Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popups in Windows 8.1

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popups in Windows 8.1

Unread postby DougSr » May 16th, 2014, 8:25 pm

My wife inadvertently downloaded some malware when she downloaded Open Office and now we are getting pop ups while using Chrome. I tried earlier viewtopic.php?f=11&t=62810&sid=6dd0d5ee067c9416ff6a1638095a0813#.U3ar0yhmmBr to get DDS and OTL to work but they are incompatible with Win 8. Gary asked me to run FRST and below are my logs;

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by DougWendy (administrator) on FAMILYPC on 16-05-2014 20:18:25
Running from C:\Users\DougWendy\Downloads
Platform: Windows 8.1 (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7158344 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-13] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-08-29] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (CANON INC.)
HKU\S-1-5-21-1667700695-4105642080-2727116873-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1667700695-4105642080-2727116873-1001\...\MountPoints2: {7476521f-d6c2-11e3-be98-d850e6c581e7} - "O:\LaunchU3.exe" -a
AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL => C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?pc=ASJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\DougWendy\AppData\Roaming\Mozilla\Firefox\Profiles\to9hmuv0.default
FF Homepage: hxxp://www.mercercountysports.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\DougWendy\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: Bitdefender QuickScan - C:\Users\DougWendy\AppData\Roaming\Mozilla\Firefox\Profiles\to9hmuv0.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-03-24]
FF Extension: NoScript - C:\Users\DougWendy\AppData\Roaming\Mozilla\Firefox\Profiles\to9hmuv0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-24]
FF Extension: Adblock Plus - C:\Users\DougWendy\AppData\Roaming\Mozilla\Firefox\Profiles\to9hmuv0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-24]

Chrome:
=======
CHR HomePage: hxxp://www.mercercountysports.com/
CHR StartupUrls: "hxxp://www.mercercountysports.com/"
CHR Extension: (Google Docs) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-24]
CHR Extension: (Google Drive) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-24]
CHR Extension: (YouTube) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-24]
CHR Extension: (Google Search) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-24]
CHR Extension: (avast! Online Security) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-24]
CHR Extension: (Daily Bible Guide) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfjgekpddapedobkjbmeefnjofabigbi [2014-05-06]
CHR Extension: (Tom Sachs) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppegiodmddaaljhkfjokkepamifbekj [2014-03-24]
CHR Extension: (Google Wallet) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-24]
CHR Extension: (Gmail) - C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-24]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2012-06-01] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2012-06-01] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2012-02-17] (ASUSTeK Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-02-19] (Code 42 Software)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-05-15] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
S2 bzserv; C:\Program Files (x86)\Backblaze\bzserv.exe [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-04-21] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-24] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-24] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-12] (StdLib)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 20:18 - 2014-05-16 20:18 - 00016743 _____ () C:\Users\DougWendy\Downloads\FRST.txt
2014-05-16 20:18 - 2014-05-16 20:18 - 00000000 ____D () C:\FRST
2014-05-16 20:17 - 2014-05-16 20:17 - 02067456 _____ (Farbar) C:\Users\DougWendy\Downloads\FRST64.exe
2014-05-16 10:22 - 2014-05-16 10:22 - 00204888 _____ () C:\Users\DougWendy\Desktop\malware removal forum post.txt
2014-05-16 09:26 - 2014-05-16 09:26 - 00130464 _____ () C:\Users\DougWendy\Downloads\OTL.Txt
2014-05-16 09:26 - 2014-05-16 09:26 - 00073206 _____ () C:\Users\DougWendy\Downloads\Extras.Txt
2014-05-16 09:10 - 2014-05-16 09:10 - 00602112 _____ (OldTimer Tools) C:\Users\DougWendy\Downloads\OTL.exe
2014-05-16 09:09 - 2014-05-16 09:09 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds(2).scr
2014-05-16 09:02 - 2014-05-16 09:02 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds.com
2014-05-16 08:59 - 2014-05-16 08:59 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds(1).scr
2014-05-16 08:56 - 2014-05-16 08:56 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds.scr
2014-05-16 08:28 - 2014-05-16 08:29 - 00002288 _____ () C:\Users\DougWendy\Documents\Deacon meeting minutes from May 4, 2014.txt
2014-05-16 08:23 - 2014-05-16 08:23 - 00000000 ____D () C:\Users\DougWendy\Desktop\OpenOffice 4.1.0 (en-US) Installation Files
2014-05-16 08:22 - 2014-05-16 08:23 - 140910890 _____ () C:\Users\DougWendy\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-05-15 11:40 - 2014-05-15 11:40 - 00000498 _____ () C:\WINDOWS\system32\.crusader
2014-05-15 10:49 - 2014-05-15 10:49 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-15 10:49 - 2014-05-15 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-05-15 10:49 - 2014-05-15 10:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-15 10:42 - 2014-05-15 11:40 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 10:23 - 2014-05-15 10:24 - 10971424 _____ (SurfRight B.V.) C:\Users\DougWendy\Downloads\HitmanPro_x64.exe
2014-05-15 09:50 - 2014-05-16 19:47 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 09:50 - 2014-05-15 09:50 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 09:50 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-15 09:50 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-15 09:50 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-15 09:49 - 2014-05-15 09:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DougWendy\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 09:47 - 2014-05-15 09:47 - 00000888 _____ () C:\Users\DougWendy\Desktop\JRT.txt
2014-05-15 09:41 - 2014-05-15 09:41 - 01016261 _____ (Thisisu) C:\Users\DougWendy\Downloads\JRT.exe
2014-05-15 09:41 - 2014-05-15 09:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-15 09:34 - 2014-05-15 09:35 - 00000000 ____D () C:\AdwCleaner
2014-05-15 09:34 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-05-15 09:33 - 2014-05-15 09:33 - 01325827 _____ () C:\Users\DougWendy\Downloads\adwcleaner_3.208.exe
2014-05-14 14:38 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 14:38 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 14:38 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 14:38 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 14:38 - 2014-04-11 06:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 14:38 - 2014-04-11 06:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 14:38 - 2014-04-11 04:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 14:38 - 2014-04-11 02:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 14:38 - 2014-04-11 01:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 14:38 - 2014-04-11 01:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 14:38 - 2014-04-10 23:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 14:38 - 2014-04-10 23:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 14:38 - 2014-04-10 23:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 14:38 - 2014-04-10 23:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 14:38 - 2014-04-10 23:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 14:38 - 2014-04-10 23:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 14:38 - 2014-04-10 23:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 14:38 - 2014-04-10 23:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 14:38 - 2014-04-10 23:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 14:38 - 2014-04-10 23:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 14:38 - 2014-04-10 22:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 14:38 - 2014-04-10 22:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 14:38 - 2014-04-10 22:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 14:38 - 2014-04-10 22:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 14:38 - 2014-04-10 22:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 14:38 - 2014-04-10 22:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 14:38 - 2014-04-10 22:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 14:38 - 2014-04-10 22:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 14:38 - 2014-04-10 22:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 14:38 - 2014-04-10 22:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 14:38 - 2014-04-10 22:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 14:38 - 2014-03-23 22:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 14:38 - 2014-03-23 22:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 14:38 - 2014-03-23 22:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 14:38 - 2014-03-13 03:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 14:38 - 2014-03-13 02:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-14 14:37 - 2014-04-08 18:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 14:37 - 2014-04-08 18:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 14:37 - 2014-04-08 14:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 14:37 - 2014-04-08 14:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 14:37 - 2014-03-27 05:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 14:37 - 2014-03-27 03:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-13 13:14 - 2014-05-12 16:40 - 00061112 _____ (StdLib) C:\WINDOWS\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-13 11:44 - 2014-05-13 11:44 - 00000000 ____D () C:\Users\DougWendy\AppData\Roaming\OpenOffice
2014-05-13 11:41 - 2014-05-15 09:35 - 00000000 ____D () C:\Program Files (x86)\webget
2014-05-13 11:41 - 2014-05-13 11:41 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-05-13 11:41 - 2014-05-13 11:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-05-13 11:41 - 2014-05-13 11:41 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-13 11:16 - 2014-05-13 11:16 - 01070624 _____ (Unity Technologies ApS) C:\Users\DougWendy\Downloads\UnityWebPlayer.exe
2014-05-12 20:30 - 2014-05-12 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2014-05-12 20:30 - 2014-05-12 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
2014-05-12 20:26 - 2014-05-12 20:26 - 26877072 _____ () C:\Users\DougWendy\Downloads\mp68-win-mp560-1_06-ea24.exe
2014-05-12 19:46 - 2014-05-12 19:46 - 00000000 __SHD () C:\Users\DougWendy\AppData\Local\EmieUserList
2014-05-12 19:46 - 2014-05-12 19:46 - 00000000 __SHD () C:\Users\DougWendy\AppData\Local\EmieSiteList
2014-05-10 04:50 - 2014-05-10 04:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 20:36 - 2014-05-08 20:55 - 00000000 ____D () C:\Users\DougWendy\Desktop\HeraldSubmissions
2014-05-02 13:37 - 2014-05-02 13:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 13:36 - 2014-05-02 13:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-04-24 05:55 - 2014-04-24 05:55 - 00000000 ____D () C:\ProgramData\GZ
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\Users\DougWendy\Documents\Adobe
2014-04-21 21:24 - 2014-04-21 21:24 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.4 64-bit.lnk
2014-04-21 21:24 - 2014-04-21 21:24 - 00002078 _____ () C:\Users\Public\Desktop\Lightroom 5.4 64-bit.lnk
2014-04-21 21:24 - 2014-04-21 21:24 - 00000000 ____D () C:\Program Files\Adobe
2014-04-21 21:18 - 2014-04-21 21:18 - 00003510 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nashtockdw@hotmail.com
2014-04-21 21:18 - 2014-04-21 21:18 - 00000796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-04-21 21:17 - 2014-04-21 21:17 - 00000000 ____D () C:\Users\DougWendy\AppData\Roaming\NVIDIA
2014-04-21 21:12 - 2014-04-21 21:17 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-21 21:12 - 2014-04-21 21:12 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2014-04-21 21:12 - 2014-04-21 21:12 - 00000771 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
2014-04-21 21:11 - 2014-04-21 21:24 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-21 20:56 - 2014-04-21 20:56 - 00001340 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-21 20:56 - 2014-04-21 20:56 - 00001328 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-04-21 20:56 - 2014-04-21 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 20:51 - 2014-04-21 20:51 - 02808712 _____ (Adobe Systems Incorporated) C:\Users\DougWendy\Downloads\CreativeCloudSet-Up.exe
2014-04-21 17:26 - 2014-04-21 17:26 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-04-20 13:25 - 2014-04-20 13:25 - 00000000 ____D () C:\Users\DougWendy\Desktop\Easter 2014

==================== One Month Modified Files and Folders =======

2014-05-16 20:18 - 2014-05-16 20:18 - 00016743 _____ () C:\Users\DougWendy\Downloads\FRST.txt
2014-05-16 20:18 - 2014-05-16 20:18 - 00000000 ____D () C:\FRST
2014-05-16 20:17 - 2014-05-16 20:17 - 02067456 _____ (Farbar) C:\Users\DougWendy\Downloads\FRST64.exe
2014-05-16 20:06 - 2014-03-30 10:10 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD7D5603-915A-4950-A4FE-DF764191344E}
2014-05-16 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-16 19:47 - 2014-05-15 09:50 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 19:43 - 2014-03-24 10:28 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 19:21 - 2014-03-23 22:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-16 16:13 - 2014-04-04 23:37 - 01350802 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 10:22 - 2014-05-16 10:22 - 00204888 _____ () C:\Users\DougWendy\Desktop\malware removal forum post.txt
2014-05-16 09:26 - 2014-05-16 09:26 - 00130464 _____ () C:\Users\DougWendy\Downloads\OTL.Txt
2014-05-16 09:26 - 2014-05-16 09:26 - 00073206 _____ () C:\Users\DougWendy\Downloads\Extras.Txt
2014-05-16 09:10 - 2014-05-16 09:10 - 00602112 _____ (OldTimer Tools) C:\Users\DougWendy\Downloads\OTL.exe
2014-05-16 09:09 - 2014-05-16 09:09 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds(2).scr
2014-05-16 09:02 - 2014-05-16 09:02 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds.com
2014-05-16 08:59 - 2014-05-16 08:59 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds(1).scr
2014-05-16 08:56 - 2014-05-16 08:56 - 00688992 _____ (Swearware) C:\Users\DougWendy\Downloads\dds.scr
2014-05-16 08:29 - 2014-05-16 08:28 - 00002288 _____ () C:\Users\DougWendy\Documents\Deacon meeting minutes from May 4, 2014.txt
2014-05-16 08:23 - 2014-05-16 08:23 - 00000000 ____D () C:\Users\DougWendy\Desktop\OpenOffice 4.1.0 (en-US) Installation Files
2014-05-16 08:23 - 2014-05-16 08:22 - 140910890 _____ () C:\Users\DougWendy\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe
2014-05-16 02:00 - 2014-03-23 20:41 - 00000000 ____D () C:\Users\DougWendy\AppData\Local\Adobe
2014-05-15 21:47 - 2014-03-23 15:06 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1667700695-4105642080-2727116873-1001
2014-05-15 21:43 - 2014-03-24 10:28 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 21:43 - 2014-03-24 10:28 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-15 11:44 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2014-05-15 11:43 - 2014-03-24 00:12 - 00000000 __RDO () C:\Users\DougWendy\SkyDrive
2014-05-15 11:42 - 2014-03-23 23:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-15 11:42 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-15 11:40 - 2014-05-15 11:40 - 00000498 _____ () C:\WINDOWS\system32\.crusader
2014-05-15 11:40 - 2014-05-15 10:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-05-15 10:49 - 2014-05-15 10:49 - 00001916 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-05-15 10:49 - 2014-05-15 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-05-15 10:49 - 2014-05-15 10:49 - 00000000 ____D () C:\Program Files\HitmanPro
2014-05-15 10:24 - 2014-05-15 10:23 - 10971424 _____ (SurfRight B.V.) C:\Users\DougWendy\Downloads\HitmanPro_x64.exe
2014-05-15 10:23 - 2014-03-23 22:05 - 00000000 ____D () C:\Users\DougWendy\AppData\Roaming\QuickScan
2014-05-15 10:19 - 2014-04-08 21:03 - 00003774 _____ () C:\WINDOWS\PFRO.log
2014-05-15 10:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\schemas
2014-05-15 09:50 - 2014-05-15 09:50 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 09:50 - 2014-05-15 09:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-15 09:49 - 2014-05-15 09:49 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\DougWendy\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-15 09:47 - 2014-05-15 09:47 - 00000888 _____ () C:\Users\DougWendy\Desktop\JRT.txt
2014-05-15 09:41 - 2014-05-15 09:41 - 01016261 _____ (Thisisu) C:\Users\DougWendy\Downloads\JRT.exe
2014-05-15 09:41 - 2014-05-15 09:41 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-15 09:36 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-15 09:36 - 2012-07-26 01:26 - 00000226 _____ () C:\WINDOWS\win.ini
2014-05-15 09:35 - 2014-05-15 09:34 - 00000000 ____D () C:\AdwCleaner
2014-05-15 09:35 - 2014-05-13 11:41 - 00000000 ____D () C:\Program Files (x86)\webget
2014-05-15 09:33 - 2014-05-15 09:33 - 01325827 _____ () C:\Users\DougWendy\Downloads\adwcleaner_3.208.exe
2014-05-15 09:26 - 2014-03-23 14:49 - 00000000 ___RD () C:\Users\DougWendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 09:26 - 2014-03-23 14:49 - 00000000 ___RD () C:\Users\DougWendy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 07:40 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-15 07:27 - 2013-08-22 10:44 - 05094992 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-15 07:26 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-15 07:26 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 07:26 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 07:26 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-15 07:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 07:26 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 04:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-15 04:57 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-15 04:56 - 2014-03-23 20:37 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-15 04:56 - 2014-03-23 20:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-15 04:56 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-13 14:21 - 2014-03-23 22:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-05-13 11:44 - 2014-05-13 11:44 - 00000000 ____D () C:\Users\DougWendy\AppData\Roaming\OpenOffice
2014-05-13 11:41 - 2014-05-13 11:41 - 00001128 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-05-13 11:41 - 2014-05-13 11:41 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
2014-05-13 11:41 - 2014-05-13 11:41 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-05-13 11:16 - 2014-05-13 11:16 - 01070624 _____ (Unity Technologies ApS) C:\Users\DougWendy\Downloads\UnityWebPlayer.exe
2014-05-12 20:30 - 2014-05-12 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2014-05-12 20:30 - 2014-05-12 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
2014-05-12 20:30 - 2014-03-24 12:16 - 00002036 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2014-05-12 20:30 - 2014-03-24 12:16 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-05-12 20:30 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-05-12 20:26 - 2014-05-12 20:26 - 26877072 _____ () C:\Users\DougWendy\Downloads\mp68-win-mp560-1_06-ea24.exe
2014-05-12 19:46 - 2014-05-12 19:46 - 00000000 __SHD () C:\Users\DougWendy\AppData\Local\EmieUserList
2014-05-12 19:46 - 2014-05-12 19:46 - 00000000 __SHD () C:\Users\DougWendy\AppData\Local\EmieSiteList
2014-05-12 16:40 - 2014-05-13 13:14 - 00061112 _____ (StdLib) C:\WINDOWS\system32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
2014-05-10 20:57 - 2014-03-23 15:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 04:50 - 2014-05-10 04:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 21:38 - 2014-03-24 10:28 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 21:38 - 2014-03-24 10:28 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 20:55 - 2014-05-08 20:36 - 00000000 ____D () C:\Users\DougWendy\Desktop\HeraldSubmissions
2014-05-08 20:27 - 2013-11-14 03:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-08 20:23 - 2014-04-09 20:34 - 00003176 _____ () C:\WINDOWS\setupact.log
2014-05-08 02:07 - 2014-03-23 23:26 - 00000000 ____D () C:\Users\DougWendy
2014-05-06 00:40 - 2014-05-14 14:38 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 23:25 - 2014-05-14 14:38 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 23:00 - 2014-05-14 14:38 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 22:10 - 2014-05-14 14:38 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-02 13:37 - 2014-05-02 13:37 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-02 13:36 - 2014-05-02 13:36 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-01 16:30 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 16:30 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-24 05:55 - 2014-04-24 05:55 - 00000000 ____D () C:\ProgramData\GZ
2014-04-21 22:18 - 2014-04-21 22:18 - 00000000 ____D () C:\Users\DougWendy\Documents\Adobe
2014-04-21 22:18 - 2014-03-23 14:48 - 00000000 ____D () C:\Users\DougWendy\AppData\Roaming\Adobe
2014-04-21 21:24 - 2014-04-21 21:24 - 00002098 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.4 64-bit.lnk
2014-04-21 21:24 - 2014-04-21 21:24 - 00002078 _____ () C:\Users\Public\Desktop\Lightroom 5.4 64-bit.lnk
2014-04-21 21:24 - 2014-04-21 21:24 - 00000000 ____D () C:\Program Files\Adobe
2014-04-21 21:24 - 2014-04-21 21:11 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-21 21:24 - 2013-08-29 06:17 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-21 21:18 - 2014-04-21 21:18 - 00003510 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nashtockdw@hotmail.com
2014-04-21 21:18 - 2014-04-21 21:18 - 00000796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC (64bit).lnk
2014-04-21 21:17 - 2014-04-21 21:17 - 00000000 ____D () C:\Users\DougWendy\AppData\Roaming\NVIDIA
2014-04-21 21:17 - 2014-04-21 21:12 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-04-21 21:12 - 2014-04-21 21:12 - 00000824 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2014-04-21 21:12 - 2014-04-21 21:12 - 00000771 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
2014-04-21 20:56 - 2014-04-21 20:56 - 00001340 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-04-21 20:56 - 2014-04-21 20:56 - 00001328 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-04-21 20:56 - 2014-04-21 20:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-21 20:55 - 2013-08-29 06:17 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-21 20:51 - 2014-04-21 20:51 - 02808712 _____ (Adobe Systems Incorporated) C:\Users\DougWendy\Downloads\CreativeCloudSet-Up.exe
2014-04-21 17:26 - 2014-04-21 17:26 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2014-04-21 17:26 - 2014-03-23 14:47 - 00000000 ____D () C:\Users\DougWendy\AppData\Local\VirtualStore
2014-04-20 13:25 - 2014-04-20 13:25 - 00000000 ____D () C:\Users\DougWendy\Desktop\Easter 2014

Some content of TEMP:
====================
C:\Users\DougWendy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 06:34

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-05-2014
Ran by DougWendy at 2014-05-16 20:18:58
Running from C:\Users\DougWendy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

==================== Installed Programs ======================

Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.4 64-bit (HKLM\...\{558B5965-CC1B-4AF1-BA07-5D6832404050}) (Version: 5.4.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5DA7ED45-2322-45AA-99B6-B8F94EBF859F}) (Version: 20.06.6362.4423 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.06.6362.4423 - Alcor Micro Corp.) Hidden
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.03.00 - ASUSTeK Computer Inc.)
ASUS Easy Update 2 (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 3.00.06 - ASUSTeK Computer Inc.)
ASUS Music Maker (HKLM-x32\...\MAGIX_{5E00D8DF-905B-41C7-B562-C126DE3A4167}) (Version: 18.0.3.3 - MAGIX AG)
ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
ASUS MX Suite (HKLM-x32\...\MAGIX_{9204F334-2A46-49F1-89C4-65CEB7AC1974}) (Version: 1.13.0.121 - MAGIX AG)
ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
ASUS Video easy (HKLM-x32\...\MAGIX_{7DB84618-76E3-4999-A9A0-D7D756E14129}) (Version: 3.0.1.42 - MAGIX AG)
ASUS Video easy (Version: 3.0.1.42 - MAGIX AG) Hidden
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CrashPlan (HKLM\...\{056FE336-5B2D-44A8-B013-EBF0343B0DC5}) (Version: 3.6.3 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Open Office Packages (HKCU\...\Open Office Packages) (Version: - ) <==== ATTENTION
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Συλλογή φωτογραφιών (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

==================== Restore Points =========================

13-05-2014 15:41:18 Installed OpenOffice 4.0.1
16-05-2014 12:25:18 Installed OpenOffice 4.1.0

==================== Hosts content: ==========================

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {13BE30E9-54F8-46B7-80AC-8FFCDE5F512A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {26EFDFF6-3688-47B0-B125-2FCC5C9B3DA7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5AC0E3A8-D810-480D-BD12-1E06FAF68A18} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {5C9ED1AD-9E81-49BD-984E-060FB4D60045} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-05-15] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {705DFFC8-1818-4A62-BEE4-441C19A183E5} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {70BA1D1B-B072-442B-96AC-4A8D160F5113} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8EF130F4-B9CB-4476-8A02-5463BF0A914D} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {ABC0E8AD-D968-49E0-A293-BC8D2DC53333} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nashtockdw@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {C20C6B3E-EA9F-46CB-A562-F9EFB6D9CBC2} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CD81DC57-176F-431A-80B9-56342AC6B379} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E3EC89F0-0A5F-469E-A65C-12D5D4FFB00E} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB153C92-2B43-4A66-A36B-ED02A95DF396} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-24] (Google Inc.)
Task: {F62D41D0-5995-4BA5-823A-31DA85F4DBC3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {F840152A-7F2B-4E7D-A38E-4929A9215A89} - System32\Tasks\ASUS\ASUS Easy Update 2 => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2013-04-01] (ASUSTeK Computer Inc.)
Task: {FC31EAC6-BE4D-4442-B85D-734A14F52EB2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1667700695-4105642080-2727116873-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-23 22:27 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-03-23 22:27 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-03-23 23:23 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-29 06:18 - 2012-06-01 05:42 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2012-12-19 02:10 - 2012-12-19 02:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-02-19 19:17 - 2014-02-19 19:17 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-02-19 19:17 - 2014-02-19 19:17 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2013-08-29 06:18 - 2014-05-15 11:42 - 00025600 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2013-08-29 06:18 - 2010-06-28 22:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2013-12-10 23:00 - 2013-02-15 20:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-10 04:50 - 2014-05-10 04:50 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\DougWendy\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\DougWendy\Downloads\adwcleaner_3.208.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\ccsetup412.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\CrashPlan-x64_3.6.3_Win.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\CreativeCloudSet-Up.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\CrucialScan.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds(1).scr:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds(2).scr:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds.scr:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\HitmanPro_x64.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\mbam-setup-2.0.1.1004.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\mp68-win-mp560-1_06-ea24.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\UnityWebPlayer.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2014 00:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x5155445a
Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x5155445a
Exception code: 0xc000041d
Fault offset: 0x0000a491
Faulting process id: 0x16d4
Faulting application start time: 0xLiveUpdt.exe0
Faulting application path: LiveUpdt.exe1
Faulting module path: LiveUpdt.exe2
Report Id: LiveUpdt.exe3
Faulting package full name: LiveUpdt.exe4
Faulting package-relative application ID: LiveUpdt.exe5

Error: (05/16/2014 00:27:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x5155445a
Faulting module name: LiveUpdt.exe, version: 2.0.0.0, time stamp: 0x5155445a
Exception code: 0xc0000005
Fault offset: 0x0000a491
Faulting process id: 0x16d4
Faulting application start time: 0xLiveUpdt.exe0
Faulting application path: LiveUpdt.exe1
Faulting module path: LiveUpdt.exe2
Report Id: LiveUpdt.exe3
Faulting package full name: LiveUpdt.exe4
Faulting package-relative application ID: LiveUpdt.exe5

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF410).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF410).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF410).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDED30).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:17 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF050).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 08:26:01 AM) (Source: MsiInstaller) (EventID: 1013) (User: FAMILYPC)
Description: Product: OpenOffice 4.1.0 -- Please exit OpenOffice 4.1.0 and the OpenOffice 4.1.0 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice 4.1.0 open.

Error: (05/15/2014 10:16:27 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000F69E33F810).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/15/2014 10:16:27 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000F69E33F810).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator


System errors:
=============
Error: (05/15/2014 11:42:53 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (05/15/2014 11:41:03 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5

Error: (05/15/2014 10:19:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062


Microsoft Office Sessions:
=========================
Error: (05/16/2014 00:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveUpdt.exe2.0.0.05155445aLiveUpdt.exe2.0.0.05155445ac000041d0000a49116d401cf711e526c20acC:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exeC:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exefd6bec99-dd16-11e3-be9f-d850e6c581e7

Error: (05/16/2014 00:27:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LiveUpdt.exe2.0.0.05155445aLiveUpdt.exe2.0.0.05155445ac00000050000a49116d401cf711e526c20acC:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exeC:\Program Files (x86)\ASUS\ASUS Easy Update\LiveUpdt.exefcda7cae-dd16-11e3-be9f-d850e6c581e7

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF410)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF410)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF410)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:22 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDED30)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 09:07:17 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},0000008B3DCDF050)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/16/2014 08:26:01 AM) (Source: MsiInstaller) (EventID: 1013) (User: FAMILYPC)
Description: Product: OpenOffice 4.1.0 -- Please exit OpenOffice 4.1.0 and the OpenOffice 4.1.0 Quickstarter before you continue. If you are using a multi-user system, also make sure that no other user has OpenOffice 4.1.0 open.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (05/15/2014 10:16:27 PM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000F69E33F810)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (05/15/2014 10:16:27 PM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000F69E33F810)

Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 16291.13 MB
Available physical RAM: 11200.61 MB
Total Pagefile: 18723.13 MB
Available Pagefile: 12836.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:61.87 GB) NTFS
Drive d: (Data) (Fixed) (Total:758.21 GB) (Free:754.16 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:2794.39 GB) (Free:1300.32 GB) NTFS
Drive k: (My Passport) (Fixed) (Total:465.64 GB) (Free:12.98 GB) FAT32
Drive l: (Photoshop ) (Fixed) (Total:111.79 GB) (Free:108.77 GB) NTFS
Drive m: (My Book) (Fixed) (Total:3725.99 GB) (Free:1897.37 GB) NTFS
Drive n: (My Passport) (Fixed) (Total:931.48 GB) (Free:103.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 15430E25)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 311109D9)
Partition 1: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 8D399BC0)
Partition 1: (Not Active) - (Size=466 GB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 8.

========================================================
Disk: 9 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am
Advertisement
Register to Remove

Re: Popups in Windows 8.1

Unread postby wannabeageek » May 18th, 2014, 4:11 pm

Hello DougSr, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.


I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...


Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popups in Windows 8.1

Unread postby wannabeageek » May 19th, 2014, 1:02 am

Hi DougSr,

Please run the following:

Step 1.
  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    C:\Program Files (x86)\webget
    R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-12] (StdLib)
    C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
    AlternateDataStreams: C:\Users\DougWendy\Downloads\adwcleaner_3.208.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\ccsetup412.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\CrashPlan-x64_3.6.3_Win.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\CreativeCloudSet-Up.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\CrucialScan.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\dds(1).scr:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\dds(2).scr:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\dds.com:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\dds.scr:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\FRST64.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\HitmanPro_x64.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\JRT.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\mbam-setup-2.0.1.1004.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\mp68-win-mp560-1_06-ea24.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\OTL.exe:BDU
    AlternateDataStreams: C:\Users\DougWendy\Downloads\UnityWebPlayer.exe:BDU
    
  • Save it next to FRST.exe as filename fixlist.txt.
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.



Step 2.
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do the following:
  • Launch the application.
  • One of 2 things will happen:
    • The program will be so outdated that it will automatically invoke a complete re-install; or
    • The program will check, update the database and then run.
    If it does a complete re-install, be sure to follow the prompts.
  • Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popups in Windows 8.1

Unread postby DougSr » May 20th, 2014, 7:44 am

Save it next to FRST.exe as filename fixlist.txt.

I am not sure what you mean here. I will wait for clarification. How do I save it next to FRST.EXE?
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am

Re: Popups in Windows 8.1

Unread postby wannabeageek » May 20th, 2014, 10:37 pm

Hello DougSr,

DougSr wrote:Save it next to FRST.exe as filename fixlist.txt.

I am not sure what you mean here. I will wait for clarification. How do I save it next to FRST.EXE?


What this means is where ever, (folder, location), you saved and ran the program - FRST.exe - this is where you would save the file fixlist.txt.
Running from C:\Users\DougWendy\Downloads



You really need to move this file to the desktop as this is where the programs are designed to run from.
C:\Users\DougWendy\Desktop


If you need assistance please ask.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popups in Windows 8.1

Unread postby DougSr » May 21st, 2014, 12:18 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by DougWendy at 2014-05-20 23:49:34 Run:1
Running from C:\Users\DougWendy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\webget
R1 {9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64; C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys [61112 2014-05-12] (StdLib)
C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys
AlternateDataStreams: C:\Users\DougWendy\Downloads\adwcleaner_3.208.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\ccsetup412.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\CrashPlan-x64_3.6.3_Win.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\CreativeCloudSet-Up.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\CrucialScan.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds(1).scr:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds(2).scr:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\dds.scr:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\HitmanPro_x64.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\mbam-setup-2.0.1.1004.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\mp68-win-mp560-1_06-ea24.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\DougWendy\Downloads\UnityWebPlayer.exe:BDU

*****************

C:\Program Files (x86)\webget => Moved successfully.
{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => Unable to stop service
{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64 => Service deleted successfully.
C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw64.sys => Moved successfully.
C:\Users\DougWendy\Downloads\adwcleaner_3.208.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\Apache_OpenOffice_4.1.0_Win_x86_install_en-US.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\ccsetup412.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\CrashPlan-x64_3.6.3_Win.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\CreativeCloudSet-Up.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\CrucialScan.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\dds(1).scr => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\dds(2).scr => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\dds.com => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\dds.scr => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\HitmanPro_x64.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\JRT.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\mbam-setup-2.0.1.1004.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\mp68-win-mp560-1_06-ea24.exe => ":BDU" ADS removed successfully.
C:\Users\DougWendy\Downloads\OTL.exe => ":BDU" ADS removed successfully.
"C:\Users\DougWendy\Downloads\UnityWebPlayer.exe" => ":BDU" ADS not found.


The system needed a reboot.

==== End of Fixlog ====
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am

Re: Popups in Windows 8.1

Unread postby DougSr » May 21st, 2014, 12:19 am

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/21/2014
Scan Time: 12:17:56 AM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.21.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: DougWendy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275430
Time Elapsed: 10 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am

Re: Popups in Windows 8.1

Unread postby DougSr » May 21st, 2014, 12:23 am

I have to let you know that Chrome was deleted and reinstalled in between my initial posting and these tests. I apologize for this.
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am

Re: Popups in Windows 8.1

Unread postby wannabeageek » May 21st, 2014, 1:11 am

Hi DougSr,

When you downloaded and installed the OPen Office suite, was the entry below part of the installation?
FRST flagged it as an issue to be dealt with.

Open Office Packages (HKCU\...\Open Office Packages) (Version: - ) <==== ATTENTION
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popups in Windows 8.1

Unread postby DougSr » May 21st, 2014, 1:34 am

I do not know, I was not the one to install it. I am positive my wife did not notice it.
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am

Re: Popups in Windows 8.1

Unread postby wannabeageek » May 21st, 2014, 9:33 pm

Hi DougSr,

If you or your wife are unable to determine the origin of this installed program I highly reccomend its removal.
Open Office Packages (HKCU\...\Open Office Packages) (Version: - ) <==== ATTENTION


Please post back the condition of the computer and whether or not this affected the Open Office Suite.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popups in Windows 8.1

Unread postby DougSr » May 21st, 2014, 10:44 pm

I have removed open office, is that what you mean? I certainly hope so, I am too scared of messing this up with Windows 8.
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am

Re: Popups in Windows 8.1

Unread postby wannabeageek » May 21st, 2014, 11:04 pm

Hi,

I apologize for the misunderstanding. There were 2 entries in the installed programs list:
1.) Open Office Packages (HKCU\...\Open Office Packages) (Version: - ) <==== ATTENTION
2. ) OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)


The first entry is the one in question and possibly the source or part of the source of malware.
The second entry is legitimate and could have been left alone.

Did you remove both?

How is the computer behaving?

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Popups in Windows 8.1

Unread postby DougSr » May 21st, 2014, 11:13 pm

I am assuming that you mean remove them in regedit? I looked for the first one and could not find it. I shall respond and try to look for the second. I will say the computer has been operating fine but for MBAM finding an interesting tidbit, a pup I think it was. Let me find the latest log and copy it here.
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am

Re: Popups in Windows 8.1

Unread postby DougSr » May 21st, 2014, 11:16 pm

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/21/2014
Scan Time: 11:15:54 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.21.10
Rootkit Database: v2014.05.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: DougWendy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275745
Time Elapsed: 2 hr, 0 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Conduit.A, C:\Users\DougWendy\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.air1.com/", "http://www.google.com", "http://search.conduit.com/?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP56641997-1825-47B8-B06F-13601646BDED&SSPV=" ],), ,[709e5df7f08b92a4f961d9a740c4d828]

Physical Sectors: 0
(No malicious items detected)


(end)
DougSr
Regular Member
 
Posts: 70
Joined: July 5th, 2006, 12:21 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 116 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware