1.0.3 - NETGEAR)
Neuratron PhotoScore Lite (HKLM-x32\...\Neuratron PhotoScore Lite) (Version: 7.0.0 - Neuratron Ltd)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFtoMusic (HKLM-x32\...\PDFtoMusic) (Version: 1.4.2c - Myriad SARL)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sibelius 7 OpenType Fonts (HKLM-x32\...\{7325A8DF-C8C3-4425-B0CA-8CAEE5E6464B}) (Version: 7.0.1 - Avid)
Sibelius 7.1.0.54 (HKLM\...\Sibelius 7.0.0.23_is1) (Version: 7.1.0.54 - Avid)
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.5.0.0 - IObit)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{122B0E69-64AF-41BE-B3F6-D387A7E7E687}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{A4EACEBA-1944-45DB-B547-8967AA7926B9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{07017577-FBD6-45E2-A796-659E8F428057}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B23AED0C-4813-4B49-9870-2F0968824E87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{56962EB1-4DD3-48BB-934B-EA4C4516D89A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{63AED158-0508-4738-A811-840B2053EF3B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUSR_{23073850-B916-414F-9204-AB0512524A6A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{02DB183E-6F67-4906-A391-325874C5DA87}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{FC6618D2-F75D-4FDD-B396-E4B0C0D757B6}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{15033648-0DAB-4BE8-B84B-D1139BD0563F}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2C43B8B8-09A1-4D09-B4B9-B247A7348D75}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Watch Dogs (HKLM-x32\...\Watch Dogs_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WBFS to ISO (HKLM-x32\...\{55F0E086-2E1C-4478-B52E-DA6025A46434}_is1) (Version:  - wbfstoiso.com)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

20-07-2014 17:05:29 Installed Java 7 Update 65
28-07-2014 19:08:55 Scheduled Checkpoint
04-08-2014 09:23:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2014-07-17 18:03 - 00001132 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
127.0.0.1                   hlrcv.stage.adobe.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B998536-53CF-4C99-B0D7-3654FF7B41AE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23AEF03C-FCA1-4DEF-ADB2-62236C07C65E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {313BA456-E34F-431C-9CD7-C8444DCE07A1} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {40861D80-2E35-4011-9A7E-85D83B04CE78} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-12] (Microsoft Corporation)
Task: {72C39FC8-F6C0-4541-B015-006D2E819ED7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-05-08] ()
Task: {777A881A-6B66-4D77-9652-710038AF1001} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {778E02F5-8182-4890-8DFD-80CFB204694D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {8167DA38-A2E3-4E20-A659-D6C90325B7A2} - System32\Tasks\AdobeAAMUpdater-1.0-livingroom-pc-Sigve => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {97113878-87C2-41BE-B055-44641D44BCD9} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {9A839932-084C-4675-A234-954503126EB0} - System32\Tasks\StartMenuAutoupdate => D:\Program\Start Menu 8\AutoUpdate.exe [2014-06-06] (IObit)
Task: {A801E018-1A9D-492F-83DB-F1F386493BDF} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {B6E2DFE6-05A0-40CA-AB73-D8D2F21ED490} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {BC2B6B74-5FB2-462A-931A-FDBA66EA7BE5} - System32\Tasks\CCleanerSkipUAC => D:\Program\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {C09AAABB-69EE-4FEB-9F1C-7D3BC8080F00} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D964CEF0-DC7A-4F24-836C-A7E3EFB827D9} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {EF28AD0F-96A7-487B-A1CD-958124EBD0EF} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-20 03:19 - 2012-09-19 03:46 - 00305200 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-06-10 13:19 - 2014-06-10 13:19 - 08892072 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-06-20 03:19 - 2012-09-19 03:46 - 08384800 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-20 06:10 - 2014-06-06 22:07 - 00348960 _____ () D:\Program\Start Menu 8\madExcept_.bpl
2014-06-20 06:10 - 2014-06-06 22:07 - 00183584 _____ () D:\Program\Start Menu 8\madBasic_.bpl
2014-06-20 06:10 - 2014-06-06 22:07 - 00050976 _____ () D:\Program\Start Menu 8\madDisAsm_.bpl
2014-06-20 03:19 - 2012-09-22 00:25 - 00380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-06-20 06:10 - 2014-06-06 22:08 - 00041248 _____ () D:\Program\Start Menu 8\winkey.dll
2014-06-20 03:19 - 2012-09-18 18:34 - 00278528 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2014 01:41:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/05/2014 01:24:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/05/2014 01:24:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.

