Jump to content

marley99

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

Reputation

0 Neutral
  1. marley99
    Thank you 1PW step 1 worked out for me. i deleted the old program, restarted the computer, downloaded the new fresh one and it was good to go. Ran malwarebytes and had 4 registry keys and 38 files... Not letting the roommate use my PC anymore. He dl'ed one of those resume builders and it must've been full of spyware.
  2. marley99
    hello, my computer has been infected for the past 2 days now. I had the malwarebytes trial version and was using it frequently, scanning almost everyday the past 2 weeks or so. I turn on my computer yesterday and usually Malwarebytes is already running and in my notification area but i noticed it wasn't. After letting my computer boot all the way up I try to run Malwarebytes but a error box pops up saying "Malwarebytes Anti-Malware has stopped working", my options then are to check online for a solution and close the program, or close the program. The following is the details pasted verbatum. Problem signature: Problem Event Name: APPCRASH Application Name: mbam.exe Application Version: 1.0.0.532 Application Timestamp: 53518532 Fault Module Name: MSVCR100.dll Fault Module Version: 10.0.40219.325 Fault Module Timestamp: 4df2be1e Exception Code: 40000015 Exception Offset: 0008d6fd OS Version: 6.1.7600.2.0.0.256.1 Locale ID: 1033 Additional Information 1: 8374 Additional Information 2: 83748d7ce6919cf452bf5c3838e036f3 Additional Information 3: 2e01 Additional Information 4: 2e01b10c887fd7f971b05773252074ee Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt I then proceed to purchase the professional malwarebytes program for 1 year for 3 devices through their website and uninstall the malwarebytes i currently have and redownload the professional one and installed it. After install the same error popped up. I couldn't get to the part where i register the software. So then i try to use chameleon to log-in and same error. I used 9 of 13 possible chameleon links before giving that up. I also try to excecute the file through Run, and through task manager with no luck as well, only the same message. So now i'm here posting my failures. I downloaded Farbar recovery scan tool and ran the program. Here is the FRST report: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by bob marley (administrator) on BOBMARLEY-PC on 08-07-2014 20:46:05 Running from C:\Users\bob marley\Downloads Platform: Windows 7 Ultimate (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Realtek) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe () C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\audiodg.exe (Microsoft Corporation) C:\Windows\hh.exe (MalwareBytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.pif (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe () C:\Program Files (x86)\SpyShelter Firewall\RsltView.exe () C:\Program Files (x86)\SpyShelter Firewall\RsltView.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM\...\Run: [spyShelter] => C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe [5087584 2014-02-13] () HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\S-1-5-21-440041499-1871656134-578955171-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-440041499-1871656134-578955171-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-06-30] (Valve Corporation) HKU\S-1-5-21-440041499-1871656134-578955171-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-16] (Adobe Systems Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== ProxyServer: HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2567C35767CECD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6-3t7Zac_iCe3JLnVSNOFOZo7nLjCggePpKP2XXA9jLED_8amKlxM3F8-dMb97r-K9ixxUsshsxKrLlDwVsGMPgTpWdc87WOEMDovH4B0vzWPAz-jF66zAKbw06O9Zc,&q={searchTerms} SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6-3t7Zac_iCe3JLnVSNOFOZo7nLjCggePpKP2XXA9jLED_8amKlxM3F8-dMb97r-K9ixxUsshsxKrLlDwVsGMPgTpWdc87WOEMDovH4B0vzWPAz-jF66zAKbw06O9ZA,&q={searchTerms} SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No File BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 FireFox: ======== FF ProfilePath: C:\Users\bob marley\AppData\Roaming\Mozilla\Firefox\Profiles\fmlhmb3f.default FF DefaultSearchEngine: DuckDuckGo FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: DuckDuckGo FF Homepage: https://duckduckgo.com/ FF Keyword.URL: https://search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade) FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade) FF SearchPlugin: C:\Users\bob marley\AppData\Roaming\Mozilla\Firefox\Profiles\fmlhmb3f.default\searchplugins\duckduckgo.xml FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-04] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Google Drive) - C:\Users\bob marley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-18] CHR Extension: (Google Search) - C:\Users\bob marley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-18] CHR Extension: (Gmail) - C:\Users\bob marley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-18] CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\bob marley\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2012-11-18] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-17] (AVAST Software) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 Realtek11nSU; C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2011-08-13] () [File not signed] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-17] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-17] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-17] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-17] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-17] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-17] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-17] () R1 Spyshelter; C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [812384 2014-02-13] (SpyShelter) R2 SpyshelterFw; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys [104800 2014-02-05] () R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys [237408 2013-12-23] (SpyShelter) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-08 20:46 - 2014-07-08 20:46 - 00017918 _____ () C:\Users\bob marley\Downloads\FRST.txt 2014-07-08 20:45 - 2014-07-08 20:46 - 00000000 ____D () C:\FRST 2014-07-08 20:28 - 2014-07-08 20:28 - 02084352 _____ (Farbar) C:\Users\bob marley\Downloads\FRST64.exe 2014-07-08 12:07 - 2014-07-08 20:42 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-08 12:07 - 2014-07-08 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-08 12:07 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-08 12:07 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-08 12:04 - 2014-07-08 12:04 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\bob marley\Downloads\mbam_premium.exe 2014-07-08 11:57 - 2014-07-08 11:57 - 00262144 _____ () C:\Windows\Minidump\070814-22744-01.dmp 2014-07-04 11:46 - 2014-07-04 11:46 - 00291656 _____ () C:\Windows\Minidump\070414-26707-01.dmp 2014-07-02 23:30 - 2014-07-02 23:31 - 00291800 _____ () C:\Windows\Minidump\070214-22370-01.dmp 2014-06-26 12:09 - 2014-06-26 12:10 - 00000000 ____D () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782 2014-06-26 11:58 - 2014-06-26 12:09 - 142481980 _____ () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782.zip 2014-06-18 10:08 - 2014-07-08 20:43 - 00000000 ____D () C:\Users\bob marley\AppData\Local\CrashDumps 2014-06-17 23:35 - 2014-06-17 23:37 - 00000000 ____D () C:\Users\bob marley\Downloads\gpg4usb-0.3.3 2014-06-17 22:53 - 2014-06-29 02:33 - 16798961 _____ () C:\Users\bob marley\Downloads\gpg4usb-0.3.3.zip 2014-06-17 20:11 - 2014-06-17 20:11 - 00000000 ____D () C:\ProgramData\Licenses 2014-06-17 20:05 - 2014-06-17 20:21 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\SpyShelter 2014-06-17 20:05 - 2014-06-17 20:05 - 00001094 _____ () C:\Users\Public\Desktop\SpyShelter Firewall.lnk 2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter 2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\Program Files (x86)\SpyShelter Firewall 2014-06-17 20:05 - 2013-05-22 20:03 - 00042296 _____ () C:\Windows\system32\SpyShelterShellExt.dll 2014-06-17 20:05 - 2013-05-22 20:03 - 00033080 _____ () C:\Windows\SysWOW64\SpyShelterShellExt.dll 2014-06-17 20:03 - 2014-06-17 20:05 - 09109656 _____ ( ) C:\Users\bob marley\Downloads\fwsetup.exe 2014-06-17 12:02 - 2014-06-17 12:58 - 00000000 ____D () C:\Users\bob marley\Documents\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00002044 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk 2014-06-17 12:02 - 2014-06-17 12:02 - 00002020 _____ () C:\Users\bob marley\Desktop\WSOP.com.lnk 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Program Files (x86)\WSOP.com 2014-06-17 11:53 - 2014-06-17 11:53 - 00442008 _____ (Random-Logic) C:\Users\bob marley\Downloads\wsop.com.exe 2014-06-17 11:26 - 2014-06-17 11:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-17 11:25 - 2014-06-17 11:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-17 11:18 - 2014-06-17 11:18 - 00001160 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-17 11:15 - 2014-06-17 11:15 - 00002450 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-06-17 10:35 - 2014-06-18 10:08 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-17 10:35 - 2014-06-18 10:08 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-17 10:35 - 2014-06-17 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-17 10:33 - 2014-06-17 10:34 - 00284224 _____ (Mozilla) C:\Users\bob marley\Downloads\Firefox Setup Stub 30.0.exe 2014-06-17 10:24 - 2014-06-17 10:24 - 00000000 ____D () C:\Program Files\003 2014-06-17 10:22 - 2014-06-17 10:22 - 00000000 ____D () C:\Users\bob marley\AppData\Local\globalUpdate 2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\bob marley\Desktop\Tor Browser2 2014-06-11 10:37 - 2014-06-11 10:38 - 27167987 _____ () C:\Users\bob marley\Downloads\torbrowser-install-3.6.2_en-US.exe 2014-06-09 22:28 - 2014-06-10 01:13 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\TS3Client 2014-06-09 22:28 - 2014-06-09 22:28 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client ==================== One Month Modified Files and Folders ======= 2014-07-08 20:46 - 2014-07-08 20:46 - 00017918 _____ () C:\Users\bob marley\Downloads\FRST.txt 2014-07-08 20:46 - 2014-07-08 20:45 - 00000000 ____D () C:\FRST 2014-07-08 20:43 - 2014-06-18 10:08 - 00000000 ____D () C:\Users\bob marley\AppData\Local\CrashDumps 2014-07-08 20:42 - 2014-07-08 12:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-08 20:28 - 2014-07-08 20:28 - 02084352 _____ (Farbar) C:\Users\bob marley\Downloads\FRST64.exe 2014-07-08 20:24 - 2012-03-29 11:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-08 20:24 - 2011-04-04 21:21 - 01651314 _____ () C:\Windows\WindowsUpdate.log 2014-07-08 20:23 - 2013-07-21 19:30 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-08 20:17 - 2013-10-05 10:11 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-08 20:17 - 2012-12-30 02:00 - 00033220 _____ () C:\Windows\setupact.log 2014-07-08 20:17 - 2011-04-29 19:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-08 20:17 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-08 20:11 - 2011-04-05 00:23 - 00200978 _____ () C:\Windows\PFRO.log 2014-07-08 12:07 - 2014-07-08 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-07-08 12:04 - 2014-07-08 12:04 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\bob marley\Downloads\mbam_premium.exe 2014-07-08 11:57 - 2014-07-08 11:57 - 00262144 _____ () C:\Windows\Minidump\070814-22744-01.dmp 2014-07-08 11:57 - 2011-04-05 00:24 - 00000000 ____D () C:\Windows\Minidump 2014-07-08 11:54 - 2012-07-22 01:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-07-04 11:46 - 2014-07-04 11:46 - 00291656 _____ () C:\Windows\Minidump\070414-26707-01.dmp 2014-07-03 11:12 - 2009-07-13 22:13 - 00729550 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-02 23:31 - 2014-07-02 23:30 - 00291800 _____ () C:\Windows\Minidump\070214-22370-01.dmp 2014-07-02 19:43 - 2011-04-04 22:28 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Malwarebytes 2014-07-02 19:43 - 2011-04-04 22:28 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-02 19:43 - 2011-04-04 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-06-29 02:33 - 2014-06-17 22:53 - 16798961 _____ () C:\Users\bob marley\Downloads\gpg4usb-0.3.3.zip 2014-06-28 23:49 - 2009-07-13 21:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-28 23:49 - 2009-07-13 21:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-26 12:10 - 2014-06-26 12:09 - 00000000 ____D () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782 2014-06-26 12:09 - 2014-06-26 11:58 - 142481980 _____ () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782.zip 2014-06-18 10:08 - 2014-06-17 10:35 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-06-18 10:08 - 2014-06-17 10:35 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-17 23:37 - 2014-06-17 23:35 - 00000000 ____D () C:\Users\bob marley\Downloads\gpg4usb-0.3.3 2014-06-17 20:21 - 2014-06-17 20:05 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\SpyShelter 2014-06-17 20:11 - 2014-06-17 20:11 - 00000000 ____D () C:\ProgramData\Licenses 2014-06-17 20:05 - 2014-06-17 20:05 - 00001094 _____ () C:\Users\Public\Desktop\SpyShelter Firewall.lnk 2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter 2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\Program Files (x86)\SpyShelter Firewall 2014-06-17 20:05 - 2014-06-17 20:03 - 09109656 _____ ( ) C:\Users\bob marley\Downloads\fwsetup.exe 2014-06-17 12:58 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\Documents\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00002044 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk 2014-06-17 12:02 - 2014-06-17 12:02 - 00002020 _____ () C:\Users\bob marley\Desktop\WSOP.com.lnk 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com 2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Program Files (x86)\WSOP.com 2014-06-17 12:02 - 2014-01-10 00:00 - 00002020 _____ () C:\Users\UpdatusUser\Desktop\WSOP.com.lnk 2014-06-17 12:02 - 2011-07-10 13:26 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2014-06-17 11:53 - 2014-06-17 11:53 - 00442008 _____ (Random-Logic) C:\Users\bob marley\Downloads\wsop.com.exe 2014-06-17 11:26 - 2013-12-28 12:57 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys 2014-06-17 11:26 - 2013-03-15 11:51 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-06-17 11:26 - 2011-04-04 22:19 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2014-06-17 11:26 - 2011-04-04 22:19 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-06-17 11:26 - 2011-04-04 22:19 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-06-17 11:25 - 2014-06-17 11:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-06-17 11:25 - 2014-06-17 11:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-06-17 11:25 - 2013-03-15 11:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-06-17 11:25 - 2012-07-22 01:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-06-17 11:25 - 2011-04-04 22:19 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-06-17 11:25 - 2011-04-04 22:19 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-06-17 11:18 - 2014-06-17 11:18 - 00001160 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-17 11:15 - 2014-06-17 11:15 - 00002450 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-06-17 10:36 - 2012-01-28 15:41 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Mozilla 2014-06-17 10:35 - 2014-06-17 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-17 10:35 - 2014-05-09 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-17 10:34 - 2014-06-17 10:33 - 00284224 _____ (Mozilla) C:\Users\bob marley\Downloads\Firefox Setup Stub 30.0.exe 2014-06-17 10:24 - 2014-06-17 10:24 - 00000000 ____D () C:\Program Files\003 2014-06-17 10:22 - 2014-06-17 10:22 - 00000000 ____D () C:\Users\bob marley\AppData\Local\globalUpdate 2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-12 20:23 - 2013-10-26 10:18 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-06-12 20:23 - 2011-11-05 16:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\bob marley\Desktop\Tor Browser2 2014-06-11 10:38 - 2014-06-11 10:37 - 27167987 _____ () C:\Users\bob marley\Downloads\torbrowser-install-3.6.2_en-US.exe 2014-06-10 01:13 - 2014-06-09 22:28 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\TS3Client 2014-06-09 22:28 - 2014-06-09 22:28 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk 2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client 2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client 2014-06-09 22:26 - 2013-07-24 22:58 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Skype Some content of TEMP: ==================== C:\Users\bob marley\AppData\Local\Temp\BackupSetup.exe C:\Users\bob marley\AppData\Local\Temp\GenericUninstall.exe C:\Users\bob marley\AppData\Local\Temp\hsbing_717_active.exe C:\Users\bob marley\AppData\Local\Temp\i4jdel0.exe C:\Users\bob marley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\bob marley\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\bob marley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\bob marley\AppData\Local\Temp\lowproc.exe C:\Users\bob marley\AppData\Local\Temp\Nv3DVStreaming.dll C:\Users\bob marley\AppData\Local\Temp\nvSCPAPI.dll C:\Users\bob marley\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\bob marley\AppData\Local\Temp\nvStereoApiI.dll C:\Users\bob marley\AppData\Local\Temp\nvStereoApiI64.dll C:\Users\bob marley\AppData\Local\Temp\nvStInst.exe C:\Users\bob marley\AppData\Local\Temp\optprosetup.exe C:\Users\bob marley\AppData\Local\Temp\SearchProtectionSetup.exe C:\Users\bob marley\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\bob marley\AppData\Local\Temp\setup.exe C:\Users\bob marley\AppData\Local\Temp\stubhelper.dll C:\Users\bob marley\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\bob marley\AppData\Local\Temp\tbSwee.dll C:\Users\bob marley\AppData\Local\Temp\uninstaller.exe C:\Users\bob marley\AppData\Local\Temp\utt2582.tmp.exe C:\Users\bob marley\AppData\Local\Temp\uttB6F7.tmp.exe C:\Users\bob marley\AppData\Local\Temp\vcredist_x64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 00:10 ==================== End Of Log ============================ And here is the Addition report: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01 Ran by bob marley at 2014-07-08 20:47:05 Running from C:\Users\bob marley\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Ableton Live 8 (HKLM-x32\...\{4941E15C-3C68-4FB7-B5A4-5061B92E9166}) (Version: 8.0.0.0 - Ableton) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated) Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software) Beatport Downloader (HKLM-x32\...\com.beatport.BeatportDownloader) (Version: 1.4 - Beatport LLC) Beatport Downloader (x32 Version: 1.4 - Beatport LLC) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - ) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve) EnGenius 11n USB Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - EnGenius Technologies) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION) EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION) EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.16.327 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.) iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle) Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.2.0.21697 - Juniper Networks) Juniper Networks Network Connect 7.2.0 (HKLM-x32\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.21697 - Juniper Networks) Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Light Image Resizer 4.3.2.2 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.3.2.2 - ObviousIdea) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla) NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation) NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation) NVIDIA Control Panel 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.) Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION) SpyShelter Firewall 3.0 (HKLM\...\SpyshelterInternetSecurity_is1) (Version: 3.0 - ) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc) thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version: - TD AMERITRADE, Inc.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version: - Microsoft) Warcraft III (HKLM-x32\...\Warcraft III) (Version: - ) Warcraft III: All Products (HKCU\...\Warcraft III) (Version: - ) WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. ) WSOP.com (HKLM-x32\...\WSOP.com) (Version: - ) ==================== Restore Points ========================= 23-06-2014 02:00:45 Windows Backup 30-06-2014 02:31:58 Windows Backup 07-07-2014 04:27:44 Windows Backup ==================== Hosts content: ========================== 2009-07-13 19:34 - 2012-12-07 13:47 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0384AED0-1421-4E6D-807A-629C06A00AFF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-13] () Task: {0A137D08-3D6E-4B59-828C-0AE8B99EAA6D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {0EA6C14F-4C44-4A0D-B401-B1AB0989B517} - System32\Tasks\{B9AC5CA2-68F7-4A0E-A646-8B11D359ED1A} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603 Task: {1E9F8E8D-17B6-47A6-8AD6-D8032D785849} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {2679BDB8-5AA4-40A2-9468-38BF4DBDB939} - System32\Tasks\{003FA240-C956-4E65-8B25-03F9F343A6CD} => Firefox.exe http://ui.skype.com/ui/0/6.7.0.102/en/go/help.faq.installer?LastError=1603 Task: {499CA31E-4D31-4DC2-BFB6-9CE659311C83} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - bob marley => C:\Program Files (x86)\LTCM Client\ltcmClient.exe Task: {4C2DBA64-B7F6-48A5-B466-5C1E0D889D90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated) Task: {69AD9D3A-9D64-41E6-A87C-4CA78E941D60} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-17] (AVAST Software) Task: {7CC29E7C-3760-459F-BB6B-2312CEB402A8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {8B385B10-4E34-48F1-B817-6F4A2754F681} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {A0A05C13-6187-4687-B7E9-1E6CE6F00859} - System32\Tasks\AdobeAAMUpdater-1.0-bobmarley-PC-bob marley => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {B9EC63BD-58B3-42C5-B956-9B2FA7A2A33A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {CF472F80-CB89-42EC-96CE-1D2D8E36FA97} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2011-04-07 23:19 - 2013-02-09 18:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-06-17 20:05 - 2014-02-13 12:09 - 05087584 _____ () C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe 2014-06-17 20:05 - 2013-05-22 20:05 - 00537400 _____ () C:\Program Files (x86)\SpyShelter Firewall\RsltView.exe ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:905844AA ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/08/2014 08:43:41 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xefc Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:42:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1194 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:40:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x398 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:38:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x3d8 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:36:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xad0 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:35:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xb44 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:34:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x12d8 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:33:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0xb24 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:33:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x132c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/08/2014 08:17:29 PM) (Source: Winlogon) (EventID: 4103) (User: ) Description: Windows license activation failed. Error 0x80070005. System errors: ============= Error: (07/08/2014 08:19:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (07/08/2014 08:19:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (07/08/2014 08:14:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (07/08/2014 08:14:17 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (07/08/2014 08:14:16 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Microsoft Office Sessions: ========================= Error: (12/06/2011 04:48:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 93995 seconds with 7320 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 42% Total physical RAM: 4094.49 MB Available physical RAM: 2343.57 MB Total Pagefile: 8187.12 MB Available Pagefile: 6271.41 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.91 GB) (Free:22.94 GB) NTFS Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:371.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 41AB2316) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: A60E8A81) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ I have no idea what any of that data means so whoever is wiling to help me out there will be much positive energy and karma headed your direction. Thank you to anyone who can help me with this problem.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.