My desktop restarts everytime I open any browser

[greenmonster14]

Hi there,

Within the past week I have unfortunately noticed that my computer is restarting every single time I open any browser. I'm not quite sure how I might have received a virus. I am fairly certain that's what the issue is. The problem is I can't access the internet to download the necessary programs for me to run what is necessary to post here. Please advise how to go about this situation. I can always access my laptop computer to download programs which are essential in knocking this out.

Thanks in advance!

[kevinf80]

Hello and welcome to Malwarebytes.org

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

 

Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.

Choose Settings. at the bottom of the screen click the

"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

 

Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

 

Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.

NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

 

Next,

 

Follow the instructions in the following link to show hidden files:

 

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

 

Next,

 

Please open Malwarebytes Anti-Malware.

 

• 
  

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
A Threat Scan will begin.
With some infections, you may see this message box.
 
        'Could not load DDA driver'
 
Click 'Yes' to this message, to allow the driver to load after a restart.
Allow the computer to restart. Continue with the rest of these instructions.
When the scan is complete, click Apply Actions.
Wait for the prompt to restart the computer to appear, then click on Yes.
After the restart once you are back at your desktop, open MBAM once more.

 

To get the log from Malwarebytes do the following:

 

• 
  

Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export > From export you have three options:
 
  Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

 

If Malwarebytes is not installed follow these instructions first:

 

Download Malwarebytes Anti-Malware to your desktop.

• 
  

Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish. Follow the instructions above....

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in your reply....

 

Thank you,

 

Kevin...

[greenmonster14]

Hello,

Thanks for your quick reply. I can't access the internet at all to change my browser settings or download programs. As soon as I open Firefox or Chrome, my entire system restarts. Also, I ran the scan on Malwarebytes on my system and it came up with nothing detected. However,I did not have root kits checked. I appreciate your time. Please help!

Thanks

[kevinf80]

Do you have spare PC to d/l tools and transfer to sick PC? if so do the following:

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 

• 
  

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 

• 
  

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to USB stick transfer to desktop of sick PC.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• 
  

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Transfer logs and post...

[greenmonster14]

Thanks!

 

Here are the requested logs.

 

Farbar Service Scanner Version: 17-01-2015
Ran by Jonathan (administrator) on 17-05-2015 at 13:49:18
Running from "F:\SICK PC FILES\SICK PC"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Jonathan (administrator) on UPSTAIRS-PC on 17-05-2015 13:51:36
Running from F:\SICK PC FILES\SICK PC
Loaded Profiles: Jonathan (Available profiles: Jonathan & Stephanie & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(ITknowledge24.com) C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe
(Spotify Ltd) C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Python Software Foundation) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
(Farbar) F:\SICK PC FILES\SICK PC\FSS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [bCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [wdsmgr] => C:\Program Files\ITknowledge24\Windows Defender Status Manager\wdsmgr.exe [164352 2015-02-22] (ITknowledge24.com)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\Run: [spotify Web Helper] => C:\Users\Jonathan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-17] (Spotify Ltd)
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\Run: [Plex Media Server] => C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe [4566664 2014-06-16] (Plex, Inc.)
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\Run: [cdloader] => C:\Users\Jonathan\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: J - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {28d6b5ce-e9c2-11e4-8013-002197cc200c} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {5fa9dee8-c3f3-11e3-bb7f-806e6f6e6963} - E:\PNY_CD.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {8f1f3f8f-f95f-11e4-a083-002197cc200c} - J:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {96d02850-39a0-11e4-a081-002197cc200c} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {96d02a7f-39a0-11e4-a081-002197cc200c} - J:\autorun.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {a26deb22-e737-11e3-b2fb-002197cc200c} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {d8551b28-c5b6-11e3-b056-002197cc200c} - J:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\MountPoints2: {daba2631-6fdd-11e4-80eb-002197cc200c} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-463834288-2980442526-995921081-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
HKU\S-1-5-21-463834288-2980442526-995921081-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-10-25] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-10-25] (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-04-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-04-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1214154.dll [2014-11-07] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: Forecastfox - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2014-04-14]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-13]
FF Extension: Ghostery - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default\Extensions\firefox@ghostery.com.xpi [2014-04-14]
FF Extension: Email This! Bookmarklet Extension - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default\Extensions\gmailthis@lazyrussian.com.xpi [2014-04-14]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2014-04-14]
FF Extension: Flagfox - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-14]
FF Extension: Adblock Plus - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\bhhp4l5m.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-14]

Chrome:
=======
CHR HomePage: Default -> hxxp://hsrd.yahoo.com/_ylt=Aoj7A3PpvBsN5FqfpzoTm6ubvZx4/RV=1/RE=1388423074/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cDovL3d3dy55YWhvby5jb20v/RS=%5EADANb4fWoTNsIdSrh_QGw8IRrPMscU-
CHR StartupUrls: Default -> "https://www.yahoo.com/"
CHR Profile: C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Vivienne Westwood) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahhehaklopgggapefjdijagkgbgeapkb [2014-04-14]
CHR Extension: (Angry Birds) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-04-14]
CHR Extension: (Google Docs) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (PriceTrace: 1-click price comparison shopping) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgbgpopadobnohcmpnbalneeccobfgd [2014-04-14]
CHR Extension: (Please enter your password) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-04-14]
CHR Extension: (YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Adblock Plus) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-14]
CHR Extension: (AdBlock+) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmimgmjdabgiilljdjfbonifbhiglao [2014-04-14]
CHR Extension: (Google Search) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Flag for Chrome) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbpojpfdiliekbbiplijcphappgcgjfn [2014-04-14]
CHR Extension: (Tampermonkey) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-04-14]
CHR Extension: (Timer) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edebbhkhcaafmolanelponjjanocpacd [2014-04-14]
CHR Extension: (AdBlock) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-14]
CHR Extension: (Music Video Lyrics for YouTube) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbegdicajmjmehcembhmpijdfdofobbh [2014-11-15]
CHR Extension: (Chrome to Mobile) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd [2014-04-14]
CHR Extension: (Desktop Wallpaper Tooltip) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iehjagmekelocghcldjolleiolfkobge [2014-04-14]
CHR Extension: (Forecastfox) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg [2014-04-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Google Mail Checker) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2014-04-14]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-04-14]
CHR Extension: (Send from Gmail (by Google)) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2014-04-14]
CHR Extension: (Weather Underground) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2014-04-14]
CHR Extension: (Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
CHR Extension: (Send Link by Email or Gmail) - C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\plcgkgghkdfgfhiidfjkhmainebgmklf [2014-07-09]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-12] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 13:51 - 2015-05-17 13:51 - 00000000 ____D () C:\FRST
2015-05-17 13:50 - 2015-05-17 13:50 - 00002230 _____ () C:\Users\Jonathan\Desktop\FSS.txt
2015-05-13 03:43 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 21:51 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 21:51 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-12 21:51 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 21:51 - 2015-04-27 12:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 21:51 - 2015-04-27 12:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 21:51 - 2015-04-27 12:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 21:51 - 2015-04-27 12:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 21:51 - 2015-04-27 12:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 21:51 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 21:51 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 21:51 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 21:51 - 2015-04-27 12:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 21:51 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 21:51 - 2015-04-27 12:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 21:51 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 21:51 - 2015-04-27 12:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 21:51 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 21:51 - 2015-04-27 12:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 21:51 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 21:51 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 21:51 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 21:51 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 21:51 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 21:51 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 21:51 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 21:51 - 2015-04-27 11:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 21:51 - 2015-04-21 10:58 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 11030016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 06032896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 02088448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 01267712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00428544 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-05-12 21:51 - 2015-04-21 10:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-05-12 21:51 - 2015-04-21 10:56 - 01466368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:51 - 2015-04-21 10:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:51 - 2015-04-21 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-12 21:51 - 2015-04-21 10:56 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-12 21:51 - 2015-04-21 10:29 - 00386560 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:51 - 2015-04-21 10:11 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:51 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 21:51 - 2015-04-19 19:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 21:51 - 2015-04-19 19:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 21:51 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 21:51 - 2015-04-12 20:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 21:51 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 21:51 - 2015-04-07 20:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 21:51 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 21:51 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 21:51 - 2015-03-03 21:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 21:51 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 21:51 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 21:51 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 07:34 - 2015-05-12 07:34 - 16664474 _____ () C:\Users\Stephanie\Downloads\Final(1)
2015-05-12 07:34 - 2015-05-12 07:34 - 16664474 _____ () C:\Users\Stephanie\Downloads\Final
2015-04-25 08:34 - 2015-04-25 08:35 - 00000000 ____D () C:\Users\Jonathan\.apk lg g2
2015-04-25 08:29 - 2015-04-25 08:30 - 00000000 ____D () C:\Users\Jonathan\Desktop\.apk lg g2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 13:52 - 2010-11-20 14:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 13:27 - 2015-03-25 19:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 13:07 - 2014-12-10 20:51 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 10:41 - 2009-07-13 21:34 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 10:41 - 2009-07-13 21:34 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 10:36 - 2014-04-14 09:42 - 01430006 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 10:34 - 2014-07-07 23:34 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-17 10:34 - 2014-04-15 01:50 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-17 10:33 - 2014-12-10 20:51 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 10:33 - 2014-11-15 15:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-17 10:33 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 10:33 - 2009-07-13 21:39 - 00046141 _____ () C:\Windows\setupact.log
2015-05-17 10:32 - 2014-10-25 10:05 - 00001099 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-17 10:32 - 2014-04-15 01:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-17 10:32 - 2014-04-15 01:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-05-17 09:12 - 2014-05-01 19:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-14 22:03 - 2014-12-10 20:53 - 00002168 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 03:01 - 2011-04-11 19:24 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 04:52 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2015-05-13 04:17 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 04:03 - 2014-04-15 15:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 04:03 - 2009-07-13 21:33 - 00408064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 04:00 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 03:44 - 2014-04-15 10:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 03:36 - 2014-04-14 23:54 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 03:19 - 2014-04-14 23:54 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 03:09 - 2014-04-15 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 16:47 - 2014-04-16 14:30 - 00000000 ____D () C:\Users\Stephanie\Documents\Outlook Files
2015-05-03 19:35 - 2014-04-20 16:46 - 00000000 ____D () C:\Users\Public\Stephanie Galaxy S4 Pics
2015-04-26 17:57 - 2014-04-15 01:46 - 00000000 ____D () C:\Program Files\PeerBlock
2015-04-26 17:57 - 2014-04-15 01:43 - 00000000 ____D () C:\Users\Jonathan\AppData\Roaming\BitTorrent
2015-04-26 17:17 - 2014-04-18 16:48 - 00000000 ____D () C:\Users\Jonathan\Documents\completed torrents
2015-04-25 20:11 - 2014-05-08 19:45 - 00000000 ____D () C:\Users\Jonathan\AppData\Local\BearShare
2015-04-25 20:10 - 2014-05-08 19:46 - 00004608 _____ () C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-25 08:34 - 2014-04-14 09:48 - 00000000 ____D () C:\Users\Jonathan
2015-04-22 16:36 - 2015-02-07 17:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-04-18 20:31 - 2014-04-20 16:45 - 00000000 ____D () C:\Users\Public\Jonathan Lg G2 Pics

==================== Files in the root of some directories =======

2014-05-08 19:46 - 2015-04-25 20:10 - 0004608 _____ () C:\Users\Jonathan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-15 09:05 - 2013-11-16 01:58 - 0009216 _____ () C:\Users\Jonathan\AppData\Local\Z@!-4831113b-0e51-453b-a63d-35f86a811959.tmp
2014-04-15 09:05 - 2013-11-16 01:58 - 0009216 _____ () C:\Users\Jonathan\AppData\Local\Z@!-788bc2bb-d386-4c37-b590-eed5b892478f.tmp
2014-04-15 21:43 - 2014-04-15 21:43 - 0000048 ___SH () C:\ProgramData\.zreglib

Some content of TEMP:
====================
C:\Users\Jonathan\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jonathan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jonathan\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Jonathan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jonathan\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Jonathan\AppData\Local\Temp\nvStInst.exe
C:\Users\Stephanie\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 00:44

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by Jonathan at 2015-05-17 13:52:42
Running from F:\SICK PC FILES\SICK PC
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-463834288-2980442526-995921081-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-463834288-2980442526-995921081-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-463834288-2980442526-995921081-1004 - Limited - Enabled)
Jonathan (S-1-5-21-463834288-2980442526-995921081-1000 - Administrator - Enabled) => C:\Users\Jonathan
Stephanie (S-1-5-21-463834288-2980442526-995921081-1003 - Administrator - Enabled) => C:\Users\Stephanie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BearShare (HKLM\...\BearShare) (Version: 12.0.0.134600 - Musiclab, LLC)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BitTorrent (HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
calibre (HKLM\...\{48C84341-E4F7-42EC-BED5-7A5CAA3291F5}) (Version: 1.33.0 - Kovid Goyal)
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1912 - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version:  - )
magicJack (HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Firefox 35.0.1 (x86 en-US) (HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plex Media Server (HKLM\...\{320e1eaa-7462-4b47-af2c-1539ff68bfa5}) (Version: 0.9.912 - Plex, Inc.)
Plex Media Server (Version: 0.9.912 - Plex, Inc.) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
Secure Download Manager (HKLM\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-463834288-2980442526-995921081-1000\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-463834288-2980442526-995921081-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-463834288-2980442526-995921081-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-463834288-2980442526-995921081-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-463834288-2980442526-995921081-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Jonathan\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================

21-04-2015 04:39:29 Windows Update
28-04-2015 02:27:59 Windows Update
05-05-2015 02:29:09 Windows Update
08-05-2015 05:56:51 Windows Update
12-05-2015 00:03:14 Windows Update
13-05-2015 03:01:03 Windows Update
14-05-2015 03:00:20 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0CD0D9CE-B180-4AC7-830F-0B8D2F76523E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {885C9B88-F8FF-4692-AFB5-884D7177498E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BA44F592-FADE-4391-8186-EE6D79E5560E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-10] (Google Inc.)
Task: {CC6864C4-7AF0-4A9A-A9CF-D5272730F41C} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D5820A3B-2583-4F4E-91A9-96AD348C6427} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {EC15E911-34E4-40E9-B848-4F2B3BE858F6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {EEA84B87-B314-4EBE-87E3-145B44A3312B} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {F3CE6285-0D0B-4196-82D3-F94B42370656} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F5347027-7D28-4006-8AB4-C28C94849E18} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-15 15:40 - 2015-02-05 11:27 - 00108864 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\sugo3l3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00073352 _____ () C:\Program Files\Plex\Plex Media Server\zlib.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00195720 _____ () C:\Program Files\Plex\Plex Media Server\libidn.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00840840 _____ () C:\Program Files\Plex\Plex Media Server\libxml2.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00051848 _____ () C:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00089224 _____ () C:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-06-16 16:41 - 2014-06-16 16:41 - 07605400 _____ () C:\Program Files\Plex\Plex Media Server\avcodec-54.dll
2014-06-16 16:41 - 2014-06-16 16:41 - 00202392 _____ () C:\Program Files\Plex\Plex Media Server\avutil-52.dll
2014-06-16 16:41 - 2014-06-16 16:41 - 01453720 _____ () C:\Program Files\Plex\Plex Media Server\avformat-54.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00352920 _____ () C:\Program Files\Plex\Plex Media Server\swscale-2.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00507528 _____ () C:\Program Files\Plex\Plex Media Server\tag.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 08495240 _____ () C:\Program Files\Plex\Plex Media Server\WebKit.dll
2014-06-16 16:41 - 2014-06-16 16:41 - 00952968 _____ () C:\Program Files\Plex\Plex Media Server\CFLite.dll
2014-06-16 16:41 - 2014-06-16 16:41 - 01291400 _____ () C:\Program Files\Plex\Plex Media Server\JavaScriptCore.dll
2014-06-16 16:41 - 2014-06-16 16:41 - 01038984 _____ () C:\Program Files\Plex\Plex Media Server\cairo.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00073352 _____ () C:\Program Files\Plex\Plex Media Server\zlib1.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00045192 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00028808 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00019080 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00035976 _____ () C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00836744 _____ () C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00062600 _____ () C:\Program Files\Plex\Plex Media Server\libexslt.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00166024 _____ () C:\Program Files\Plex\Plex Media Server\libxslt.dll
2014-06-16 16:42 - 2014-06-16 16:42 - 00192648 _____ () C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00016520 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00056456 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00018056 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00044680 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00083080 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00111752 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-06-16 16:42 - 2014-06-16 16:42 - 00692360 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-463834288-2980442526-995921081-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{D6DE5017-BB8E-467B-BEA2-F571043F26FF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DEB507A2-7A25-4A5A-ADA3-EF64169CBBFA}] => (Allow) C:\Users\Jonathan\Downloads\bittorrent.exe
FirewallRules: [{2670A0EE-4B36-4377-9C94-9891A9591DFE}] => (Allow) C:\Users\Jonathan\Downloads\bittorrent.exe
FirewallRules: [{F98A45D7-41AE-424C-8395-14C068D22E00}] => (Allow) C:\Users\Jonathan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{18C0B2B4-55ED-4BAC-92FF-9851FDBB90D8}] => (Allow) C:\Users\Jonathan\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{333EB0DF-39D1-4F85-9A20-02E7FC968454}C:\users\jonathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jonathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [uDP Query User{552F588B-13D8-4D6A-AEC1-2E1E11E53169}C:\users\jonathan\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jonathan\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A6EE0A32-143A-4E55-AED6-C90C146E134B}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{C7A24CF2-B702-48BA-A3D2-ABEE44A8027F}] => (Allow) C:\Program Files\BearShare Applications\BearShare\BearShare.exe
FirewallRules: [{C0D7BF6C-1C02-4161-B07F-37565485107F}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{7ECC14DD-9528-4541-A1BE-242D576C0AED}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{4EB272BA-3D1F-420F-8211-A17498E55675}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{12B68F0A-9904-4D99-A8DF-671BCECF2690}C:\program files\printhand\paconsole.exe] => (Allow) C:\program files\printhand\paconsole.exe
FirewallRules: [uDP Query User{C488235C-8C1C-45E6-AEA7-842FEBD6E2CE}C:\program files\printhand\paconsole.exe] => (Allow) C:\program files\printhand\paconsole.exe
FirewallRules: [TCP Query User{EBA3B69F-2289-41BE-8C20-AB8C9BA55FE5}C:\users\jonathan\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\jonathan\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [uDP Query User{8DC59A2E-2D8E-495A-BE01-16DC3EFB5F92}C:\users\jonathan\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\jonathan\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{A831C3DB-7E17-44C9-B2B3-D3989978D335}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6E5D6A27-EB59-48B6-A808-CC688E9228D7}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4FBA7668-E2CC-4CA1-A0E0-18699AC76B25}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{2BB66B45-197D-41B1-BB2B-311B549A7DB6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DC4AF1F3-8EC7-4B74-8133-0BC4E0C4E36E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48100F92-CFFE-4AD0-8338-C5EB20A750AE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8E946983-4CD4-49DC-BAE4-087311EC7582}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2015 10:35:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 10:23:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 10:00:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 09:11:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: Upstairs-PC)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/13/2015 04:04:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 03:37:05 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x800706be

Error: (05/13/2015 03:37:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.0.30319.34209, time stamp: 0x5348947f
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
Exception code: 0xc0000005
Fault offset: 0x000096a2
Faulting process id: 0x%9
Faulting application start time: 0xmscorsvw.exe0
Faulting application path: mscorsvw.exe1
Faulting module path: mscorsvw.exe2
Report Id: mscorsvw.exe3

Error: (05/13/2015 03:37:04 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (71EDFB1E) (80131506)

Error: (05/13/2015 03:37:02 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x800706be

Error: (05/13/2015 03:37:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mscorsvw.exe, version: 4.0.30319.34209, time stamp: 0x5348947f
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a121fa
Exception code: 0xc0000005
Fault offset: 0x0001cc34
Faulting process id: 0x%9
Faulting application start time: 0xmscorsvw.exe0
Faulting application path: mscorsvw.exe1
Faulting module path: mscorsvw.exe2
Report Id: mscorsvw.exe3


System errors:
=============
Error: (05/17/2015 10:21:52 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:19:20 AM on ‎5/‎17/‎2015 was unexpected.

Error: (05/17/2015 09:58:40 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:56:47 AM on ‎5/‎17/‎2015 was unexpected.

Error: (05/13/2015 03:10:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80080005: Security Update for Windows 7 (KB3046002).

Error: (05/13/2015 03:10:17 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (05/07/2015 07:46:04 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:43:55 PM on ‎5/‎7/‎2015 was unexpected.

Error: (05/07/2015 07:33:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:31:58 PM on ‎5/‎7/‎2015 was unexpected.

Error: (04/22/2015 09:14:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:12:42 PM on ‎4/‎22/‎2015 was unexpected.

Error: (04/22/2015 09:10:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:22:22 PM on ‎4/‎22/‎2015 was unexpected.

Error: (04/17/2015 01:13:55 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
%%1056

Error: (04/17/2015 01:11:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (05/17/2015 10:35:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 10:23:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 10:00:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/17/2015 09:11:33 AM) (Source: MsiInstaller) (EventID: 1024) (User: Upstairs-PC)
Description: Adobe Reader XI (11.0.10){AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/13/2015 04:04:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/13/2015 03:37:05 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x800706be
PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (05/13/2015 03:37:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mscorsvw.exe4.0.30319.342095348947fmscorwks.dll2.0.50727.548553a121fac0000005000096a2

Error: (05/13/2015 03:37:04 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (71EDFB1E) (80131506)

Error: (05/13/2015 03:37:02 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x800706be
PresentationCore, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35

Error: (05/13/2015 03:37:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mscorsvw.exe4.0.30319.342095348947fmscorwks.dll2.0.50727.548553a121fac00000050001cc34


==================== Memory info ===========================

Processor: Genuine Intel® CPU 2140 @ 1.60GHz
Percentage of memory in use: 47%
Total physical RAM: 2047.37 MB
Available physical RAM: 1071.25 MB
Total Pagefile: 4094.73 MB
Available Pagefile: 2829.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1881.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:800.64 GB) NTFS
Drive f: (USB20FD) (Removable) (Total:15.22 GB) (Free:4.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 0C7450E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 15.2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15.2 GB) - (Type=0C)

==================== End Of Log ============================

 

 

THANKS!

[kevinf80]

FSS log indicates your connection is good, I do not see any obvious malware or infection in your logs...

 

Right click on the internet icon on system tray (next to clock) select "Troubleshoot Problems" what information do you get?

[greenmonster14]

It asks if im trying to reach a specific website or folder on a network or it asks if im having a different problem....it says that it verified i was able to access some websites

[kevinf80]

Yep that is the standard reply to a confirmed connection,  Select start, type or copy/paste iexplore /extoff into the search box, tap enter. Does Internet Explorer start?

[greenmonster14]

weird....i never use internet explorer and an outdater version ie7? seems to work.....

[greenmonster14]

I just uninstalled firefox and chrome and will reinstall to see if that makes a difference....

[kevinf80]

Ok, close Internet Explorer down, now select start, type or copy/paste firefox.exe -safe-mode into the search box, tap enter. Does Firefox load?

[greenmonster14]

odd.....firefox and chrome both seem to work now.....im not crazy....i swear it was screwing up for like a week.....

[kevinf80]

Do you have any remaining issues or concerns? how do want to progress?

[AdvancedSetup]

Are you still with us?

This topic will be closed soon if we do not hear back from you.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!