Error: (08/05/2014 01:15:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/04/2014 07:11:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception code: 0xc0000005
Fault offset: 0x0027ea45
Faulting process id: 0x1590
Faulting application start time: 0xFPM.exe0
Faulting application path: FPM.exe1
Faulting module path: FPM.exe2
Report Id: FPM.exe3
Faulting package full name: FPM.exe4
Faulting package-relative application ID: FPM.exe5

Error: (08/04/2014 07:10:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception code: 0xc0000005
Fault offset: 0x0027ea45
Faulting process id: 0x1700
Faulting application start time: 0xFPM.exe0
Faulting application path: FPM.exe1
Faulting module path: FPM.exe2
Report Id: FPM.exe3
Faulting package full name: FPM.exe4
Faulting package-relative application ID: FPM.exe5

Error: (08/04/2014 06:59:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception code: 0xc0000005
Fault offset: 0x0027ea45
Faulting process id: 0xe0c
Faulting application start time: 0xFPM.exe0
Faulting application path: FPM.exe1
Faulting module path: FPM.exe2
Report Id: FPM.exe3
Faulting package full name: FPM.exe4
Faulting package-relative application ID: FPM.exe5

Error: (08/04/2014 06:57:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception code: 0xc0000005
Fault offset: 0x0027ea45
Faulting process id: 0x1578
Faulting application start time: 0xFPM.exe0
Faulting application path: FPM.exe1
Faulting module path: FPM.exe2
Report Id: FPM.exe3
Faulting package full name: FPM.exe4
Faulting package-relative application ID: FPM.exe5

Error: (08/04/2014 06:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Faulting module name: FPM.exe, version: 4.2.0.11012, time stamp: 0x51498820
Exception code: 0xc0000005
Fault offset: 0x0027ea45
Faulting process id: 0x14b8
Faulting application start time: 0xFPM.exe0
Faulting application path: FPM.exe1
Faulting module path: FPM.exe2
Report Id: FPM.exe3
Faulting package full name: FPM.exe4
Faulting package-relative application ID: FPM.exe5

Error: (08/04/2014 05:57:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=NetworkAvailable


System errors:
=============
Error: (08/04/2014 05:46:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:01:20 PM on ‎8/‎4/‎2014 was unexpected.

Error: (08/03/2014 00:56:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:28:24 PM on ‎8/‎3/‎2014 was unexpected.

Error: (07/29/2014 10:14:58 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP072914-9234-01

Error: (07/29/2014 10:14:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:39:38 PM on ‎7/‎29/‎2014 was unexpected.

Error: (07/29/2014 01:18:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/23/2014 07:31:21 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP072314-9703-01

Error: (07/23/2014 07:31:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:53:57 PM on ‎7/‎23/‎2014 was unexpected.

Error: (07/23/2014 02:44:54 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0xa0000001 (0x0000000000000005, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP072314-10593-01

Error: (07/23/2014 02:44:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:04:14 PM on ‎7/‎23/‎2014 was unexpected.

Error: (07/20/2014 11:45:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (08/05/2014 01:41:11 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/05/2014 01:24:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/05/2014 01:24:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestc:\program files (x86)\Adobe\adobe creative cloud\Utils\Creative Cloud Uninstaller.exe

Error: (08/05/2014 01:15:01 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/04/2014 07:11:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FPM.exe4.2.0.1101251498820FPM.exe4.2.0.1101251498820c00000050027ea45159001cfb0071e2e38a6D:\Spill\Spill PC\First Person Mario\FPM.exeD:\Spill\Spill PC\First Person Mario\FPM.exe5f397382-1bfa-11e4-b345-d43d7ebe16fa

Error: (08/04/2014 07:10:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FPM.exe4.2.0.1101251498820FPM.exe4.2.0.1101251498820c00000050027ea45170001cfb00584d9f100C:\Users\Sigve\Desktop\FPM.exeC:\Users\Sigve\Desktop\FPM.exe38f76465-1bfa-11e4-b345-d43d7ebe16fa

Error: (08/04/2014 06:59:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FPM.exe4.2.0.1101251498820FPM.exe4.2.0.1101251498820c00000050027ea45e0c01cfb00576502e17C:\Users\Sigve\Desktop\FPM.exeC:\Users\Sigve\Desktop\FPM.exeb7692172-1bf8-11e4-b345-d43d7ebe16fa

Error: (08/04/2014 06:57:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FPM.exe4.2.0.1101251498820FPM.exe4.2.0.1101251498820c00000050027ea45157801cfb0052451a59bC:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.153\FPM.exeC:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.153\FPM.exe70642ee0-1bf8-11e4-b345-d43d7ebe16fa

Error: (08/04/2014 06:56:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FPM.exe4.2.0.1101251498820FPM.exe4.2.0.1101251498820c00000050027ea4514b801cfb0050b142c9cC:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.563\FPM.exeC:\Users\Sigve\AppData\Local\Temp\Rar$EXa0.563\FPM.exe5659e899-1bf8-11e4-b345-d43d7ebe16fa

Error: (08/04/2014 05:57:08 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=e14997e7-800a-4cf7-ad10-de4b45b578db;NotificationInterval=1440;Trigger=NetworkAvailable


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 8104.61 MB
Available physical RAM: 6383.78 MB
Total Pagefile: 16296.61 MB
Available Pagefile: 13286.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:111.45 GB) (Free:62.11 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:637.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: B79C7526)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: CFD19E86)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#7
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts

Hi,

 

Let's start cleaning, but first...

 

 

!!! P2P Warning !!!

 

I notice there are signs of some P2P (Peer-to-Peer) File Sharing Programs on your computer.

The P2P technology can be used for legit downloads but many people use them to download stuff like music, movies, software with cracks/keygens that is illegal and violate the intellectual property rights.
This kind of downloads it's proven to be a major source of problems because its very common they include Virus, Trojans and all kinds of malware that can damage your computer and should be avoided at all cost if you want to keep your system safe and you away from lawsuits.
If your P2P program is not configured correctly or the program have some security flaw, your computer may also be sharing more files than you realize! GeeksToGo does not recommend using such programs and I strongly advise you to remove them. The choice is yours but if you decide to keep this program(s) please do not use them until we finish the cleaning process.


Please uninstall the following Peer-to-Peer program(s): uTorrent.

 

Step 1 - FRST Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

 

  • Open Notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy.)
  • Right-click in the open Notepad and select Paste.
  • Save it on the Desktop as fixlist.txt
    (It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work!)

    (Microsoft Corporation) C:\Windows\System32\wscript.exe
    HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\Run: [Thumbs] => wscript.exe //B "C:\Users\Sigve\AppData\Local\Temp\Thumbs.vbs" <===== ATTENTION
    Startup: C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.vbs ()
    C:\Users\Sigve\AppData\Local\Temp\Thumbs.vbs
    C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.vbs
    C:\Users\Sigve\AppData\Local\Temp\adobeee.exe
    C:\Users\Sigve\AppData\Local\Temp\adoby.exe
    C:\Users\Sigve\AppData\Local\Temp\age.exe
    C:\Users\Sigve\AppData\Local\Temp\CreativeCloudSet-Up.exe
    C:\Users\Sigve\AppData\Local\Temp\h-Chrome.exe
    C:\Users\Sigve\AppData\Local\Temp\tiiiiiiiiiiiiiiiiiii.exe
    CMD: rmdir /S /Q C:\Users\Sigve\AppData\Local\Temp
    CMD: mkdir C:\Users\Sigve\AppData\Local\Temp

  • Run FRST/FRST64 and press the Fix button just once and Wait. After the fix the system needs to restart if the tool does not request it please Restart the computer.
  • The tool will make a log (Fixlog.txt) on the same location as FRST/FRST64 please post it in your next reply.


Step 2 - AdwCleaner

Download AdwCleaner from here to the Desktop

  • Close all open windows and browsers
  • Right click on the AdwCleaner_Icon.gif icon and choose Run as Administrator to execute the program
    (When the Tool opens for the first time you have to accept the Terms of use - click J'accepte/I Agree)
    AdwCleaner_Clean.png
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S0].txt

Things I would like to see in your next reply:

  • The Fixlog.txt log
  • AdwCleaner log AdwCleaner[S0].txt
  • Let me know if the AVG warnings and the problem transferring the files stop after the fix

 

 


  • 0

#8
hashdog

hashdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Hey,

On step 2, when i clicked the clean button, avg popped up and said there was a virus in advcleaner...? The file was removed and i tried to download it again and it said i wasnt allowed to save files to my desktop!? o.o

 

http://gyazo.com/48f...81e39df05a5f7cf

 

( but when i tried to download a random picture to my desk, it worked http://gyazo.com/8ac...f8922c56eced9ae )


Edited by hashdog, 05 August 2014 - 05:11 PM.

  • 0

#9
hashdog

hashdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Oh, nvm I wrote the name "dddd" fro it instead and it worked...


  • 0

#10
hashdog

hashdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

Okay, here they are: (avg kept saying it was a virus so i whitelisted it)

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Sigve at 2014-08-06 00:57:09 Run:1
Running from C:\Users\Sigve\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\System32\wscript.exe
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\...\Run: [Thumbs] => wscript.exe //B "C:\Users\Sigve\AppData\Local\Temp\Thumbs.vbs" <===== ATTENTION
Startup: C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.vbs ()
C:\Users\Sigve\AppData\Local\Temp\Thumbs.vbs
C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.vbs
C:\Users\Sigve\AppData\Local\Temp\adobeee.exe
C:\Users\Sigve\AppData\Local\Temp\adoby.exe
C:\Users\Sigve\AppData\Local\Temp\age.exe
C:\Users\Sigve\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Sigve\AppData\Local\Temp\h-Chrome.exe
C:\Users\Sigve\AppData\Local\Temp\tiiiiiiiiiiiiiiiiiii.exe
CMD: rmdir /S /Q C:\Users\Sigve\AppData\Local\Temp
CMD: mkdir C:\Users\Sigve\AppData\Local\Temp
*****************

[4324] C:\Windows\System32\wscript.exe => Process closed successfully.
HKU\S-1-5-21-3688747210-2462762282-3808994931-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Thumbs => value deleted successfully.
C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.vbs => Moved successfully.
C:\Users\Sigve\AppData\Local\Temp\Thumbs.vbs => Moved successfully.
"C:\Users\Sigve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thumbs.vbs" => File/Directory not found.
C:\Users\Sigve\AppData\Local\Temp\adobeee.exe => Moved successfully.
C:\Users\Sigve\AppData\Local\Temp\adoby.exe => Moved successfully.
C:\Users\Sigve\AppData\Local\Temp\age.exe => Moved successfully.
C:\Users\Sigve\AppData\Local\Temp\CreativeCloudSet-Up.exe => Moved successfully.
C:\Users\Sigve\AppData\Local\Temp\h-Chrome.exe => Moved successfully.
C:\Users\Sigve\AppData\Local\Temp\tiiiiiiiiiiiiiiiiiii.exe => Moved successfully.

=========  rmdir /S /Q C:\Users\Sigve\AppData\Local\Temp =========

C:\Users\Sigve\AppData\Local\Temp\etilqs_nZKljXiVMIzwlLs - The process cannot access the file because it is being used by another process.
C:\Users\Sigve\AppData\Local\Temp\etilqs_w34xQb6RAWddjxk - The process cannot access the file because it is being used by another process.
C:\Users\Sigve\AppData\Local\Temp\MYWCPT~1\shell32.dll.mui2308058133825.old - Access is denied.

========= End of CMD: =========


=========  mkdir C:\Users\Sigve\AppData\Local\Temp =========

A subdirectory or file C:\Users\Sigve\AppData\Local\Temp already exists.

========= End of CMD: =========


==== End of Fixlog ====

 

 

 

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.302 - Report created 06/08/2014 at 01:02:21
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8 Enterprise N  (64 bits)
# Username : Sigve - LIVINGROOM-PC
# Running from : C:\Users\Sigve\Desktop\adwcleaner_3.302.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Mozilla Firefox v30.0 (nb-NO)

[ File : C:\Users\Sigve\AppData\Roaming\Mozilla\Firefox\Profiles\8gsfv2z4.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [885 octets] - [06/08/2014 01:02:03]
AdwCleaner[S0].txt - [811 octets] - [06/08/2014 01:02:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [870 octets] ##########
# AdwCleaner v3.302 - Report created 06/08/2014 at 01:16:15
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8 Enterprise N  (64 bits)
# Username : Sigve - LIVINGROOM-PC
# Running from : C:\Users\Sigve\Desktop\dddd.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17028


-\\ Mozilla Firefox v30.0 (nb-NO)

[ File : C:\Users\Sigve\AppData\Roaming\Mozilla\Firefox\Profiles\8gsfv2z4.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1739 octets] - [06/08/2014 01:02:03]
AdwCleaner[S0].txt - [1665 octets] - [06/08/2014 01:02:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1725 octets] ##########
 


  • 0

#11
hashdog

hashdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts

omg, i can't believe IT ACTUALLY WORKED!!! hahaha thanks so much there's no avg pop-ups or no dead shortcuts or anything when i move them files now, just the file. nothing else :)

(yay)


Edited by hashdog, 06 August 2014 - 03:47 AM.

  • 0

#12
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts

omg, i can't believe IT ACTUALLY WORKED!!! hahaha thanks so much there's no avg pop-ups or no dead shortcuts or anything when i move them files now, just the file. nothing else :)

(yay)

 

Good :) By the way nice kitty photo :)

 

Due to the nature of the tools we use some of them can be detected as malware by some Antivirus programs... You did right whitelisting the tool :thumbsup:

 

We have some more work to do to make sure the malware is gone...

 

Step 1 - TFC - Temp File Cleaner

  • download TFC - Temp File Cleaner by OldTimer and save the file to the Desktop
    The program will close all programs when run, so make sure you have saved all your work before you begin
  • right click the TFC icon and choose Run as Administrator
  • click Start and let the program run uninterrupted

Notes:

  • Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two
  • When TFC runs it can shut down all running processes and you may lose the desktop and icons, but they will return on reboot
  • Once the cleaning process finished it could ask to reboot the machine. If it does not, please manually reboot the computer yourself to ensure a complete clean.

 

Step 2 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
ESET_Scan.png

  • Select the option Enable detection of potential unwanted applications
  • Click on Advanced Settings, an check the following options:
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
     (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it can take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications

 

Step 3 - Security Check

Download Security Check by screen317 and Save it to the Desktop.

  • Double click the icon SecurityCheckIcon2.png to execute the program. If you run Windows Vista or higher, right click the icon and choose Run as Administrator.
    SecurityCheck.png
  • Follow the onscreen instructions inside of the black box.
  • If your Security Software alerts you because of Security Check, please press Allow or similar.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.

 

Things I would like to see in your next reply:

  • The ESET log
  • The checkup.txt log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP