Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

continuous loop [Solved]


  • This topic is locked This topic is locked

#1
jbcteacher

jbcteacher

    Member

  • Member
  • PipPipPip
  • 197 posts

Son's gaming pc going c

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by Justin (administrator) on JGAMINGCOMPUTER on 14-04-2015 21:26:30
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available profiles: Justin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-25] (Electronic Arts)
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\MountPoints2: {b703932e-92c3-11e4-8262-3863bbaab60d} - "F:\VerizonSWUpgradeAssistantLauncher.exe"
AppInit_DLLs-x32: d => "d" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1B537232-A5A2-4F4B-A112-81B10AAB3412} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKU\S-1-5-21-3181081214-4100868398-1530923957-1001 -> {1B537232-A5A2-4F4B-A112-81B10AAB3412} URL = http://www.amazon.co...ds={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-17] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-17] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-25] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-07]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2014-06-23] (CyberLink)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-10] (EasyAntiCheat Ltd)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-16] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3897856 2014-05-15] (Qualcomm Atheros Communications, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-24] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150410.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150412.002\ENG64.SYS [129752 2015-03-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150412.002\EX64.SYS [2137304 2015-03-25] (Symantec Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-16] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-02-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 21:26 - 2015-04-14 21:30 - 00022579 _____ () C:\Users\Justin\Desktop\FRST.txt
2015-04-14 21:23 - 2015-04-14 21:26 - 00000000 ____D () C:\FRST
2015-04-14 21:21 - 2015-04-14 21:22 - 02096640 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2015-04-14 17:52 - 2015-04-14 17:52 - 00007605 _____ () C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
2015-04-14 17:36 - 2015-04-14 21:13 - 00002793 _____ () C:\Windows\setupact.log
2015-04-14 17:36 - 2015-04-14 17:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-14 17:15 - 2015-04-14 21:25 - 00109038 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 05:54 - 2015-04-14 05:56 - 00000080 _____ () C:\Users\Justin\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-13 06:08 - 2015-04-13 20:12 - 00000000 ____D () C:\Users\Justin\AppData\Local\GrowHome
2015-04-12 17:25 - 2015-04-12 17:25 - 62649363 _____ () C:\Users\Justin\Desktop\MOds.zip
2015-04-12 16:16 - 2015-04-12 16:16 - 28627034 _____ () C:\Users\Justin\Downloads\Lift 9 by CDFDMAN.zip
2015-04-12 15:51 - 2015-04-12 15:51 - 16878946 _____ () C:\Users\Justin\Downloads\GazzaIsland[1.7.4].zip
2015-04-12 15:28 - 2015-04-12 15:28 - 03091838 _____ () C:\Users\Justin\Downloads\Cops and Robbers 4.5 - High Security [By Podcrash].zip
2015-04-11 17:20 - 2015-04-14 21:09 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Notepad++
2015-04-11 17:20 - 2015-04-14 21:09 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-11 16:44 - 2015-04-11 17:09 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\.mcRPW
2015-04-11 16:44 - 2015-04-11 16:44 - 03597399 _____ () C:\Users\Justin\Downloads\RPW-LATEST.jar
2015-04-11 14:28 - 2015-04-11 14:29 - 51064840 _____ () C:\Users\Justin\Downloads\D2 PACKAGE - UNZIP THIS FIRST (1).zip
2015-04-11 14:24 - 2015-04-11 14:24 - 00000000 ____D () C:\Users\Justin\Downloads\D2 PACKAGE - UNZIP THIS FIRST
2015-04-11 14:23 - 2015-04-11 14:24 - 51064840 _____ () C:\Users\Justin\Downloads\D2 PACKAGE - UNZIP THIS FIRST.zip
2015-04-10 19:28 - 2015-04-11 17:41 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Audacity
2015-04-10 17:30 - 2015-04-10 17:30 - 10802262 _____ () C:\Users\Justin\Downloads\Breakable 2 by CDFDMAN.zip
2015-04-10 17:19 - 2015-04-10 17:19 - 01195992 _____ () C:\Users\Justin\Downloads\The Day Before Christmas.zip
2015-04-10 17:10 - 2015-04-10 17:10 - 03464973 _____ () C:\Users\Justin\Downloads\Sleepless Nights, by GoC.rar
2015-04-10 17:00 - 2015-04-10 17:00 - 00262601 _____ () C:\Users\Justin\Downloads\One Way Prison Escape 2.zip
2015-04-10 16:49 - 2015-04-10 16:49 - 00333921 _____ () C:\Users\Justin\Downloads\Test _11232.zip
2015-04-08 16:32 - 2015-04-08 16:32 - 00000222 _____ () C:\Users\Justin\Desktop\Grand Theft Auto V.url
2015-04-08 16:32 - 2015-04-08 16:32 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-08 06:43 - 2015-04-08 06:43 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-04-06 20:02 - 2015-04-14 21:10 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-06 20:02 - 2015-04-14 21:08 - 00000000 ____D () C:\Users\Justin\AppData\Local\Google
2015-04-06 20:01 - 2015-04-06 20:02 - 00000000 ____D () C:\Users\Justin\AppData\Local\Deployment
2015-04-06 20:01 - 2015-04-06 20:01 - 00000000 ____D () C:\Users\Justin\AppData\Local\Apps\2.0
2015-04-05 12:40 - 2015-04-12 17:22 - 00000000 ____D () C:\Users\Justin\Desktop\MOds
2015-04-05 10:44 - 2015-04-05 10:44 - 36914207 _____ (Igor Pavlov) C:\Users\Justin\Downloads\mcedit2-2.0.0-alpha1-win-amd64.exe
2015-04-05 10:44 - 2015-04-05 10:44 - 00000000 ____D () C:\Users\Justin\Downloads\mcedit2-2.0.0-alpha1-win-amd64
2015-04-05 10:44 - 2015-04-05 10:44 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Python-Eggs
2015-04-04 19:28 - 2015-04-04 19:28 - 03401621 _____ () C:\Users\Justin\Downloads\forge-1.8-11.14.1.1333-installer.jar
2015-04-04 19:19 - 2015-04-04 19:19 - 03443226 _____ () C:\Users\Justin\Downloads\forge-1.8-11.14.1.1354-installer.jar
2015-04-04 18:42 - 2015-04-04 18:42 - 37151149 _____ () C:\Users\Justin\Downloads\MC1.7.10_mcheli_0.9.3.zip
2015-04-04 17:21 - 2015-04-04 17:21 - 03047295 _____ () C:\Users\Justin\Downloads\forge-1.7.10-10.13.1.1216-new-installer (1).jar
2015-04-04 17:20 - 2015-04-04 17:20 - 03047295 _____ () C:\Users\Justin\Downloads\forge-1.7.10-10.13.1.1216-new-installer.jar
2015-04-04 17:14 - 2015-04-04 17:14 - 01769757 _____ () C:\Users\Justin\Downloads\fml-1.8-8.0.20.1023-1.8-installer.jar
2015-04-04 17:01 - 2015-04-04 17:04 - 468940286 _____ () C:\Users\Justin\Downloads\Greenfield v0.4.6.zip
2015-04-04 16:37 - 2013-08-13 11:42 - 00000000 ____D () C:\Users\Justin\Downloads\Minecraft_Server - Avalon Port
2015-03-25 06:22 - 2015-03-10 22:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 06:22 - 2015-03-10 18:08 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-25 06:22 - 2015-03-10 18:08 - 00943104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 06:22 - 2015-03-10 18:08 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 06:22 - 2015-03-10 18:08 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 06:22 - 2015-03-10 18:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 06:22 - 2015-03-10 18:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 06:16 - 2015-03-24 06:17 - 00000000 ____D () C:\Users\Justin\Desktop\New folder
2015-03-23 19:38 - 2015-03-23 19:40 - 00779759 _____ () C:\Users\Justin\Downloads\Swimwear_set_v1.0.zip
2015-03-23 19:25 - 2015-01-24 22:19 - 00000000 ____D () C:\Users\Justin\Downloads\7
2015-03-23 19:25 - 2015-01-24 22:19 - 00000000 ____D () C:\Users\Justin\Downloads\6
2015-03-23 19:25 - 2015-01-24 22:19 - 00000000 ____D () C:\Users\Justin\Downloads\5
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\4
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\3
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\2
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\1
2015-03-23 19:24 - 2015-03-23 19:26 - 00000000 ____D () C:\Users\Justin\Downloads\Odejda
2015-03-23 19:24 - 2015-01-29 21:43 - 05403096 _____ () C:\Users\Justin\Downloads\Balmain.rar
2015-03-23 19:21 - 2015-03-23 19:21 - 20320320 _____ () C:\Users\Justin\Downloads\Set_of_Clothes_v1.0.rar
2015-03-23 18:28 - 2015-03-23 18:28 - 00000000 ____D () C:\Users\Justin\Downloads\Big_Clothing_Pack_v1.0
2015-03-23 17:52 - 2015-03-23 17:52 - 50144315 _____ () C:\Users\Justin\Downloads\Big_Clothing_Pack_v1.0.rar
2015-03-23 17:39 - 2015-03-23 17:39 - 09285759 _____ () C:\Users\Justin\Downloads\Clothing_Pack_for_Female_v1.0.rar
2015-03-22 16:18 - 2015-03-22 16:18 - 00426081 _____ () C:\Users\Justin\Downloads\NRaas_Career_V86.zip
2015-03-22 16:04 - 2015-03-22 16:04 - 00005297 _____ () C:\Users\Justin\Downloads\MTS_nesleyswipes_1482840_StringsProWrestlingEnglish.rar
2015-03-22 13:57 - 2015-03-22 13:57 - 00000000 ____D () C:\Users\Justin\AppData\Local\Microsoft Help
2015-03-22 10:27 - 2015-03-22 11:50 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Tropico 5
2015-03-22 10:25 - 2015-03-22 10:25 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Kalypso Media
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\WinRAR
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 08:56 - 2015-03-22 08:57 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-20 16:41 - 2015-03-20 16:41 - 00000000 ____D () C:\ProgramData\EA Core
2015-03-16 16:31 - 2015-03-20 16:44 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\SPORE
2015-03-16 16:31 - 2015-03-16 16:31 - 00000000 ____D () C:\Users\Justin\Documents\My Spore Creations
2015-03-16 16:30 - 2015-03-16 16:30 - 00000000 __RHD () C:\Users\Justin\AppData\Roaming\SecuROM

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 21:32 - 2014-12-27 16:32 - 00000000 ____D () C:\Users\Justin\AppData\Local\CrashDumps
2015-04-14 21:20 - 2015-03-13 07:22 - 00003184 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
2015-04-14 21:20 - 2015-03-13 07:22 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
2015-04-14 21:16 - 2015-03-10 19:11 - 00005006 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JGAMINGCOMPUTER-Justin JGamingcomputer
2015-04-14 21:16 - 2014-12-25 17:33 - 00000000 ____D () C:\Users\Justin\OneDrive
2015-04-14 21:16 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-14 21:15 - 2014-12-25 17:32 - 00000000 ____D () C:\Users\Justin\Documents\Youcam
2015-04-14 21:14 - 2014-12-25 17:29 - 00000000 ____D () C:\Users\Justin
2015-04-14 21:13 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 21:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 21:00 - 2014-12-25 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 16:17 - 2014-12-25 20:01 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E2BEC5-97D6-40F4-9C46-8BC4012CDAB7}
2015-04-14 05:57 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-14 05:52 - 2014-12-25 17:36 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3181081214-4100868398-1530923957-1001
2015-04-13 05:58 - 2015-02-24 17:47 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-04-13 05:58 - 2015-02-24 17:47 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-04-13 05:57 - 2015-02-24 17:47 - 00002467 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-04-13 05:57 - 2015-02-24 17:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-04-12 18:16 - 2014-12-25 20:12 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\.minecraft
2015-04-11 22:29 - 2015-02-25 20:56 - 00000000 ____D () C:\ProgramData\Origin
2015-04-10 16:55 - 2014-12-26 18:59 - 00000000 ____D () C:\Fraps
2015-04-10 16:49 - 2014-12-26 12:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-09 14:59 - 2015-02-25 20:56 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-07 21:04 - 2014-08-26 05:56 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-05 09:51 - 2015-01-10 15:59 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\.mono
2015-04-04 17:53 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-28 17:32 - 2015-02-28 17:37 - 00000000 ____D () C:\Users\Justin\Documents\Electronic Arts
2015-03-28 17:32 - 2015-02-28 17:37 - 00000000 ____D () C:\Users\Justin\Desktop\The Sims 3
2015-03-26 16:45 - 2014-12-28 22:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-26 16:45 - 2014-12-28 22:20 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 20:55 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-22 14:00 - 2014-12-25 17:30 - 00000000 ____D () C:\Users\Justin\AppData\Local\Packages
2015-03-17 17:13 - 2015-01-16 12:13 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJGAMINGCOMPUTER$
2015-03-17 17:13 - 2015-01-16 12:13 - 00000396 _____ () C:\Windows\Tasks\HPCeeScheduleForJGAMINGCOMPUTER$.job
2015-03-17 06:52 - 2015-03-10 19:07 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-03-15 12:47 - 2014-03-18 05:53 - 00958356 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-04-14 17:52 - 2015-04-14 17:52 - 0007605 _____ () C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
2015-02-24 17:46 - 2015-02-24 17:46 - 0274187 _____ () C:\ProgramData\1424814279.bdinstall.bin

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-08 17:33

==================== End Of Log ============================

 


  • 0

Advertisements


#2
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
Son's computer continuously in a flashing loop. Very difficult to do anything on it. It took me several hours to get farbar downloaded and get it to run. Was able to see from task manager that there are lots of service host process running as well as thumbnail handler extraction host files. Not sure what this is. Never seen anything like it.

Edited by jbcteacher, 14 April 2015 - 07:50 PM.

  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi jbcteacher -

 

Is this a desktop or laptop?

 

Please follow the instructions below.

 

Step#1 - Start in Safe Mode

1. Right-click your Start button and click on Run.

2. Type msconfig in the Open box and click OK.

3. Click the second tab which is the Boot tab.

4. Click the Safe boot checkbox and click OK.

5. You will be prompted to Restart your machine. Click the Restart button.

 

 

Does the problem you describe happen once your machine reboots in Safe Mode? Could you also try to describe exactly what is happening again? Thanks.

 

 

 

Items for your next post

1. Is Desktop or Laptop?

2. Do you have the issue in Safe Mode?

3. Can you try to describe in more detail what is happening?


  • 0

#4
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
It's an hp envy laptop. I cannot access the start button.

The machine keeps flashing as if a process is starting, looks like it's constantly refreshing.. We are unable to get to the control manager. If it is timed correctly, I was able to open an Internet explorer tab to do fabar, but being able to cut and past took forever. We can open task manager. 146 processes in the background, can't stop any of them, I'm sure that number would grow if I let it.

Many of them were service host processes and thumbnail handler processes. I can take a video of it.

The machine cannot be used in its current state.

Edited by jbcteacher, 16 April 2015 - 04:18 AM.

  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem. Try the following instead then.

 

1. Hit CTRL-ALT-DEL on your keyboard.

2. Click Task Manager

3. Click More Details at the bottom of the screen.

4. Click the File menu and choose Run new task.

5. Type msconfig and click OK.

6. Click the second tab which is the Boot tab.

7. Click the Safe boot checkbox and click OK.

8. You will be prompted to Restart your machine. Click the Restart button.

 

 

Does the problem you describe happen once your machine reboots in Safe Mode?


  • 0

#6
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
The computer does not going to continuous loop in the safe mode. It doesn't appear that I can get a wireless connection or access the Internet though. Sorry if that is dumb...
  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

The computer does not going to continuous loop in the safe mode.

 

Good News.

 

It doesn't appear that I can get a wireless connection or access the Internet though.

 

That's expected. I needed to see if the issue stopped in Safe Mode.

 

Sorry if that is dumb...

 

Not at all.

 

OK please do the following.

 

Step#1 - Start in Safe Mode with Networking

1. Right-click your Start button and click on Run.

2. Type msconfig in the Open box and click OK.

3. Click the second tab which is the Boot tab.

4. Click the Safe boot checkbox (which is likely already checked) and then click the Network radio button beneath this. Click OK.

5. You will be prompted to Restart your machine. Click the Restart button.

 

You should have networking ability once it reboots so you should be able to get on the internet. Let me know if this is the case and then we'll get you cleaned up.


  • 0

#8
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Brian thank you that worked!  ttys... :-)

 

What was the problem?


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

We're not done yet. All we did was boot your computer bypassing everything except the most basic drivers and some networking. Let's see if we can clean the machine up and figure out what's causing your issue. You don't want to run in Safe Mode as many things won't work and it leaves you unsecure.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   424bytes   31 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Thanks.


  • 0

#10
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Hi again.  FRST64 wasn't hyperlinked... the one I used the other day?  and I do this in safe mode, right?


Edited by jbcteacher, 16 April 2015 - 05:46 PM.

  • 0

Advertisements


#11
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

I assumed I was being stupid and followed your steps.  ;-0

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by Justin at 2015-04-16 19:48:13 Run:1
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available profiles: Justin)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
AppInit_DLLs-x32: d => "d" File Not Found
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
EmptyTemp:
*****************

C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe => No running process found
"d" => Value Data removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\InstallerLauncher => value deleted successfully.
EmptyTemp: => Removed 287.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 19:50:21 ====


  • 0

#12
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Perfect, thanks. That's exactly what we needed.

 

Now let me know if your computer boots normally or if the issue comes back. This will narrow down what we need to do.

 

Step#1 - Boot Normally

1. Right-click your Start button and click on Run.

2. Type msconfig in the Open box and click OK.

3. Click the second tab which is the Boot tab.

4. Unclick the Safe boot checkbox. Click OK.

5. You will be prompted to Restart your machine. Click the Restart button.


  • 0

#13
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
It's back in its continuous flashing loop.

Edited by jbcteacher, 16 April 2015 - 06:02 PM.

  • 0

#14
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Cool. I at least know how to approach this now.

 

Let me know when you are in Safe Mode again.

 

1. Hit CTRL-ALT-DEL on your keyboard.

2. Click Task Manager

3. Click More Details at the bottom of the screen.

4. Click the File menu and choose Run new task.

5. Type msconfig and click OK.

6. Click the second tab which is the Boot tab.

7. Click the Safe boot checkbox and click OK.

8. You will be prompted to Restart your machine. Click the Restart button.


  • 0

#15
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
In sAfe mode with networking.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP