Jump to content

Infected need help! FAQ's did not solve issue


Recommended Posts

hello, my computer has been infected for the past 2 days now.  I had the malwarebytes trial version and was using it frequently, scanning almost everyday the past 2 weeks or so.  I turn on my computer yesterday and usually Malwarebytes is already running and in my notification area but i noticed it wasn't.

 

After letting my computer boot all the way up I try to run Malwarebytes but a error box pops up saying "Malwarebytes Anti-Malware has stopped working", my options then are to check online for a solution and close the program, or close the program. The following is the details pasted verbatum.

 

Problem signature:
  Problem Event Name:    APPCRASH
  Application Name:    mbam.exe
  Application Version:    1.0.0.532
  Application Timestamp:    53518532
  Fault Module Name:    MSVCR100.dll
  Fault Module Version:    10.0.40219.325
  Fault Module Timestamp:    4df2be1e
  Exception Code:    40000015
  Exception Offset:    0008d6fd
  OS Version:    6.1.7600.2.0.0.256.1
  Locale ID:    1033
  Additional Information 1:    8374
  Additional Information 2:    83748d7ce6919cf452bf5c3838e036f3
  Additional Information 3:    2e01
  Additional Information 4:    2e01b10c887fd7f971b05773252074ee

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt
 

 

 

I then proceed to purchase the professional malwarebytes program for 1 year for 3 devices through their website and uninstall the malwarebytes i currently have and redownload the professional one and installed it.  After install the same error popped up.  I couldn't get to the part where i register the software.

 

So then i try to use chameleon to log-in and same error. I used 9 of 13 possible chameleon links before giving that up. 

 

I also try to excecute the file through Run, and through task manager with no luck as well, only the same message.

 

So now i'm here posting my failures.

 

I downloaded Farbar recovery scan tool and ran the program.

 

Here is the FRST report:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by bob marley (administrator) on BOBMARLEY-PC on 08-07-2014 20:46:05
Running from C:\Users\bob marley\Downloads
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Realtek) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtWLan.exe
() C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\hh.exe
(MalwareBytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\firefox.pif
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
() C:\Program Files (x86)\SpyShelter Firewall\RsltView.exe
() C:\Program Files (x86)\SpyShelter Firewall\RsltView.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [spyShelter] => C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe [5087584 2014-02-13] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-07-04] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-440041499-1871656134-578955171-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-440041499-1871656134-578955171-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-06-30] (Valve Corporation)
HKU\S-1-5-21-440041499-1871656134-578955171-1001\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-16] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer:
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2567C35767CECD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6-3t7Zac_iCe3JLnVSNOFOZo7nLjCggePpKP2XXA9jLED_8amKlxM3F8-dMb97r-K9ixxUsshsxKrLlDwVsGMPgTpWdc87WOEMDovH4B0vzWPAz-jF66zAKbw06O9Zc,&q={searchTerms}
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0T-NJ1bNV5iGB7j76kR7EOZGkeQkbUBtqSnxyioASX7XiWPTst6-3t7Zac_iCe3JLnVSNOFOZo7nLjCggePpKP2XXA9jLED_8amKlxM3F8-dMb97r-K9ixxUsshsxKrLlDwVsGMPgTpWdc87WOEMDovH4B0vzWPAz-jF66zAKbw06O9ZA,&q={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\bob marley\AppData\Roaming\Mozilla\Firefox\Profiles\fmlhmb3f.default
FF DefaultSearchEngine: DuckDuckGo
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: https://duckduckgo.com/
FF Keyword.URL: https://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: tdameritrade.com/thinkorswim - C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF Plugin HKCU: tdameritrade.com/tossc - C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
FF SearchPlugin: C:\Users\bob marley\AppData\Roaming\Mozilla\Firefox\Profiles\fmlhmb3f.default\searchplugins\duckduckgo.xml
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-04-04]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Drive) - C:\Users\bob marley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-18]
CHR Extension: (Google Search) - C:\Users\bob marley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-18]
CHR Extension: (Gmail) - C:\Users\bob marley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-18]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\bob marley\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2012-11-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-17] (AVAST Software)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Realtek11nSU; C:\Program Files (x86)\EnGenius\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1255736 2011-08-13] () [File not signed]

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-06-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-06-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-06-17] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-06-17] ()
R1 Spyshelter; C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.sys [812384 2014-02-13] (SpyShelter)
R2 SpyshelterFw; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterWFP.sys [104800 2014-02-05] ()
R1 SpyshelterKb; C:\Program Files (x86)\SpyShelter Firewall\SpyshelterKb.sys [237408 2013-12-23] (SpyShelter)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 20:46 - 2014-07-08 20:46 - 00017918 _____ () C:\Users\bob marley\Downloads\FRST.txt
2014-07-08 20:45 - 2014-07-08 20:46 - 00000000 ____D () C:\FRST
2014-07-08 20:28 - 2014-07-08 20:28 - 02084352 _____ (Farbar) C:\Users\bob marley\Downloads\FRST64.exe
2014-07-08 12:07 - 2014-07-08 20:42 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 12:07 - 2014-07-08 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 12:07 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-08 12:07 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-08 12:04 - 2014-07-08 12:04 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\bob marley\Downloads\mbam_premium.exe
2014-07-08 11:57 - 2014-07-08 11:57 - 00262144 _____ () C:\Windows\Minidump\070814-22744-01.dmp
2014-07-04 11:46 - 2014-07-04 11:46 - 00291656 _____ () C:\Windows\Minidump\070414-26707-01.dmp
2014-07-02 23:30 - 2014-07-02 23:31 - 00291800 _____ () C:\Windows\Minidump\070214-22370-01.dmp
2014-06-26 12:09 - 2014-06-26 12:10 - 00000000 ____D () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782
2014-06-26 11:58 - 2014-06-26 12:09 - 142481980 _____ () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782.zip
2014-06-18 10:08 - 2014-07-08 20:43 - 00000000 ____D () C:\Users\bob marley\AppData\Local\CrashDumps
2014-06-17 23:35 - 2014-06-17 23:37 - 00000000 ____D () C:\Users\bob marley\Downloads\gpg4usb-0.3.3
2014-06-17 22:53 - 2014-06-29 02:33 - 16798961 _____ () C:\Users\bob marley\Downloads\gpg4usb-0.3.3.zip
2014-06-17 20:11 - 2014-06-17 20:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-17 20:05 - 2014-06-17 20:21 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\SpyShelter
2014-06-17 20:05 - 2014-06-17 20:05 - 00001094 _____ () C:\Users\Public\Desktop\SpyShelter Firewall.lnk
2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter
2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\Program Files (x86)\SpyShelter Firewall
2014-06-17 20:05 - 2013-05-22 20:03 - 00042296 _____ () C:\Windows\system32\SpyShelterShellExt.dll
2014-06-17 20:05 - 2013-05-22 20:03 - 00033080 _____ () C:\Windows\SysWOW64\SpyShelterShellExt.dll
2014-06-17 20:03 - 2014-06-17 20:05 - 09109656 _____ ( ) C:\Users\bob marley\Downloads\fwsetup.exe
2014-06-17 12:02 - 2014-06-17 12:58 - 00000000 ____D () C:\Users\bob marley\Documents\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00002044 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk
2014-06-17 12:02 - 2014-06-17 12:02 - 00002020 _____ () C:\Users\bob marley\Desktop\WSOP.com.lnk
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Program Files (x86)\WSOP.com
2014-06-17 11:53 - 2014-06-17 11:53 - 00442008 _____ (Random-Logic) C:\Users\bob marley\Downloads\wsop.com.exe
2014-06-17 11:26 - 2014-06-17 11:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-17 11:25 - 2014-06-17 11:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-17 11:18 - 2014-06-17 11:18 - 00001160 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 11:15 - 2014-06-17 11:15 - 00002450 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-17 10:35 - 2014-06-18 10:08 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-17 10:35 - 2014-06-18 10:08 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 10:35 - 2014-06-17 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-17 10:33 - 2014-06-17 10:34 - 00284224 _____ (Mozilla) C:\Users\bob marley\Downloads\Firefox Setup Stub 30.0.exe
2014-06-17 10:24 - 2014-06-17 10:24 - 00000000 ____D () C:\Program Files\003
2014-06-17 10:22 - 2014-06-17 10:22 - 00000000 ____D () C:\Users\bob marley\AppData\Local\globalUpdate
2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\bob marley\Desktop\Tor Browser2
2014-06-11 10:37 - 2014-06-11 10:38 - 27167987 _____ () C:\Users\bob marley\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-09 22:28 - 2014-06-10 01:13 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\TS3Client
2014-06-09 22:28 - 2014-06-09 22:28 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client

==================== One Month Modified Files and Folders =======

2014-07-08 20:46 - 2014-07-08 20:46 - 00017918 _____ () C:\Users\bob marley\Downloads\FRST.txt
2014-07-08 20:46 - 2014-07-08 20:45 - 00000000 ____D () C:\FRST
2014-07-08 20:43 - 2014-06-18 10:08 - 00000000 ____D () C:\Users\bob marley\AppData\Local\CrashDumps
2014-07-08 20:42 - 2014-07-08 12:07 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 20:28 - 2014-07-08 20:28 - 02084352 _____ (Farbar) C:\Users\bob marley\Downloads\FRST64.exe
2014-07-08 20:24 - 2012-03-29 11:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 20:24 - 2011-04-04 21:21 - 01651314 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 20:23 - 2013-07-21 19:30 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-08 20:17 - 2013-10-05 10:11 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-08 20:17 - 2012-12-30 02:00 - 00033220 _____ () C:\Windows\setupact.log
2014-07-08 20:17 - 2011-04-29 19:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-08 20:17 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 20:11 - 2011-04-05 00:23 - 00200978 _____ () C:\Windows\PFRO.log
2014-07-08 12:07 - 2014-07-08 12:07 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 12:07 - 2014-07-08 12:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 12:04 - 2014-07-08 12:04 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\bob marley\Downloads\mbam_premium.exe
2014-07-08 11:57 - 2014-07-08 11:57 - 00262144 _____ () C:\Windows\Minidump\070814-22744-01.dmp
2014-07-08 11:57 - 2011-04-05 00:24 - 00000000 ____D () C:\Windows\Minidump
2014-07-08 11:54 - 2012-07-22 01:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-04 11:46 - 2014-07-04 11:46 - 00291656 _____ () C:\Windows\Minidump\070414-26707-01.dmp
2014-07-03 11:12 - 2009-07-13 22:13 - 00729550 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 23:31 - 2014-07-02 23:30 - 00291800 _____ () C:\Windows\Minidump\070214-22370-01.dmp
2014-07-02 19:43 - 2011-04-04 22:28 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Malwarebytes
2014-07-02 19:43 - 2011-04-04 22:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 19:43 - 2011-04-04 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-29 02:33 - 2014-06-17 22:53 - 16798961 _____ () C:\Users\bob marley\Downloads\gpg4usb-0.3.3.zip
2014-06-28 23:49 - 2009-07-13 21:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 23:49 - 2009-07-13 21:45 - 00019456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 12:10 - 2014-06-26 12:09 - 00000000 ____D () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782
2014-06-26 12:09 - 2014-06-26 11:58 - 142481980 _____ () C:\Users\bob marley\Downloads\Bassnectar-NVSB_MP3_45782.zip
2014-06-18 10:08 - 2014-06-17 10:35 - 00001135 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-18 10:08 - 2014-06-17 10:35 - 00001135 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 23:37 - 2014-06-17 23:35 - 00000000 ____D () C:\Users\bob marley\Downloads\gpg4usb-0.3.3
2014-06-17 20:21 - 2014-06-17 20:05 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\SpyShelter
2014-06-17 20:11 - 2014-06-17 20:11 - 00000000 ____D () C:\ProgramData\Licenses
2014-06-17 20:05 - 2014-06-17 20:05 - 00001094 _____ () C:\Users\Public\Desktop\SpyShelter Firewall.lnk
2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyShelter
2014-06-17 20:05 - 2014-06-17 20:05 - 00000000 ____D () C:\Program Files (x86)\SpyShelter Firewall
2014-06-17 20:05 - 2014-06-17 20:03 - 09109656 _____ ( ) C:\Users\bob marley\Downloads\fwsetup.exe
2014-06-17 12:58 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\Documents\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00002044 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\WSOP.com.lnk
2014-06-17 12:02 - 2014-06-17 12:02 - 00002020 _____ () C:\Users\bob marley\Desktop\WSOP.com.lnk
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WSOP.com
2014-06-17 12:02 - 2014-06-17 12:02 - 00000000 ____D () C:\Program Files (x86)\WSOP.com
2014-06-17 12:02 - 2014-01-10 00:00 - 00002020 _____ () C:\Users\UpdatusUser\Desktop\WSOP.com.lnk
2014-06-17 12:02 - 2011-07-10 13:26 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-06-17 11:53 - 2014-06-17 11:53 - 00442008 _____ (Random-Logic) C:\Users\bob marley\Downloads\wsop.com.exe
2014-06-17 11:26 - 2013-12-28 12:57 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-06-17 11:26 - 2013-03-15 11:51 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-06-17 11:26 - 2011-04-04 22:19 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-06-17 11:26 - 2011-04-04 22:19 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-06-17 11:26 - 2011-04-04 22:19 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-17 11:25 - 2014-06-17 11:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-17 11:25 - 2014-06-17 11:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-06-17 11:25 - 2013-03-15 11:51 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-17 11:25 - 2012-07-22 01:36 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-06-17 11:25 - 2011-04-04 22:19 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-06-17 11:25 - 2011-04-04 22:19 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-06-17 11:18 - 2014-06-17 11:18 - 00001160 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-17 11:15 - 2014-06-17 11:15 - 00002450 _____ () C:\Users\bob marley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-17 10:36 - 2012-01-28 15:41 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Mozilla
2014-06-17 10:35 - 2014-06-17 10:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-17 10:35 - 2014-05-09 12:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 10:34 - 2014-06-17 10:33 - 00284224 _____ (Mozilla) C:\Users\bob marley\Downloads\Firefox Setup Stub 30.0.exe
2014-06-17 10:24 - 2014-06-17 10:24 - 00000000 ____D () C:\Program Files\003
2014-06-17 10:22 - 2014-06-17 10:22 - 00000000 ____D () C:\Users\bob marley\AppData\Local\globalUpdate
2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-12 20:23 - 2014-06-12 20:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-12 20:23 - 2013-10-26 10:18 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-12 20:23 - 2011-11-05 16:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-11 10:39 - 2014-06-11 10:39 - 00000000 ____D () C:\Users\bob marley\Desktop\Tor Browser2
2014-06-11 10:38 - 2014-06-11 10:37 - 27167987 _____ () C:\Users\bob marley\Downloads\torbrowser-install-3.6.2_en-US.exe
2014-06-10 01:13 - 2014-06-09 22:28 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\TS3Client
2014-06-09 22:28 - 2014-06-09 22:28 - 00001162 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2014-06-09 22:28 - 2014-06-09 22:28 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-06-09 22:26 - 2013-07-24 22:58 - 00000000 ____D () C:\Users\bob marley\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\bob marley\AppData\Local\Temp\BackupSetup.exe
C:\Users\bob marley\AppData\Local\Temp\GenericUninstall.exe
C:\Users\bob marley\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\bob marley\AppData\Local\Temp\i4jdel0.exe
C:\Users\bob marley\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\bob marley\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\bob marley\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\bob marley\AppData\Local\Temp\lowproc.exe
C:\Users\bob marley\AppData\Local\Temp\Nv3DVStreaming.dll
C:\Users\bob marley\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\bob marley\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\bob marley\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\bob marley\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\bob marley\AppData\Local\Temp\nvStInst.exe
C:\Users\bob marley\AppData\Local\Temp\optprosetup.exe
C:\Users\bob marley\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\bob marley\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\bob marley\AppData\Local\Temp\setup.exe
C:\Users\bob marley\AppData\Local\Temp\stubhelper.dll
C:\Users\bob marley\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\bob marley\AppData\Local\Temp\tbSwee.dll
C:\Users\bob marley\AppData\Local\Temp\uninstaller.exe
C:\Users\bob marley\AppData\Local\Temp\utt2582.tmp.exe
C:\Users\bob marley\AppData\Local\Temp\uttB6F7.tmp.exe
C:\Users\bob marley\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 00:10

==================== End Of Log ============================

 

 

 

 

 

 

And here is the Addition report:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01
Ran by bob marley at 2014-07-08 20:47:05
Running from C:\Users\bob marley\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Ableton Live 8 (HKLM-x32\...\{4941E15C-3C68-4FB7-B5A4-5061B92E9166}) (Version: 8.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
Beatport Downloader (HKLM-x32\...\com.beatport.BeatportDownloader) (Version: 1.4 - Beatport LLC)
Beatport Downloader (x32 Version: 1.4 - Beatport LLC) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
EnGenius 11n USB Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - EnGenius Technologies)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
EPSON Printer Finder (HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.16.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.2.0.21697 - Juniper Networks)
Juniper Networks Network Connect 7.2.0 (HKLM-x32\...\Juniper Network Connect 7.2.0) (Version: 7.2.0.21697 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Light Image Resizer 4.3.2.2 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.3.2.2 - ObviousIdea)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.07 - NVIDIA Corporation)
NVIDIA Control Panel 314.07 (Version: 314.07 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.07 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.22.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.22.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1407 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
SpyShelter Firewall 3.0 (HKLM\...\SpyshelterInternetSecurity_is1) (Version: 3.0 - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9492511E-2CE0-4904-9400-203F44E1DC0D}) (Version:  - Microsoft)
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
WSOP.com (HKLM-x32\...\WSOP.com) (Version:  - )

==================== Restore Points  =========================

23-06-2014 02:00:45 Windows Backup
30-06-2014 02:31:58 Windows Backup
07-07-2014 04:27:44 Windows Backup

==================== Hosts content: ==========================

2009-07-13 19:34 - 2012-12-07 13:47 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0384AED0-1421-4E6D-807A-629C06A00AFF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-08-13] ()
Task: {0A137D08-3D6E-4B59-828C-0AE8B99EAA6D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {0EA6C14F-4C44-4A0D-B401-B1AB0989B517} - System32\Tasks\{B9AC5CA2-68F7-4A0E-A646-8B11D359ED1A} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?LastError=1603
Task: {1E9F8E8D-17B6-47A6-8AD6-D8032D785849} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2679BDB8-5AA4-40A2-9468-38BF4DBDB939} - System32\Tasks\{003FA240-C956-4E65-8B25-03F9F343A6CD} => Firefox.exe http://ui.skype.com/ui/0/6.7.0.102/en/go/help.faq.installer?LastError=1603
Task: {499CA31E-4D31-4DC2-BFB6-9CE659311C83} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - bob marley => C:\Program Files (x86)\LTCM Client\ltcmClient.exe
Task: {4C2DBA64-B7F6-48A5-B466-5C1E0D889D90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-16] (Adobe Systems Incorporated)
Task: {69AD9D3A-9D64-41E6-A87C-4CA78E941D60} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-17] (AVAST Software)
Task: {7CC29E7C-3760-459F-BB6B-2312CEB402A8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8B385B10-4E34-48F1-B817-6F4A2754F681} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A0A05C13-6187-4687-B7E9-1E6CE6F00859} - System32\Tasks\AdobeAAMUpdater-1.0-bobmarley-PC-bob marley => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {B9EC63BD-58B3-42C5-B956-9B2FA7A2A33A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {CF472F80-CB89-42EC-96CE-1D2D8E36FA97} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-440041499-1871656134-578955171-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 23:19 - 2013-02-09 18:04 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-17 20:05 - 2014-02-13 12:09 - 05087584 _____ () C:\Program Files (x86)\SpyShelter Firewall\SpyShelter.exe
2014-06-17 20:05 - 2013-05-22 20:05 - 00537400 _____ () C:\Program Files (x86)\SpyShelter Firewall\RsltView.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:905844AA

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/08/2014 08:43:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xefc
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:42:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1194
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:40:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x398
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:38:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x3d8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:36:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xad0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:35:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xb44
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:34:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x12d8
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:33:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xb24
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:33:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x132c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/08/2014 08:17:29 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (07/08/2014 08:19:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/08/2014 08:19:23 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2014 08:14:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2014 08:14:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (07/08/2014 08:14:17 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (07/08/2014 08:14:16 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (12/06/2011 04:48:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 93995 seconds with 7320 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 4094.49 MB
Available physical RAM: 2343.57 MB
Total Pagefile: 8187.12 MB
Available Pagefile: 6271.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.91 GB) (Free:22.94 GB) NTFS
Drive e: (Seagate Expansion Drive) (Fixed) (Total:931.51 GB) (Free:371.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 932 GB) (Disk ID: A60E8A81)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

I have no idea what any of that data means so whoever is wiling to help me out there will be much positive energy and karma headed your direction.

 

Thank you to anyone who can help me with this problem.

 

Link to post
Share on other sites

Hello marley99 and :welcome:

Step 0

Please follow the instructions within the pinned topic What to do: Runtime error - database stuck on 2014.03.04 - program stopped.

If the above step fails to resolve your issue, continue at step1 below:

  • Please try the following and let us know if this corrects your issue: MBAM Clean Removal Process 2.x.
  • If that does not correct the issue, then please read the following and individually attach the 3 requested logs in a reply to this thread: Diagnostic Logs.
  • The 3 files, from Step 2, to be individually attached from your desktop are: 1) CheckResults.txt 2) FRST.txt 3) Addition.txt. Please do not Copy and Paste them into a reply.
  • NOTE: There is an FAQ section with valuable information located in Common Questions, Issues, and their Solutions.

If step 1 above has failed, and even though you Copy & Pasted logs in your original post, a fresh set of attached logs would be required for accurate troubleshooting.

Please let us know the status of your issue in a reply to this thread.

Thank You. :)

Link to post
Share on other sites

  • Root Admin

This is not an updating issue. The logs indicate that the computer is either currently infected or is damaged from a previous infection.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.

Thanks

Link to post
Share on other sites

Thank you 1PW step 1 worked out for me. i deleted the old program, restarted the computer, downloaded the new fresh one and it was good to go. Ran malwarebytes and had 4 registry keys and 38 files... Not letting the roommate use my PC anymore.

 

He dl'ed one of those resume builders and it must've been full of spyware.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.