Problem on DH's computer

[Gale_Tx]

Hi, this is Gale-Tx again.  Larry (DH) can't register because he can't get to his email.  Hope you don't mind if I help him thru my registry.  He was in the process of changing his password when his computer crashed.  Main problem is that it kept shutting down prior to this.

Results of screen317's Security Check version 0.99.79 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
  Adobe Flash Player 12.0.0.43 Flash Player out of Date! 
Adobe Reader XI 
Mozilla Firefox (Toolbar.)
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by larry at 12:03:58 on 2014-02-04
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.16346.14025 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\viakaraokesrv.exe
C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://firefox/
uURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Toolbar BHO: {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
BHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll
TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VideoDownloadConverter Search Scope Monitor] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h
mRun: [VideoDownloadConverter_4z Browser Plugin Loader] C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{D9D7578F-8CA5-4BD3-9986-53CCF59380D4} : DHCPNameServer = 75.75.76.76 75.75.75.75
AppInit_DLLs= 
SSODL: WebCheck - <orphaned>
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [VideoDownloadConverter Home Page Guard 64 bit] "C:\PROGRA~2\VIDEOD~2\bar\1.bin\AppIntegrator64.exe"
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\larry\AppData\Roaming\Mozilla\Firefox\Profiles\m5seznuu.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\VideoDownloadConverter\npVDCPlugin.dll
FF - plugin: C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
FF - plugin: C:\Users\larry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - ExtSQL: !HIDDEN! 2013-10-09 05:35; 4zffxtbr@VideoDownloadConverter_4z.com; C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-12-2 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-2 21616]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-12-2 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-2 165144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-2 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-2 27760]
R2 VideoDownloadConverter_4zService;VideoDownloadConverterService;C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbarsvc.exe [2013-10-9 42504]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-2 357184]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-2 789824]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-2 104560]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-2 2196592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-12-4 25640]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-12-2 30528]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-12-2 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 PciPPorts;PCI ECP Parallel Port;C:\Windows\System32\drivers\PciPPorts.sys [2013-5-17 96768]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-7 19456]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-5-7 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-7 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-5-7 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-3 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-02-03 19:39:22   8199504   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9456AE1D-C51F-439B-B1BF-59087E8FC4AC}\mpengine.dll
2014-02-03 00:54:14   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D44FD72-DA7A-4BFA-9D31-2ECA2B2F05F8}\mpengine.dll
2014-02-01 22:03:26   10315576   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-31 00:00:05   8641416   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-01-26 21:23:10   --------   d-----w-   C:\Windows\System32\appmgmt
2014-01-24 01:27:56   965000   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F498DB0B-B92C-4EEB-861C-21AC6278CD1C}\gapaengine.dll
2014-01-22 14:37:13   --------   d-----w-   C:\ProgramData\Oracle
2014-01-22 14:35:41   --------   d-----w-   C:\Program Files (x86)\Bizzybolt
2014-01-18 19:07:14   --------   d-----w-   C:\Windows\CheckSur
2014-01-15 09:34:17   53248   ----a-w-   C:\Windows\System32\drivers\usbehci.sys
2014-01-15 09:34:17   325120   ----a-w-   C:\Windows\System32\drivers\usbport.sys
2014-01-15 09:34:16   99840   ----a-w-   C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 09:34:16   7808   ----a-w-   C:\Windows\System32\drivers\usbd.sys
2014-01-15 09:34:16   343040   ----a-w-   C:\Windows\System32\drivers\usbhub.sys
2014-01-15 09:34:16   30720   ----a-w-   C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 09:34:16   25600   ----a-w-   C:\Windows\System32\drivers\usbohci.sys
2014-01-15 09:34:14   376768   ----a-w-   C:\Windows\System32\drivers\netio.sys
.
==================== Find3M  ====================
.
2014-01-31 00:00:16   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-31 00:00:16   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 14:39:17   1095080   ----a-w-   C:\Windows\System32\npdeployJava1.dll
2014-01-22 14:39:16   973736   ----a-w-   C:\Windows\System32\deployJava1.dll
2014-01-19 07:33:29   270496   ------w-   C:\Windows\System32\MpSigStub.exe
