SSL and HTTPS errors

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
This just started happening about 1-2 months ago. My google chrome on Windows 7 64bit has been having a bunch of issues properly loading webpages that I frequent. Wether it's facebook, game sites, or any random website during research. I get error. This is an example. I click on a bookmark I have of my bank. and I get this..

"This is probably not the site you are looking for!
You attempted to reach www3.citizensbankonline.com, but instead you actually reached a server identifying itself as *.atdmt.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www3.citizensbankonline.com.
You should not proceed, especially if you have never seen this warning before for this site."

I also get issues with the loading of pictures where they just don't appear and some websites load as a list with bulletins at the start of every line with a white background and all black text. I've seen "resolves" where accepting cookies worked buuuuut thats a load of bullasaraptor crap. I use Microsoft Security Essentials and did a fullsystem and found two things which were both promptly removed. "Bettersurf" and "TrojanDownloader:Win32/Clikug.B" Bettersurf got quarantined. I don't know why but it won't jsut delete it. Please if someone could help me fix this problem I'm afraid someones trying to get my personal info and I can't have that happening.. Thanks for any help in advance!

Edit: Also when this does hapen, I close chrome and run CCleaner and then the pages load right up temporarily at least.

Another example. This is the SSL Error

"Cannot connect to the real www.facebook.com

Something is currently interfering with your secure connection to www.facebook.com.

Try to reload this page in a few minutes or after switching to a new network. If you have recently connected to a new Wi-Fi network, finish logging in before reloading.

If you were to visit www.facebook.com right now, you might share private information with an attacker. To protect your privacy, Chrome will not load the page until it can establish a secure connection to the real www.facebook.com"
 
Joined
May 7, 2011
Messages
14,142
As a precaution if you use this PC for any financial transactions or on-line banking you should inform the companies concerned that your system may have been compromised by a hacker and change all passwords used on a clean machine. Do not use this machine again to log into any accounts or make any on-line purchases until we are sure it is clean.

Please run these two scans in the order listed and post the logs.



SCAN 1
Click on this link to download : ADWCleaner Click on the Download Now button and save it to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:

You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.




SCAN 2
Please download Farbar Recovery Scan Tool (FRST) and save it to your desktop. Do not get tempted to download Regclean Pro.

Note: If you get a warning that the download could harm your system, please ignore it and allow the download to go ahead. FRST is perfectly safe and we would never ask you to download anything that isn't.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click on FRST to run it. When the tool opens click Yes to the disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run from. Please copy and paste it into your next reply.
  • The first time the tool is run, it makes another log (Addition.txt). Please also copy and paste that into your reply.
 

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
# AdwCleaner v3.024 - Report created 19/04/2014 at 17:18:26
# Updated 18/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Van Hohenheim - VANHOHENHEIM-PC
# Running from : C:\Users\Van Hohenheim\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : wStLibG64

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\MediaWatchV1
Folder Deleted : C:\Users\Van Hohenheim\AppData\Local\genienext
Folder Deleted : C:\Users\Van Hohenheim\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Van Hohenheim\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Van Hohenheim\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Van Hohenheim\Documents\Mobogenie
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****

I assume I should hit fix for the second scan, ill post that in one second

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Van Hohenheim (administrator) on VANHOHENHEIM-PC on 19-04-2014 17:23:01
Running from C:\Users\Van Hohenheim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-360957765-592964268-1472868293-1001\...\MountPoints2: {08951a66-50ca-11e3-87ed-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-360957765-592964268-1472868293-1001\...\MountPoints2: {77fe26ab-6ddc-11e3-a076-94de80ce6439} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-360957765-592964268-1472868293-1001\...\MountPoints2: {77fe26d5-6ddc-11e3-a076-94de80ce6439} - G:\AutoRunMorrowind.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF7B7342FD152CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Media Watch - {f0328aa4-242a-4e09-8869-39790db75e7c} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ie\MediaWatchV1home926.dll No File
Tcpip\..\Interfaces\{8549FEF9-3342-4B81-8386-322133B6A003}: [NameServer]192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Van Hohenheim\AppData\Local\Roblox\Versions\version-dd7ca4fae8d24153\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4637\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4637\ff [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4686\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4686\ff [2014-03-15]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ff

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-25]
CHR Extension: (Google Drive) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (YouTube) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Google Search) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (Google Wallet) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Battlefield Play4Free) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2014-01-01]
CHR Extension: (Gmail) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [aafafigakbpikmibajglipkefgaopcop] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4686\ch\MediaViewV1alpha4686.crx [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [cahjldjkodladjjdnpkbihgkkakgdfhd] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ch\MediaWatchV1home926.crx [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [ppcdfcmdoncfejjomodoldfjnheokckh] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4637\ch\MediaViewV1alpha4637.crx [2013-12-25]

==================== Services (Whitelisted) =================

S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-28] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-23] (Duplex Secure Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
U3 a4xo3yjp; C:\Windows\System32\Drivers\a4xo3yjp.sys [0 ] (Advanced Micro Devices)
U3 aft69m0t; C:\Windows\System32\Drivers\aft69m0t.sys [0 ] (Advanced Micro Devices)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-19 17:23 - 2014-04-19 17:23 - 00009675 _____ () C:\Users\Van Hohenheim\Downloads\FRST.txt
2014-04-19 17:22 - 2014-04-19 17:23 - 00000000 ____D () C:\FRST
2014-04-19 17:21 - 2014-04-19 17:21 - 02055680 _____ (Farbar) C:\Users\Van Hohenheim\Downloads\FRST64.exe
2014-04-19 17:20 - 2014-04-19 17:20 - 01258805 _____ () C:\Users\Van Hohenheim\Downloads\AdwCleaner (1).exe
2014-04-19 17:20 - 2014-04-19 17:20 - 00070352 _____ () C:\Users\Van Hohenheim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-19 17:19 - 2014-04-19 17:19 - 00324216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-19 17:19 - 2014-04-19 17:19 - 00000056 _____ () C:\Windows\setupact.log
2014-04-19 17:19 - 2014-04-19 17:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 17:17 - 2014-04-19 17:18 - 00000000 ____D () C:\AdwCleaner
2014-04-19 17:16 - 2014-04-19 17:17 - 01258805 _____ () C:\Users\Van Hohenheim\Downloads\AdwCleaner.exe
2014-04-15 19:46 - 2014-04-15 19:53 - 131279166 _____ () C:\Users\Van Hohenheim\Downloads\theone.flv
2014-04-15 19:30 - 2014-04-15 19:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 19:30 - 2014-04-15 19:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 19:09 - 2014-04-15 19:09 - 00921512 _____ (Oracle Corporation) C:\Users\Van Hohenheim\Downloads\chromeinstall-7u55 (1).exe
2014-04-15 19:01 - 2014-04-15 19:01 - 00921512 _____ (Oracle Corporation) C:\Users\Van Hohenheim\Downloads\chromeinstall-7u55.exe
2014-04-12 14:03 - 2014-04-12 14:03 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Mozilla
2014-04-12 14:01 - 2014-04-12 14:01 - 00376280 _____ () C:\Users\Van Hohenheim\Downloads\TinyMediaPlayer.exe
2014-04-10 08:06 - 2014-04-10 08:06 - 00632688 _____ (ROBLOX Corporation) C:\Users\Van Hohenheim\Downloads\RobloxPlayerLauncher.exe
2014-04-10 08:06 - 2014-04-10 08:06 - 00001318 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Player.lnk
2014-04-09 04:18 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 04:18 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 04:18 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 04:18 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 04:17 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 04:17 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 04:17 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 04:17 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 04:17 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 04:17 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 04:17 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 04:17 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 04:17 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 04:17 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 04:17 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 04:17 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 18:21 - 2014-04-12 17:04 - 00006765 _____ () C:\Users\Van Hohenheim\Desktop\pizzadough.txt
2014-04-07 22:24 - 2014-04-10 08:06 - 00001137 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Studio 2013.lnk
2014-04-07 22:24 - 2014-04-10 08:06 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-04-07 22:22 - 2014-04-07 22:24 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\Roblox
2014-04-07 22:22 - 2014-04-07 22:22 - 00608112 _____ (ROBLOX Corporation) C:\Users\Van Hohenheim\Downloads\RobloxStudioLauncherBeta.exe
2014-04-06 23:59 - 2014-04-06 23:59 - 00001190 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-04 08:40 - 2014-04-04 08:40 - 04787368 _____ (Piriform Ltd) C:\Users\Van Hohenheim\Downloads\ccsetup412.exe
2014-03-30 18:03 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\TS3Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00001193 _____ () C:\Users\Van Hohenheim\Desktop\TeamSpeak 3 Client.lnk
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\TeamSpeak 3 Client
2014-03-28 10:26 - 2014-03-15 12:30 - 00002218 _____ () C:\Users\Van Hohenheim\Desktop\Google Chrome.lnk

==================== One Month Modified Files and Folders =======

2014-04-19 17:23 - 2014-04-19 17:23 - 00009675 _____ () C:\Users\Van Hohenheim\Downloads\FRST.txt
2014-04-19 17:23 - 2014-04-19 17:22 - 00000000 ____D () C:\FRST
2014-04-19 17:22 - 2013-11-16 15:22 - 01267502 _____ () C:\Windows\WindowsUpdate.log
2014-04-19 17:21 - 2014-04-19 17:21 - 02055680 _____ (Farbar) C:\Users\Van Hohenheim\Downloads\FRST64.exe
2014-04-19 17:20 - 2014-04-19 17:20 - 01258805 _____ () C:\Users\Van Hohenheim\Downloads\AdwCleaner (1).exe
2014-04-19 17:20 - 2014-04-19 17:20 - 00070352 _____ () C:\Users\Van Hohenheim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-19 17:20 - 2013-12-25 22:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-19 17:19 - 2014-04-19 17:19 - 00324216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-19 17:19 - 2014-04-19 17:19 - 00000056 _____ () C:\Windows\setupact.log
2014-04-19 17:19 - 2014-04-19 17:19 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 17:19 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-19 17:18 - 2014-04-19 17:17 - 00000000 ____D () C:\AdwCleaner
2014-04-19 17:17 - 2014-04-19 17:16 - 01258805 _____ () C:\Users\Van Hohenheim\Downloads\AdwCleaner.exe
2014-04-19 16:33 - 2013-12-25 22:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-19 16:29 - 2013-11-16 15:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 23:25 - 2013-11-16 15:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-17 20:46 - 2013-12-25 22:59 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\vlc
2014-04-17 08:46 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-15 19:53 - 2014-04-15 19:46 - 131279166 _____ () C:\Users\Van Hohenheim\Downloads\theone.flv
2014-04-15 19:30 - 2014-04-15 19:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 19:30 - 2014-04-15 19:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 19:30 - 2014-03-12 07:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-15 19:09 - 2014-04-15 19:09 - 00921512 _____ (Oracle Corporation) C:\Users\Van Hohenheim\Downloads\chromeinstall-7u55 (1).exe
2014-04-15 19:01 - 2014-04-15 19:01 - 00921512 _____ (Oracle Corporation) C:\Users\Van Hohenheim\Downloads\chromeinstall-7u55.exe
2014-04-15 08:07 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-15 08:07 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-12 17:04 - 2014-04-08 18:21 - 00006765 _____ () C:\Users\Van Hohenheim\Desktop\pizzadough.txt
2014-04-12 14:07 - 2013-12-25 21:47 - 00000000 ___RD () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-12 14:03 - 2014-04-12 14:03 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Mozilla
2014-04-12 14:01 - 2014-04-12 14:01 - 00376280 _____ () C:\Users\Van Hohenheim\Downloads\TinyMediaPlayer.exe
2014-04-10 08:06 - 2014-04-10 08:06 - 00632688 _____ (ROBLOX Corporation) C:\Users\Van Hohenheim\Downloads\RobloxPlayerLauncher.exe
2014-04-10 08:06 - 2014-04-10 08:06 - 00001318 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Player.lnk
2014-04-10 08:06 - 2014-04-07 22:24 - 00001137 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Studio 2013.lnk
2014-04-10 08:06 - 2014-04-07 22:24 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-04-10 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:01 - 2013-11-16 16:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:00 - 2013-11-16 16:21 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 07:38 - 2013-12-26 01:01 - 00000000 ____D () C:\ProgramData\Origin
2014-04-09 07:38 - 2013-12-26 01:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-07 22:24 - 2014-04-07 22:22 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\Roblox
2014-04-07 22:22 - 2014-04-07 22:22 - 00608112 _____ (ROBLOX Corporation) C:\Users\Van Hohenheim\Downloads\RobloxStudioLauncherBeta.exe
2014-04-06 23:59 - 2014-04-06 23:59 - 00001190 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-06 20:45 - 2013-12-26 01:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-04 08:48 - 2014-02-28 13:51 - 00000000 ____D () C:\Windows\Minidump
2014-04-04 08:48 - 2013-12-25 22:32 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\DAEMON Tools Lite
2014-04-04 08:47 - 2013-11-16 15:40 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-04 08:47 - 2013-11-16 15:40 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 08:47 - 2013-11-16 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-04 08:40 - 2014-04-04 08:40 - 04787368 _____ (Piriform Ltd) C:\Users\Van Hohenheim\Downloads\ccsetup412.exe
2014-04-03 03:00 - 2014-03-09 13:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 03:00 - 2014-03-09 13:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 03:00 - 2014-03-09 13:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-30 21:16 - 2014-04-09 04:18 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 21:13 - 2014-04-09 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 20:13 - 2014-04-09 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 19:57 - 2014-04-09 04:18 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 18:42 - 2014-03-30 18:03 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\TS3Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00001193 _____ () C:\Users\Van Hohenheim\Desktop\TeamSpeak 3 Client.lnk
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\TeamSpeak 3 Client
2014-03-28 20:35 - 2013-12-31 17:37 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\.minecraft
2014-03-27 19:28 - 2013-12-25 22:04 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 19:28 - 2013-12-25 22:04 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-22 14:59 - 2014-03-11 14:59 - 00000230 _____ () C:\extensions.ini
2014-03-22 14:58 - 2013-12-29 12:35 - 00000258 __RSH () C:\ProgramData\ntuser.pol

Files to move or delete:
====================
C:\Users\Van Hohenheim\jagex_cl_runescape_LIVE.dat
C:\Users\Van Hohenheim\random.dat


Some content of TEMP:
====================
C:\Users\Van Hohenheim\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-19 00:17

==================== End Of Log ============================
 
Joined
May 7, 2011
Messages
14,142
You have only posted half the Adwcleaner log and have not posted the Addition.txt log from FRST. Please find and post the Addition.txt log, you will find it in your Downloads folder. As Adwcleaner found Adware please run it again and make sure you copy the entire log produced after the reboot into your next post.
 

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
Addition one

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Van Hohenheim at 2014-04-19 17:23:34
Running from C:\Users\Van Hohenheim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Battlefield Play4Free (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version: - EA Digital illusions)
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dead Space&#8482; (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Media View (HKLM-x32\...\MediaViewV1alpha4637) (Version: 1.1 - Media View) <==== ATTENTION
Media View (HKLM-x32\...\MediaViewV1alpha4686) (Version: 1.1 - Media View) <==== ATTENTION
Media Watch (HKLM-x32\...\MediaWatchV1home926) (Version: 1.1 - Media Watch)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Need For Speed&#8482; World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
ROBLOX Player for Van Hohenheim (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Van Hohenheim (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Starcraft (HKLM-x32\...\Starcraft) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
The Movies(TM) (x32 Version: 1.0 - Activision) Hidden
The Movies(TM) Stunts & Effects (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.2 - Activision)
The Movies(TM) Stunts & Effects (x32 Version: 1.0 - Activision) Hidden
The Sims&#8482; 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
The Sims&#8482; 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims&#8482; 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

10-04-2014 04:00:01 Scheduled Checkpoint
10-04-2014 07:00:11 Windows Update
13-04-2014 07:28:15 Windows Update
15-04-2014 23:04:34 Installed Java 7 Update 55
15-04-2014 23:14:15 Removed Java 7 Update 55
15-04-2014 23:30:09 Installed Java 7 Update 55
16-04-2014 12:10:50 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1456F586-EDE8-47D2-9C4A-8EF6CF205809} - \AmiUpdXp ATTENTION ====> No Task File
Task: {18C57D52-20A2-47F0-B9FB-0A7C211E899B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {2C039068-4300-41BE-B248-356C838E7392} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {403D6EC0-49A4-4D2E-9602-E89F547ECCA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {74CD495F-359E-4A2A-9286-04CA247DFE3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C4361C57-271F-4123-8F17-19E22A0AD0C1} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-VANHOHENHEIM-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-16 15:27 - 2012-08-09 06:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-11-16 15:27 - 2012-08-09 06:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 02:35 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-09 02:35 - 2014-04-01 21:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Van Hohenheim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2014 05:21:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 05:19:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/18/2014 11:22:50 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/18/2014 11:22:20 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/15/2014 07:19:04 PM) (Source: MsiInstaller) (User: VanHohenheim-PC)
Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (04/15/2014 08:01:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 08:00:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/12/2014 02:03:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: TinyMediaPlayer.exe, version: 1.0.0.1, time stamp: 0x53079649
Faulting module name: mshtml.dll, version: 11.0.9600.16659, time stamp: 0x5338aef8
Exception code: 0xc0000005
Fault offset: 0x00068496
Faulting process id: 0xa08
Faulting application start time: 0xTinyMediaPlayer.exe0
Faulting application path: TinyMediaPlayer.exe1
Faulting module path: TinyMediaPlayer.exe2
Report Id: TinyMediaPlayer.exe3

Error: (04/11/2014 09:37:49 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/10/2014 03:19:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/19/2014 05:19:44 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/15/2014 08:00:20 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/10/2014 03:18:10 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/09/2014 07:31:49 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/08/2014 07:41:59 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/08/2014 07:41:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/08/2014 07:41:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/08/2014 07:39:16 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (03/29/2014 02:24:55 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (03/29/2014 02:24:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.


Microsoft Office Sessions:
=========================
Error: (04/19/2014 05:21:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 05:19:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (04/18/2014 11:22:50 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/18/2014 11:22:20 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/15/2014 07:19:04 PM) (Source: MsiInstaller)(User: VanHohenheim-PC)
Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/15/2014 08:01:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/15/2014 08:00:30 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (04/12/2014 02:03:09 PM) (Source: Application Error)(User: )
Description: TinyMediaPlayer.exe1.0.0.153079649mshtml.dll11.0.9600.166595338aef8c000000500068496a0801cf56794a7446d9C:\Users\Van Hohenheim\Downloads\TinyMediaPlayer.exeC:\Windows\SysWOW64\mshtml.dllb413a5eb-c26c-11e3-be63-94de80ce6439

Error: (04/11/2014 09:37:49 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/10/2014 03:19:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-11-19 11:13:44.562
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-19 11:13:44.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:57.430
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:57.388
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:39.547
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:39.504
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:55.308
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:55.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:36.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:36.764
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 8173.54 MB
Available physical RAM: 6653.26 MB
Total Pagefile: 16345.25 MB
Available Pagefile: 14607.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:263.15 GB) NTFS
Drive d: (STARCRAFT) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 413B3A89)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Joined
May 7, 2011
Messages
14,142
Please uninstall Media View and post the new log from Adwcleaner as requested in my last post.
 

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
Before that, Happy Easter guys!!!!, and thanks for the help I've recieved this far, I appreciate it.

//////ADWCLEANER//////
# AdwCleaner v3.100 - Report created 20/04/2014 at 09:29:40
# Updated 20/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Van Hohenheim - VANHOHENHEIM-PC
# Running from : C:\Users\Van Hohenheim\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2427 octets] - [19/04/2014 17:17:30]
AdwCleaner[R1].txt - [1252 octets] - [20/04/2014 09:21:14]
AdwCleaner[R2].txt - [1034 octets] - [20/04/2014 09:28:32]
AdwCleaner[S0].txt - [2341 octets] - [19/04/2014 17:18:26]
AdwCleaner[S1].txt - [1327 octets] - [20/04/2014 09:21:54]
AdwCleaner[S2].txt - [957 octets] - [20/04/2014 09:29:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1016 octets] ##########

//////FRST///////
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2014
Ran by Van Hohenheim (administrator) on VANHOHENHEIM-PC on 20-04-2014 09:40:28
Running from C:\Users\Van Hohenheim\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-360957765-592964268-1472868293-1001\...\MountPoints2: {08951a66-50ca-11e3-87ed-806e6f6e6963} - D:\SETUP.EXE
HKU\S-1-5-21-360957765-592964268-1472868293-1001\...\MountPoints2: {77fe26ab-6ddc-11e3-a076-94de80ce6439} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-360957765-592964268-1472868293-1001\...\MountPoints2: {77fe26d5-6ddc-11e3-a076-94de80ce6439} - G:\AutoRunMorrowind.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF7B7342FD152CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Media Watch - {f0328aa4-242a-4e09-8869-39790db75e7c} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ie\MediaWatchV1home926.dll No File
Tcpip\..\Interfaces\{8549FEF9-3342-4B81-8386-322133B6A003}: [NameServer]192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Users\Van Hohenheim\AppData\Local\Roblox\Versions\version-dd7ca4fae8d24153\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ff

Chrome:
=======
CHR HomePage:
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-25]
CHR Extension: (Google Drive) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-25]
CHR Extension: (YouTube) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-25]
CHR Extension: (Google Search) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-25]
CHR Extension: (Google Wallet) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-25]
CHR Extension: (Battlefield Play4Free) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh [2014-01-01]
CHR Extension: (Gmail) - C:\Users\Van Hohenheim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-25]
CHR HKLM-x32\...\Chrome\Extension: [cahjldjkodladjjdnpkbihgkkakgdfhd] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ch\MediaWatchV1home926.crx [2013-12-25]

==================== Services (Whitelisted) =================

S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-12-28] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-23] (Duplex Secure Ltd.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-02] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-02] (VIA Technologies, Inc.)
U3 a327zo8t; C:\Windows\System32\Drivers\a327zo8t.sys [0 ] (Advanced Micro Devices)
U3 a9dd89hm; C:\Windows\System32\Drivers\a9dd89hm.sys [0 ] (Advanced Micro Devices)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\System32\DRIVERS\atikmpag.sys A32BCAD9377E3B75D034CAFBA463A0AE
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 770A3B0D78232B0C1054495392A1FBA3
C:\Windows\System32\DRIVERS\atikmdag.sys FBB35875FEFE53D4280259842069ED72
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 6A0E850DDCB136AA3D2FB7234382DF12
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys C3E0696C3B42F694C5822776AA6FFFDF
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 9140DB0911DE035FED0A9A77A2D156EA
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 74D30C2EF66C2EB19F17ED5423AA8038
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\viahduaa.sys 3CCC0D9607419AC28B4216C18F6FA5E9
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ViaHub3.sys A138BA7B5EB4FDA2346FD688C1332A32
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xhcdrv.sys E541EE779B0861BFA36B4EFCE1A30486
C:\Windows\System32\Drivers\a327zo8t.sys
C:\Windows\System32\Drivers\a9dd89hm.sys

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 09:39 - 2014-04-20 09:40 - 00023825 _____ () C:\Users\Van Hohenheim\Downloads\FRST.txt
2014-04-20 09:26 - 2014-04-20 09:26 - 00070352 _____ () C:\Users\Van Hohenheim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-20 09:22 - 2014-04-20 09:30 - 00000112 _____ () C:\Windows\setupact.log
2014-04-20 09:22 - 2014-04-20 09:23 - 00324216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-20 09:22 - 2014-04-20 09:22 - 00000580 _____ () C:\Windows\PFRO.log
2014-04-20 09:22 - 2014-04-20 09:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 09:20 - 2014-04-20 09:21 - 01308369 _____ () C:\Users\Van Hohenheim\Downloads\AdwCleaner.exe
2014-04-19 17:22 - 2014-04-20 09:40 - 00000000 ____D () C:\FRST
2014-04-19 17:21 - 2014-04-19 17:21 - 02055680 _____ (Farbar) C:\Users\Van Hohenheim\Downloads\FRST64.exe
2014-04-19 17:17 - 2014-04-20 09:29 - 00000000 ____D () C:\AdwCleaner
2014-04-15 19:30 - 2014-04-15 19:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 19:30 - 2014-04-15 19:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-12 14:03 - 2014-04-12 14:03 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Mozilla
2014-04-10 08:06 - 2014-04-10 08:06 - 00001318 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Player.lnk
2014-04-09 04:18 - 2014-03-30 21:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 04:18 - 2014-03-30 21:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 04:18 - 2014-03-30 20:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 04:18 - 2014-03-30 19:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 04:17 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 04:17 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 04:17 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 04:17 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 04:17 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 04:17 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 04:17 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 04:17 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 04:17 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 04:17 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 04:17 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 04:17 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 04:17 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 18:21 - 2014-04-12 17:04 - 00006765 _____ () C:\Users\Van Hohenheim\Desktop\pizzadough.txt
2014-04-07 22:24 - 2014-04-10 08:06 - 00001137 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Studio 2013.lnk
2014-04-07 22:24 - 2014-04-10 08:06 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-04-07 22:22 - 2014-04-07 22:24 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\Roblox
2014-04-06 23:59 - 2014-04-06 23:59 - 00001190 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-03-30 18:03 - 2014-03-30 18:42 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\TS3Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00001193 _____ () C:\Users\Van Hohenheim\Desktop\TeamSpeak 3 Client.lnk
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\TeamSpeak 3 Client
2014-03-28 10:26 - 2014-03-15 12:30 - 00002218 _____ () C:\Users\Van Hohenheim\Desktop\Google Chrome.lnk

==================== One Month Modified Files and Folders =======

2014-04-20 09:40 - 2014-04-20 09:39 - 00023825 _____ () C:\Users\Van Hohenheim\Downloads\FRST.txt
2014-04-20 09:40 - 2014-04-19 17:22 - 00000000 ____D () C:\FRST
2014-04-20 09:38 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 09:38 - 2009-07-14 00:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 09:35 - 2009-07-14 01:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 09:34 - 2013-11-16 15:22 - 01327104 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 09:33 - 2013-12-25 22:04 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 09:31 - 2013-12-25 22:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 09:30 - 2014-04-20 09:22 - 00000112 _____ () C:\Windows\setupact.log
2014-04-20 09:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 09:29 - 2014-04-19 17:17 - 00000000 ____D () C:\AdwCleaner
2014-04-20 09:29 - 2013-11-16 15:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 09:26 - 2014-04-20 09:26 - 00070352 _____ () C:\Users\Van Hohenheim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-20 09:23 - 2014-04-20 09:22 - 00324216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-20 09:22 - 2014-04-20 09:22 - 00000580 _____ () C:\Windows\PFRO.log
2014-04-20 09:22 - 2014-04-20 09:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-20 09:21 - 2014-04-20 09:20 - 01308369 _____ () C:\Users\Van Hohenheim\Downloads\AdwCleaner.exe
2014-04-20 09:21 - 2013-12-25 21:44 - 00000000 ____D () C:\Users\Van Hohenheim
2014-04-20 09:17 - 2014-03-11 14:58 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-04-20 09:05 - 2014-01-11 19:59 - 00000000 ____D () C:\Users\Van Hohenheim\Desktop\Chaoslauncher
2014-04-20 09:05 - 2013-12-25 22:59 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\vlc
2014-04-19 22:53 - 2013-11-16 15:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-19 17:21 - 2014-04-19 17:21 - 02055680 _____ (Farbar) C:\Users\Van Hohenheim\Downloads\FRST64.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-15 19:30 - 2014-04-15 19:30 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-15 19:30 - 2014-04-15 19:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 19:30 - 2014-03-12 07:49 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-12 17:04 - 2014-04-08 18:21 - 00006765 _____ () C:\Users\Van Hohenheim\Desktop\pizzadough.txt
2014-04-12 14:07 - 2013-12-25 21:47 - 00000000 ___RD () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-12 14:03 - 2014-04-12 14:03 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Mozilla
2014-04-10 08:06 - 2014-04-10 08:06 - 00001318 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Player.lnk
2014-04-10 08:06 - 2014-04-07 22:24 - 00001137 _____ () C:\Users\Van Hohenheim\Desktop\ROBLOX Studio 2013.lnk
2014-04-10 08:06 - 2014-04-07 22:24 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2014-04-10 03:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:01 - 2013-11-16 16:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:00 - 2013-11-16 16:21 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 07:38 - 2013-12-26 01:01 - 00000000 ____D () C:\ProgramData\Origin
2014-04-09 07:38 - 2013-12-26 01:01 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-04-07 22:24 - 2014-04-07 22:22 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\Roblox
2014-04-06 23:59 - 2014-04-06 23:59 - 00001190 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-06 20:45 - 2013-12-26 01:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-04-04 08:48 - 2014-02-28 13:51 - 00000000 ____D () C:\Windows\Minidump
2014-04-04 08:48 - 2013-12-25 22:32 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\DAEMON Tools Lite
2014-04-04 08:47 - 2013-11-16 15:40 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-04 08:47 - 2013-11-16 15:40 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-04 08:47 - 2013-11-16 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-03 03:00 - 2014-03-09 13:07 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-04-03 03:00 - 2014-03-09 13:07 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-03 03:00 - 2014-03-09 13:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-30 21:16 - 2014-04-09 04:18 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 21:13 - 2014-04-09 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 20:13 - 2014-04-09 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 19:57 - 2014-04-09 04:18 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 18:42 - 2014-03-30 18:03 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\TS3Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00001193 _____ () C:\Users\Van Hohenheim\Desktop\TeamSpeak 3 Client.lnk
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-03-30 18:01 - 2014-03-30 18:01 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Local\TeamSpeak 3 Client
2014-03-28 20:35 - 2013-12-31 17:37 - 00000000 ____D () C:\Users\Van Hohenheim\AppData\Roaming\.minecraft
2014-03-27 19:28 - 2013-12-25 22:04 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 19:28 - 2013-12-25 22:04 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-22 14:59 - 2014-03-11 14:59 - 00000230 _____ () C:\extensions.ini
2014-03-22 14:58 - 2013-12-29 12:35 - 00000258 __RSH () C:\ProgramData\ntuser.pol

Files to move or delete:
====================
C:\Users\Van Hohenheim\jagex_cl_runescape_LIVE.dat
C:\Users\Van Hohenheim\random.dat


Some content of TEMP:
====================
C:\Users\Van Hohenheim\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {483545b9-4ef3-11e3-8b4e-94de80c9eb49}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {483545bb-4ef3-11e3-8b4e-94de80c9eb49}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {483545b9-4ef3-11e3-8b4e-94de80c9eb49}
nx OptIn

Windows Boot Loader
-------------------
identifier {483545bb-4ef3-11e3-8b4e-94de80c9eb49}
device ramdisk=[C:]\Recovery\483545bb-4ef3-11e3-8b4e-94de80c9eb49\Winre.wim,{483545bc-4ef3-11e3-8b4e-94de80c9eb49}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\483545bb-4ef3-11e3-8b4e-94de80c9eb49\Winre.wim,{483545bc-4ef3-11e3-8b4e-94de80c9eb49}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {483545b9-4ef3-11e3-8b4e-94de80c9eb49}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {483545bc-4ef3-11e3-8b4e-94de80c9eb49}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\483545bb-4ef3-11e3-8b4e-94de80c9eb49\boot.sdi



LastRegBack: 2014-04-19 00:17

==================== End Of Log ============================
/////////ADDITION/////////
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2014
Ran by Van Hohenheim at 2014-04-20 09:40:44
Running from C:\Users\Van Hohenheim\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7 Days to Die (HKLM-x32\...\Steam App 251570) (Version: - The Fun Pimps)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Battlefield Play4Free (HKCU\...\{87686C21-8A15-4b4d-A3F1-11141D9BE094}) (Version: - EA Digital illusions)
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dead Space&#8482; (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Diablo II (HKLM-x32\...\Diablo II) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Need For Speed&#8482; World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version: - )
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
ROBLOX Player for Van Hohenheim (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
ROBLOX Studio 2013 for Van Hohenheim (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation)
Starcraft (HKLM-x32\...\Starcraft) (Version: - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
The Movies(TM) (x32 Version: 1.0 - Activision) Hidden
The Movies(TM) Stunts & Effects (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.2 - Activision)
The Movies(TM) Stunts & Effects (x32 Version: 1.0 - Activision) Hidden
The Sims&#8482; 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
The Sims&#8482; 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims&#8482; 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.8 - Western Digital)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

10-04-2014 04:00:01 Scheduled Checkpoint
10-04-2014 07:00:11 Windows Update
13-04-2014 07:28:15 Windows Update
15-04-2014 23:04:34 Installed Java 7 Update 55
15-04-2014 23:14:15 Removed Java 7 Update 55
15-04-2014 23:30:09 Installed Java 7 Update 55
16-04-2014 12:10:50 Windows Update
20-04-2014 05:34:23 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1456F586-EDE8-47D2-9C4A-8EF6CF205809} - \AmiUpdXp ATTENTION ====> No Task File
Task: {18C57D52-20A2-47F0-B9FB-0A7C211E899B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {2C039068-4300-41BE-B248-356C838E7392} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {403D6EC0-49A4-4D2E-9602-E89F547ECCA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-25] (Google Inc.)
Task: {74CD495F-359E-4A2A-9286-04CA247DFE3B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {C4361C57-271F-4123-8F17-19E22A0AD0C1} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-VANHOHENHEIM-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-16 15:27 - 2012-08-09 06:55 - 00078480 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-11-16 15:27 - 2012-08-09 06:55 - 00386192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-09 02:35 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-09 02:35 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-09 02:35 - 2014-04-01 21:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk => C:\Windows\pss\WDSmartWare.lnk.CommonStartup
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: NextLive => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Van Hohenheim\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: AODDriver4.2.0
Description: AODDriver4.2.0
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AODDriver4.2.0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/20/2014 09:32:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 09:30:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/20/2014 09:24:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 09:23:09 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/19/2014 05:21:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 05:19:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/18/2014 11:22:50 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/18/2014 11:22:20 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/15/2014 07:19:04 PM) (Source: MsiInstaller) (User: VanHohenheim-PC)
Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (04/15/2014 08:01:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/20/2014 09:30:45 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/20/2014 09:22:59 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/19/2014 05:19:44 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/15/2014 08:00:20 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/10/2014 03:18:10 AM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3

Error: (04/09/2014 07:31:49 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (04/08/2014 07:41:59 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (04/08/2014 07:41:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (04/08/2014 07:41:29 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (04/08/2014 07:39:16 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (04/20/2014 09:32:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 09:30:53 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (04/20/2014 09:24:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/20/2014 09:23:09 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (04/19/2014 05:21:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/19/2014 05:19:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\MFC80U.DLL

Error: (04/18/2014 11:22:50 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/18/2014 11:22:20 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/15/2014 07:19:04 PM) (Source: MsiInstaller)(User: VanHohenheim-PC)
Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (04/15/2014 08:01:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-11-19 11:13:44.562
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-19 11:13:44.523
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:57.430
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:57.388
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:39.547
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-18 09:07:39.504
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:55.308
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:55.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:36.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-11-16 14:56:36.764
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\PciBus.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 8173.54 MB
Available physical RAM: 6726.05 MB
Total Pagefile: 16345.25 MB
Available Pagefile: 14648.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:262.66 GB) NTFS
Drive d: (STARCRAFT) (CDROM) (Total:0.59 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 413B3A89)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
Joined
May 7, 2011
Messages
14,142
Happy Easter to you.

The Adwcleaner log is now free of any further detections. Not sure why you posted another scan result from FRST, I can't see where I asked for it. You also checked some options for the scan which are not required unless requested.

We just need to do a clean up of some redundant entries using FRST. Please follow this below and tell me how well the system is running now, has the original problem changed at all.

Download the attachment at the bottom of this post by clicking on it and save it in the same location as FRST.

  • Launch FRST by double clicking on it.
  • When the FRST window opens click on the Fix button just once and wait.
  • The tool will make a log in the same location the program is run from (Fixlog.txt) please Copy & Paste it into your next reply.
 

Attachments

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
When I open and hit theFix button.. this happens.

"No fixlist.txt found.
The fixlist.txt should be in the same folder/directory the tool is located."

I go to the folder and there is no fixlist created.
 
Joined
May 7, 2011
Messages
14,142
You have not read the instructions, you need to download the attachment and save it in the same place as FRST, only after doing that will it work.
 

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
Sorry,
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2014 02
Ran by Van Hohenheim at 2014-04-20 16:08:04 Run:1
Running from C:\Users\Van Hohenheim\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
BHO-x32: Media Watch - {f0328aa4-242a-4e09-8869-39790db75e7c} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ie\MediaWatchV1home926.dll No File
BHO-x32: Media Watch - {f0328aa4-242a-4e09-8869-39790db75e7c} - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ie\MediaWatchV1home926.dll No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ff
CHR HKLM-x32\...\Chrome\Extension: [cahjldjkodladjjdnpkbihgkkakgdfhd] - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ch\MediaWatchV1home926.crx [2013-12-25]
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ff
C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ch\MediaWatchV1home926.crx
C:\Users\Van Hohenheim\jagex_cl_runescape_LIVE.dat
C:\Users\Van Hohenheim\random.dat
Task: {1456F586-EDE8-47D2-9C4A-8EF6CF205809} - \AmiUpdXp ATTENTION ====> No Task File
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0328aa4-242a-4e09-8869-39790db75e7c} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{f0328aa4-242a-4e09-8869-39790db75e7c} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0328aa4-242a-4e09-8869-39790db75e7c} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{f0328aa4-242a-4e09-8869-39790db75e7c} => Key deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected] => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cahjldjkodladjjdnpkbihgkkakgdfhd => Key deleted successfully.
"C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ch\MediaWatchV1home926.crx" => File/Directory not found.
"C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ff" => File/Directory not found.
"C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home926\ch\MediaWatchV1home926.crx" => File/Directory not found.
C:\Users\Van Hohenheim\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Van Hohenheim\random.dat => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1456F586-EDE8-47D2-9C4A-8EF6CF205809} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1456F586-EDE8-47D2-9C4A-8EF6CF205809} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp ATTENTION ====> => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog ====
 
Joined
May 7, 2011
Messages
14,142
How well are things running now, has there been any improvement with your main issue?
 

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
It happens randomly, I kept clicking through my bookmarks until an error appeared. I got this SSL one clicking on my aol.com link(where I'm always logged)

This is probably not the site you are looking for!
You attempted to reach my.screenname.aol.com, but instead you actually reached a server identifying itself as a248.e.akamai.net. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of my.screenname.aol.com.
You should not proceed, especially if you have never seen this warning before for this site.
 
Joined
May 7, 2011
Messages
14,142
Ok, as this is only happening with Google I would suggest you try a full uninstall and then reinstall it, as follows. Make sure you complete every step of the process to be sure everything relating to it is removed.


First save all your bookmarks/favourites.
Open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager.
Click on Organise and then select Export Bookmarks to HTML file and choose the Desktop to save it.
When you have re-installed Chrome repeat the process and select Import Bookmarks to put them back.

Open Chrome, click on the three bars in the top right hand corner and select Settings.
In the list of Settings under Sign in click on Disconnect your Google Account.
In the text of the next window click on Google Dashboard, at the Chrome sync screen click on Stop and Clear at the bottom.
A box will open and ask for confirmation, click on OK.
You must wait for this to complete before doing the next step.
When confirmation appears close that page and then click on Disconnect account.
Shut Google Chrome, click on Start > Control Panel > Programs and Features (or Add/Remove Programs in XP) and uninstall Google Chrome. Select Everything for removal when asked.

Reboot the system and then reinstall Google Chrome from Here
 

Seigekiller

Thread Starter
Joined
Apr 19, 2014
Messages
16
I did the uninstall, unsync and reinstall of googlechrome, still getting these issues.
This error actually started appearing on your site as of yesterday,

Service Unavailable - DNS failure

The server is temporarily unable to service your request. Please try again later.
Reference #11.1ec88d3f.1398080727.221e7f2a

And I'm still getting the problem where a page loads as a shopping list of tabs with a white background.

Other things load as an invalid URL and so on when I know they are valid, I use them everyday. I'm going to try a couple things myself today and see if I can make any changes by going through every folder and file, looking up their purpose of the ones I'm unfamiliar with and removing those not needed.


EDIT: Alright... I set my ip... back to dynamic instead of the static i set up in protocol properties. I changed to static b/c port forwarding will not work and I've tried many things over the time of years to do it all different ways, nothing ever worked and changing to static was a thing i attempted to see if it would work. Nope. But anyways.. I've yet to get any type of error. But if I do get another one, I'll repost again as reply
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top