2013-11-26 10:19:07   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57   708608   ----a-w-   C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02   5769216   ----a-w-   C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16   553472   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12   4243968   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16   1995264   ----a-w-   C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06   1928192   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57   2334208   ----a-w-   C:\Windows\System32\wininet.dll
2013-11-26 06:33:33   1820160   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
2013-11-12 02:23:09   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-11-12 02:07:29   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 12:04:41.43 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 12/2/2012 10:17:36 AM
System Uptime: 2/4/2014 11:50:10 AM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | H77M-D3H
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz | Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 166.217 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1799.476 GiB free.
E: is FIXED (NTFS) - 1863 GiB total, 1826.051 GiB free.
H: is FIXED (NTFS) - 596 GiB total, 505.015 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 523.814 GiB free.
L: is Removable
Y: is CDROM ()
Z: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: hlnfd
Device ID: ROOT\LEGACY_HLNFD\0000
Manufacturer:
Name: hlnfd
PNP Device ID: ROOT\LEGACY_HLNFD\0000
Service: hlnfd
.
==== System Restore Points ===================
.
RP402: 1/28/2014 3:01:20 AM - Windows Update
RP403: 1/28/2014 8:02:16 PM - Removed Java 7 Update 40 (64-bit)
RP404: 1/29/2014 3:01:10 AM - Windows Update
RP405: 1/29/2014 8:32:21 AM - Windows Update
RP406: 1/30/2014 3:01:18 AM - Windows Update
RP407: 1/30/2014 7:24:56 AM - Windows Update
RP408: 1/30/2014 9:37:51 PM - Windows Update
RP409: 2/1/2014 6:34:54 PM - Windows Update
RP410: 2/2/2014 9:16:10 AM - Windows Update
RP411: 2/2/2014 7:00:43 PM - Windows Backup
RP412: 2/2/2014 10:11:42 PM - Windows Update
RP413: 2/3/2014 1:36:39 PM - Removed AVG 2013
RP414: 2/3/2014 1:41:21 PM - Removed AVG 2013
RP415: 2/3/2014 7:15:51 PM - Windows Update
.
==== Installed Programs ======================
.
@BIOS
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
AutoGreen B12.0206.1
Bejeweled 2 Deluxe 1.1
Bookworm Deluxe 1.13
Easy Tune 6 B12.0626.1
Google Earth
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office XP Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MosChip PCI Multi-IO Controller
Mozilla Firefox 27.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
ON_OFF Charge B11.1102.1
Platform
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
SUPERAntiSpyware
swMSM
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
VIA Platform Device Manager
VideoDownloadConverter Firefox Toolbar
VideoDownloadConverter Internet Explorer Toolbar
Visual Studio 2010 x64 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
2/4/2014 7:57:10 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.3165.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/4/2014 7:27:10 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001a (0x0000000000041790, 0xfffffa80015ba4b0, 0x000000000000ffff, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020414-25459-01.
2/4/2014 6:37:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000f5abf61, 0xfffff880035e08d8, 0xfffff880035e0130). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020414-28111-01.
2/4/2014 11:53:45 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\C:\Windows\System32\config\COMPONENTS' was corrupted and it has been recovered. Some data might have been lost.
2/4/2014 11:52:35 AM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/4/2014 11:52:35 AM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
2/4/2014 11:50:33 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  hlnfd
2/4/2014 10:49:56 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.3165.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/3/2014 8:31:12 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
2/3/2014 3:58:52 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{82AE899D-C6AC-4E50-9698-0C96DCD7B049}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:58:26 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{936C5DE4-D5AB-41FA-801A-348BC8D7C9A4}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:57:58 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{58EF1F64-BA9B-4C5C-98B4-53CD9BA38178}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:57:31 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4E12F986-E1A2-4B36-93E1-5C475CEE064F}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:57:03 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4A33156B-3768-485A-B98A-1799C75D260D}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:56:35 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D0425FF3-D247-471C-A476-B0B78C273887}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:56:07 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{541F8F21-BDDF-429A-BB7B-82321F217DC2}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:55:39 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{02706213-A860-477E-A615-89ABCC6FE81B}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:54:55 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E48EE6B6-00BC-4727-AB0E-DF9272D7DECF}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:54:12 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{6B85F476-5926-448B-A8CF-31A388ADF569}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:53:29 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{35720CAD-5F25-49E3-B126-34D1EC6AAF9F}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:52:47 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{1C780B74-6C08-4AC0-A945-B7F08FF2BA1B}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 3:51:59 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{D93D4E67-13C1-44D6-8036-2BE7A0A0A65E}' was corrupted and it has been recovered. Some data might have been lost.
2/3/2014 2:39:14 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:  An instance of the service is already running.
2/3/2014 2:37:14 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/3/2014 2:37:14 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume5.
2/3/2014 12:17:53 PM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.
2/3/2014 1:39:29 PM, Error: Service Control Manager [7031]  - The Windows Defender service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/2/2014 9:23:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a00c4d4010, 0x0000000080415000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-30030-01.
2/2/2014 8:24:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000f5b900a, 0xfffff880035e78d8, 0xfffff880035e7130). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-32900-01.
2/2/2014 7:25:41 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000f5a244e, 0xfffff880094765e0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-32448-01.
2/2/2014 7:03:15 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E90AF1D0-FBD8-4C85-A2E3-BB42EBA9FA8A}' was corrupted and it has been recovered. Some data might have been lost.
2/2/2014 5:38:11 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000f58f44e, 0xfffff8800a72a5e0, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-23868-01.
2/2/2014 4:34:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a00c4da110, 0x00000000803d4000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-24632-01.
2/2/2014 3:31:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a00f449220, 0x00000000806f8000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-24694-01.
2/2/2014 2:33:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000051 (0x0000000000000001, 0xfffff8a010c07010, 0x0000000080849000, 0x0000000000000465). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020214-26114-01.
2/1/2014 7:48:34 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.2929.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/1/2014 6:33:58 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{B09B9E43-B92B-44A9-9168-8BFF4A750C90}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:33:32 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F426D943-33CA-402E-9154-849D42E1CBD1}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:32:48 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{04F51FCB-7DBE-4DFB-AF0F-D2EBDFB8AE54}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:32:04 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{4B7055B8-3857-4B3D-8D58-E6D468D8A125}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:31:19 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{31E4BE4D-EFC3-4EFA-9BEF-8BAF080C04D1}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:30:35 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{858D0E45-2F54-49D6-A3BC-456D2C0A4526}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:29:54 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{E6C56EBA-57DD-4877-A81E-106D26012FB2}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 6:29:13 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{33BA6EA7-945B-4C3F-9502-0B9CB55FE4C7}' was corrupted and it has been recovered. Some data might have been lost.
2/1/2014 4:44:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffff8000f573f61, 0xfffff8800370f8d8, 0xfffff8800370f130). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 020114-38797-01.
1/31/2014 7:55:44 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.2929.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/31/2014 7:32:15 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8000f29c8f3, 0xfffff88009285d50, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 013114-44553-01.
1/31/2014 6:51:02 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.165.2929.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10201.0     Error code: 0x8024001e     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
1/30/2014 4:13:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2872339).
1/30/2014 4:13:37 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070050: Security Update for Windows 7 for x64-based Systems (KB2676562).
1/29/2014 6:49:24 PM, Error: Service Control Manager [7034]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 3 time(s).
1/28/2014 7:53:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000024 (0x00000000000c08a5, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012814-39780-01.
1/28/2014 6:37:06 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{0DC94ED4-27B0-49F9-B4B5-0AF81ABCA379}' was corrupted and it has been recovered. Some data might have been lost.
1/28/2014 11:55:21 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{6e052230-a456-4d31-a24d-b50295eddbe7}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{F569C8D3-3636-4795-A96A-89EACE4AB7E1}' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================

[Corrine]

There is certainly no problem helping Larry this way.  Although I am seeing some undesirable files (PUPs, Potentially Unwanted Programs) on the computer, when looking at the Event Viewer Messages From Past Week, the PUPs seem to be the least of the problems, considering the number of bugchecks and the numerous times the Registry Hive was recovered.

So that the malware won't interfere with the analysis of the other problems on the computer, let's do a quick cleanup.  Then I'll provide instructions for getting help with the other problems.

1.  To address the PUPs, please do the following:

Please download Malwarebytes' Anti-Malware to your desktop from here.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• In the last Setup window, UNcheck "Enable free trial of Malwarebytes Anti-Malware PRO" but be sure a checkmark is placed next to
  -- Update Malwarebytes' Anti-Malware and
  -- Launch Malwarebytes' Anti-Malware
• Click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, check the following settings:
  -- On the Scanner tab, check Perform quick scan.
  -- On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.
  -- Also on the Settings tab, under "Action for potentially unwanted programs (PUP)", change the option to Show in results list and check for removal.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
• Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[Gale_Tx]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.05.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
larry :: LARZILLA [administrator]

Protection: Enabled

2/5/2014 6:36:19 PM
mbam-log-2014-02-05 (18-36-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 245346
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.Optional.MindSpark) -> 2992 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 15
HKLM\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService (PUP.Optional.AudioToAudioToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\VideoDownloadConverter_4z.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Highlightly (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HLNFD (PUP.Optional.Highlightly) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter Search Scope Monitor (PUP.Optional.MindSpark) -> Data: "C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|VideoDownloadConverter_4z Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\VIDEOD~2\bar\1.bin\4zbrmon.exe -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\hlnfd|DisplayName (PUP.Optional.Highlightly) -> Data: hlnfd -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Bizzybolt (PUP.Optional.Bizzybolt) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.

Files Detected: 28
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.Optional.MindSpark) -> No action taken.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe (PUP.Optional.AudioToAudioToolBar.A) -> Delete on reboot.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zsknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\DownloadManager2.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nseB783.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nsiA458.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nsjE557.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nsjE864.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nsoB466.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nsp5D11.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nss9D93.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nssA9C5.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\nsx97E7.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\rcpsetup_binstall21_binstall21.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\RegClean7.exe (PUP.Optional.RegCleanerPro) -> Quarantined and deleted successfully.
C:\Users\larry\AppData\Local\Temp\SearchProtectINT.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\firefox.exe (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\FlashPlayer__4369_i169824778_il14.exe (PUP.Optional.InstallMonetizer) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\google earth setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\Setup(1).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\Setup(2).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\Setup(3).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\Setup(4).exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\larry\Downloads\Setup.exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\Bizzybolt\updateBizzybolt.InstallState (PUP.Optional.Bizzybolt) -> Quarantined and deleted successfully.

(end)

[Corrine]

There were a few items that weren't checked for removal (marked in the log as "No action taken").  So, let's make sure everything is gone.

1.  Scan with MBAM again:

• Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  
• Once the update has been installed and the program has loaded, select Quick scan
  
  • When the scan is complete, click OK, then Show Results to view the results.
    
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    
    
  • Click Remove Selected.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
    
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    
  • Please post contents of that file in your next reply.
  ** Note **
  
  If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  
  2.  Please download AdwCleaner by Xplode onto your Desktop.
  
  
  
  • Close all open programs and internet browsers.
    
  • Double click on AdwCleaner.exe to run the tool.
    Note:  Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    
  • Click the Scan button and wait for the process to complete.
    
  • Click the Report button and the report will open in Notepad.
    
  IMPORTANT
  
  
  
  • If you click the Clean button all items listed in the report will be removed.
    
  If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  
  
  
  • Close all open programs and internet browsers.
    
  • Double click on AdwCleaner.exe to run the tool.
    
  • Click the Scan button and wait for the process to complete.
    
  • Check off the element(s) you wish to keep.
    
  • Click on the Clean button follow the prompts.
    
  • A log file will automatically open after the scan has finished.
    
  • Please post the content of that log file with your next answer.
    
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
    
  3.  Please download Junkware Removal Tool to your desktop.
  
  
  
  • Disable your protection software now to avoid potential conflicts.
    
  • Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
    
  • The tool will open and start scanning your system.
    
  • Please be patient as this can take a while to complete depending on your system's specifications.
    
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    
  • Post the contents of JRT.txt into your next message.
    

[Gale_Tx]

Sorry so late getting back to this, health issues.  Larry did a system restore and everything seems to be working ok.  I did an MBAM just in case.

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
larry :: LARZILLA [administrator]

Protection: Enabled

2/8/2014 3:36:26 PM
mbam-log-2014-02-08 (15-36-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 246015
Time elapsed: 1 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I can't get Adw Cleaner to download, MBAM pops-up saying there's a conflict.  Same thing happened with Junkware program.  It's running smoothly now so maybe we don't need to run those programs????? Pls advise.

[Corrine]

My concern was more about the numerous bug checks that I saw in the Event Log.  In the event Larry continues to get BSOD's, I suggest he register at Sysnative Forums and post the logs requested in the BSOD Posting Instructions topic.

Considering the number of PUP files that showed up on the computer, it wouldn't hurt to run AdwCleaner and JRT, although not critical.  I wouldn't expect a conflict between MBAM and a Bleeping Computer-hosted file.  If you or Larry want to try one more time, when you click the links for AdwCleaner and Junkware Removal Tool, a few seconds after landing on the page, you should see something like the following, depending on which browser you are using.   

• If you're using Firefox, click Save File: 
  
• If you're using IE, click Save: 

[Gale_Tx]

Hi, this is Larry, Gale's DH.  Hope you can help me.  I'm getting a constant malwarebytes pop-up indicating pups having to do with Video download converter _4Z\bar.  I should have continued with your recommendations that you so graciously advised me to do.  My bad.  TIA   

[Corrine]

Hi, Larry.

I've merged your new post with the previous thread so it will be easier to follow what has been done.

VideoDownloadConverter_4z is classified as malware, spyware, adware, or other potentially unwanted software, generally installed without user consent.  Although it appears that it was removed by Malwarebytes, because I don't know what was restored when you did a System Restore, it may have been returned.

Please follow the instructions to run Junkware Removal Tool and Adware Cleaner above.

[Gale_Tx]

I'm new to this and apparently I didn't follow the directions (per my wife). I 'think' I cleaned the computer with one or both the JRT and ADW.  Here's what I have, hope it helps.

# AdwCleaner v3.022 - Report created 30/03/2014 at 14:06:56
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : larry - LARZILLA
# Running from : C:\Users\larry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y1CSE5WR\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\larry\AppData\Roaming\Mozilla\Firefox\Profiles\m5seznuu.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\larry\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13286 octets] - [29/03/2014 11:43:10]
AdwCleaner[R1].txt - [1071 octets] - [30/03/2014 13:26:08]
AdwCleaner[R2].txt - [1124 octets] - [30/03/2014 13:35:31]
AdwCleaner[R3].txt - [992 octets] - [30/03/2014 14:06:56]
AdwCleaner[S0].txt - [13253 octets] - [29/03/2014 11:44:03]
AdwCleaner[S1].txt - [1133 octets] - [30/03/2014 13:27:02]
AdwCleaner[S2].txt - [1186 octets] - [30/03/2014 13:36:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1232 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Ultimate x64
Ran by larry on Sun 03/30/2014 at 13:16:53.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\larry\AppData\Roaming\mozilla\firefox\profiles\m5seznuu.default\extensions\4zffxtbr@videodownloadconverter_4z.com
Emptied folder: C:\Users\larry\AppData\Roaming\mozilla\firefox\profiles\m5seznuu.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/30/2014 at 13:21:10.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Corrine]

Hi, Larry. 

If you have updated to MBAM v2.0, please let me know and I will provide different instructions.  Otherwise, please do the following:

• Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  
• Once the update has been installed and the program has loaded, select Quick scan
  
  • When the scan is complete, click OK, then Show Results to view the results.
    
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
    
    
  • Click Remove Selected.
    
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
    
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    
  • Please post contents of that file in your next reply.
  ** Note **
  
  If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[Gale_Tx]

Hello Corrine, this Larry, I am trying to do all the stuff you tell me, but I am old and slow. I purchased a 2.0 version of Malwarebytes and ran it today, attached is a copy of the file.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/1/2014
Scan Time: 10:31:54 AM
Logfile: Malware Scan Log 4-01-2014.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.01.04
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: larry

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281691
Time Elapsed: 5 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

I think it got all the malware, but all along with the malware problems I have been fighting, this other problem has been there also; by computer will drop off-line, with a message, it had to shutdown to protect itself. I do not know if that is a malware problem or what. But I can not do any homework on the thing for fear of it shutting down and me losing everything I had been working on. Thanks for all your help. If I need to send you a new scan of my computer as before, you will have to tell me how to do that.

[Corrine]

Hi, Larry.

First let's do an online scan to confirm it isn't a malware problem.  Then, because of the "bugchecks" and shutdowns, I'll refer you to Sysnative for BSOD crash analysis and debugging help.  (Yes, I'm at that site as well so when the time comes, will watch for you.)

Please go here to run an on-line scan from ESET.

• Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  
• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
  
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic.

[Gale_Tx]

I had to run this two times, the first time windows shut down, and I had to start over. Here is the log, I hope I did it properly. I did not delete anything from the scan.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zPlugin.dll.vir   probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegrator64.exe.vir   Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\AppIntegratorStub64.dll.vir   Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\VideoDownloadConverter_4z\bar\1.bin\Hpg64.dll.vir   Win64/Toolbar.MyWebSearch.A potentially unwanted application
C:\Users\larry\AppData\Local\Temp\1389167153_the_wedownload_manager1.exe   Win32/Packed.ScrambleWrapper.H potentially unwanted application
C:\Users\larry\AppData\Local\Temp\is1658163471\8912406_stp\wajam_validate.exe   Win32/Wajam.F potentially unwanted application
C:\Users\larry\AppData\Local\Temp\{D9E0275E-70F0-4344-9D72-08A3F2725DEE}\setup.exe   multiple threats
C:\Users\larry\Downloads\Shockwave_Installer_Slim.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 11\gt.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 11\gt.exe   Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\$RECYCLE.BIN\S-1-5-21-1704957591-3368010084-2260364653-1000\$R2HOY85\bar\1.bin\4zPlugin.dll   probably a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-1704957591-3368010084-2260364653-1000\$R2HOY85\bar\1.bin\AppIntegrator64.exe   Win64/Toolbar.MyWebSearch.A potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-1704957591-3368010084-2260364653-1000\$R2HOY85\bar\1.bin\AppIntegratorStub64.dll   Win64/Toolbar.MyWebSearch.A potentially unwanted application
D:\$RECYCLE.BIN\S-1-5-21-1704957591-3368010084-2260364653-1000\$R2HOY85\bar\1.bin\Hpg64.dll   Win64/Toolbar.MyWebSearch.A potentially unwanted application
D:\LARZILLA\Backup Set 2014-02-08 102454\Backup Files 2014-02-08 102454\Backup files 1.zip   JS/Toolbar.Crossrider.B potentially unwanted application
D:\LARZILLA\Backup Set 2014-02-08 102454\Backup Files 2014-02-08 102454\Backup files 3.zip   a variant of Win32/OutBrowse.D potentially unwanted application
D:\LARZILLA\Backup Set 2014-02-08 102454\Backup Files 2014-02-08 102454\Backup files 4.zip   a variant of Win32/FirseriaInstaller.C potentially unwanted application
D:\LARZILLA\Backup Set 2014-02-09 190006\Backup Files 2014-02-09 190006\Backup files 4.zip   Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\LARZILLA\Backup Set 2014-03-17 003555\Backup Files 2014-03-17 003555\Backup files 5.zip   Win32/Bundled.Toolbar.Google.D potentially unsafe application
I:\PC Ultra Speed\PCUltraSpeed.exe   a variant of Win32/SpeedingUpMyPC application
I:\PC Ultra Speed\PCUSSmartScan.exe   a variant of Win32/Adware.SpeedingUpMyPC.C application

[Corrine]

Hi, Larry.

Some of the files ESET found are in the AdwCleaner quarantine, recycle bin and backup files.  I believe that during the scan, the zipped backup will be decompressed and the detected files removed not the entire backup.  However, after cleaning, I suggest you create a fresh backup.

1.  Let's start by removing AdwCleaner:

Double-click on AdwCleaner.exe to run the tool again.

• Click on the Uninstall button.
  
• Click Yes when asked are you sure you want to uninstall.
  
• Both AdwCleaner.exe, its folder and all logs will be removed.

2.  Empty the Recycle Bin.

3.  Rescan with ESET but this time change the setting to check the option "Remove found threats".

4.  Regarding the shutdowns.  Please register at Sysnative and follow the instructions here:  Blue Screen of Death (BSOD) Posting Instructions - Windows 8.1, 8, 7 & Vista.  If you register as Gale_Tx, I'll watch for you there and if you have questions you can send me a message there.  You won't be able to miss the familiar name.  :)