My computer is running absolutely terrible. It freezes at virtually every single function i ask it to do. it can last from 5 seconds to 5 minutes and i want to break it so bad. i dont get any viruses with malwarebytes.

Facebook is the worst. i cant use it at all anymore. not sure what to do at this point and was hoping for some help

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Pentium(R) CPU G870 @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 3783 Mb
Graphics Card: Intel(R) HD Graphics, 1891 Mb
Hard Drives: C: Total - 459392 MB, Free - 161680 MB; D: Total - 16034 MB, Free - 1984 MB;
Motherboard: Hewlett-Packard, 2AE5
Antivirus: Windows Defender, Disabled

I am not currently on the PC pertaining to this inquiry. Therefore, no SysInfo log given yet.
I was just curious as to the latest news and/ or concerns with Softonic. I've often read about their parasitic ways but have yet to find any chatter about how to completely remove it once it's discovered.

Basic Info :
Softonic discovered and quarantined by recent run of Malwarebytes Free

Dell Desktop Pc
WIN 7 Home Premium (64)
2 users/ mostly Firefox (defaulted)
IE and Chrome installed as well

How concerned should I be about this ? No major issues other than PC being sluggish occasionally.

I will be back soon with SysInfo and MWB logs

Thank you in advance ! God Bless

I figured it out. When i temporarily disable Avast anti-virus the internet works. When i enable it again it doesn't. I don't know why, but i'll just go back to AVG and call it done :) Thanks

Welcome. :)

Lets run CHKDSK in the Recovery Environment.

Enter the System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.
• Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
  To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials...sc-create.html
  
  
  To enter System Recovery Options by using Windows installation disc:
• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.
• On the System Recovery Options menu you will get the following options:
• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt
• Select Command Prompt
  
  Once in the Command Prompt:
  
  
• Type in the following and press Enter.
  .
  

  bcdedit | find "osdevice"

  
  
• Note the osdevice partition letter, then type.
  
  

  CHKDSK X: /R

  
  
• Where X is the osdevice letter, and press Enter
• The tool will start to run.

Upon finished, type exit and press Enter. Restart the computer

Let us know if that helps.

I received an email from a known person last week but when I clicked on the link to access what I thought was a fax, it would not open. My Microsoft security alerted me that something had downloaded and I removed it but ever since I have been having problems with my computer. Today I tried to burn a disk after making a DVD and it told me there was a DLL initialization error.

Here is my system information:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 6126 Mb
Graphics Card: ATI Radeon HD 5450, 1024 Mb
Hard Drives: C: Total - 941285 MB, Free - 99550 MB; L: Total - 476268 MB, Free - 127400 MB;
Motherboard: Dell Inc., 0Y2MRG
Antivirus: Microsoft Security Essentials, Updated and Enabled

what issues are remaining?

I noticed it in FireFox and happened shortly after installing FileZilla. I changed browsers and its everywhere. Multiple pop ups and the search is sponsored by "SUPRIZE" Its a mess. Below is my System Info.

Thanks for your time.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 8
RAM: 12279 Mb
Graphics Card: AMD Radeon HD 6570, 1024 Mb
Hard Drives: C: Total - 942296 MB, Free - 669699 MB; D: Total - 11469 MB, Free - 1659 MB; E: Total - 953867 MB, Free - 953702 MB;
Motherboard: PEGATRON CORPORATION, TRUCKEE
Antivirus: Norton 360 Premier Edition, Updated and Enabled

Deb

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by joannriner (administrator) on G on 03-04-2015 17:07:46
Running from C:\Users\joannriner\Desktop
Loaded Profiles: joannriner (Available profiles: joannriner)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
() C:\Program Files\Clearwire\ClearStick\ClearStick.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [jswtrayutil] => "C:\Program Files\Jumpstart\jswtrayutil.exe"
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [505720 2008-06-02] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-05-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [ClearStick] => C:\Program Files\Clearwire\ClearStick\ClearStick.exe [63488 2012-01-10] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-3552375448-1525598448-3347412488-1000\...\MountPoints2: {387988d4-97bc-11e4-a52d-001d8883afa2} - E:\WinInit.exe -c
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdom...TSHB&bmod=TSHB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdom...TSHB&bmod=TSHB
HKU\S-1-5-21-3552375448-1525598448-3347412488-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3552375448-1525598448-3347412488-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP51
SearchScopes: HKLM -> DefaultScope {3F053D64-442C-40CE-853C-5FA82EA0BDEE} URL = http://www.google.com/search?sourcei...g}&rlz=1I7TSHB
SearchScopes: HKLM -> {3F053D64-442C-40CE-853C-5FA82EA0BDEE} URL = http://www.google.com/search?sourcei...g}&rlz=1I7TSHB
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> DefaultScope {3F053D64-442C-40CE-853C-5FA82EA0BDEE} URL =
SearchScopes: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> {14C36675-A2C1-488A-BC29-52840D8B1007} URL = http://www.bing.com/search?FORM=UP51...c=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> {6C1925D6-4DCA-469C-905E-07F65D97A837} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> {E5860DB7-59E8-417E-AF5A-FA0E0EA9B202} URL = https://www.google.com/search?q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-3552375448-1525598448-3347412488-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF ProfilePath: C:\Users\joannriner\Application Data\Mozilla\Firefox\Profiles\7chtgwsi.default
FF DefaultSearchEngine: Google
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-01-13] ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-15] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-16]
Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={goo gle:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassi fication}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}s ugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-03]
CHR Extension: (YouTube) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-03]
CHR Extension: (Google Sheets) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-25]
CHR Extension: (Google Wallet) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-03]
CHR Extension: (Gmail) - C:\Users\joannriner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-03]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [46392 2008-08-04] (TOSHIBA Corporation)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
S3 SVRPEDRV; C:\Windows\System32\sysprep\PEDrv.sys [9216 2008-01-18] (Inventec Corporation) [File not signed]
S3 IO_Memory; \??\C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-03 17:07 - 2015-04-03 17:08 - 00015288 _____ () C:\Users\joannriner\Desktop\FRST.txt
2015-04-03 17:07 - 2015-04-03 17:07 - 00000000 ____D () C:\FRST
2015-04-03 17:06 - 2015-04-03 17:06 - 01135104 _____ (Farbar) C:\Users\joannriner\Desktop\FRST.exe
2015-04-03 06:04 - 2015-04-03 16:55 - 00000000 ____D () C:\Users\joannriner\Documents\4 SALE
2015-04-01 10:31 - 2015-04-01 10:31 - 00001624 _____ () C:\Users\joannriner\AppData\Roaming\Microsoft\Windows\Start Menu\Problem Reports and Solutions.lnk
2015-03-31 01:48 - 2015-03-31 02:03 - 00000000 ____D () C:\Users\joannriner\Downloads\1
2015-03-25 14:13 - 2015-03-31 00:45 - 00000926 _____ () C:\Users\joannriner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-03-25 14:13 - 2015-03-25 14:13 - 00001747 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk
2015-03-25 13:30 - 2015-03-25 13:40 - 00001730 _____ () C:\Windows\wmsetup.log
2015-03-25 13:08 - 2015-03-25 13:08 - 00001878 _____ () C:\Users\joannriner\AppData\Roaming\Microsoft\Windows\Start Menu\Skype.lnk
2015-03-25 09:16 - 2015-03-25 09:16 - 00000000 ____D () C:\Users\joannriner\AppData\Local\Skype
2015-03-25 09:14 - 2015-03-25 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-25 09:14 - 2015-03-25 09:14 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-03-25 09:13 - 2015-03-25 09:14 - 00000000 ___RD () C:\Program Files\Skype
2015-03-25 09:11 - 2015-03-25 09:15 - 00000000 ____D () C:\ProgramData\Skype
2015-03-15 12:20 - 2015-01-28 18:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-15 12:19 - 2015-01-28 18:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-15 12:18 - 2015-02-25 17:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-15 12:10 - 2015-02-19 19:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-15 12:10 - 2015-02-19 17:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-15 12:09 - 2015-02-25 19:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-15 12:09 - 2015-02-25 19:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-15 12:09 - 2015-01-20 19:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-15 12:09 - 2015-01-08 19:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-15 12:09 - 2015-01-08 17:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-15 12:08 - 2015-03-05 21:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-15 12:07 - 2015-02-17 19:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-15 12:07 - 2014-10-12 18:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-15 11:49 - 2015-02-21 10:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-15 11:49 - 2015-02-21 10:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-15 11:49 - 2015-02-21 10:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-15 11:49 - 2015-02-21 10:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-15 11:49 - 2015-02-21 10:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-15 11:49 - 2015-02-21 10:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-15 11:49 - 2015-02-21 10:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-15 11:49 - 2015-02-21 10:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-15 11:49 - 2015-02-21 10:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-15 11:49 - 2015-02-21 10:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-15 11:49 - 2015-02-21 10:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-15 11:49 - 2015-02-21 10:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-15 11:49 - 2015-02-21 10:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-15 11:49 - 2015-02-21 10:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-15 11:49 - 2015-02-21 10:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-15 11:49 - 2015-02-21 10:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-15 11:49 - 2015-02-21 10:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-15 11:49 - 2015-02-21 10:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-15 11:49 - 2015-02-21 10:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-15 11:49 - 2015-02-21 10:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-15 11:49 - 2015-02-21 10:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-15 11:49 - 2015-02-21 10:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-03 16:46 - 2006-11-02 03:33 - 00775406 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 16:44 - 2009-04-21 08:51 - 01789350 _____ () C:\Windows\WindowsUpdate.log
2015-04-03 16:38 - 2015-02-03 10:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-03 16:38 - 2006-11-02 06:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 16:38 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 16:38 - 2006-11-02 05:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 06:52 - 2006-11-02 06:01 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-03 06:47 - 2006-11-02 05:52 - 00042734 _____ () C:\Windows\setupact.log
2015-04-03 06:41 - 2015-01-11 00:44 - 00000000 ___RD () C:\Users\joannriner\Pics
2015-04-03 06:26 - 2015-02-03 10:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-02 12:34 - 2015-01-13 23:10 - 00000000 ____D () C:\Users\joannriner\AppData\Local\Windows Live
2015-04-01 10:43 - 2015-01-17 12:26 - 00000000 ____D () C:\Program Files\AVS4YOU
2015-04-01 10:34 - 2015-01-10 23:34 - 00000000 ____D () C:\Users\joannriner\Documents\TOSHIBA SATELLITE L305
2015-03-31 00:54 - 2015-01-10 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-25 15:29 - 2009-06-16 11:34 - 00000000 ____D () C:\Users\joannriner
2015-03-25 14:13 - 2015-02-03 01:38 - 00000920 _____ () C:\Users\joannriner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-25 13:33 - 2015-01-10 15:12 - 00011639 _____ () C:\Windows\IE9_main.log
2015-03-25 13:32 - 2008-08-18 11:07 - 00000000 ___HD () C:\Windows\msdownld.tmp
2015-03-15 12:45 - 2015-01-08 21:19 - 00000000 ____D () C:\Program Files\Clearwire
2015-03-15 12:27 - 2006-11-02 05:47 - 00327856 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-15 12:20 - 2009-04-21 07:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-15 12:18 - 2014-08-03 03:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-15 12:12 - 2006-11-02 03:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
==================== Files in the root of some directories =======
2011-09-26 17:20 - 2011-09-26 17:20 - 0000680 ____R () C:\Users\joannriner\AppData\Local\d3d9caps.dat
2009-06-16 11:41 - 2015-01-08 21:13 - 0024576 ____R () C:\Users\joannriner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Some content of TEMP:
====================
C:\Users\joannriner\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\joannriner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\joannriner\AppData\Local\Temp\{FD8A884D-F71C-4DC0-9E66-4006480DD82D}-GoogleUpdateSetup.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-03 16:46
==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by joannriner at 2015-04-03 17:08:30
Running from C:\Users\joannriner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
AVS Media Player 4.2.3.106 (HKLM\...\AVS Media Player_is1) (Version: 4.2.3.106 - Online Media Technologies Ltd.)
AVS Video Converter 9.0 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 9.0.1.566 - Online Media Technologies Ltd.)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5599 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)
TOSHIBA Desktop Links (HKLM\...\{E1E56B8A-1AAF-422A-91DB-625059FB9863}) (Version: 1.7 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.31.14 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.08 - )
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA Corporation)
Toshiba Registration (HKLM\...\{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}) (Version: 1.00.0000 - Datalode Inc.)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 1.1.14 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.24 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================
21-02-2015 03:38:11 Scheduled Checkpoint
02-03-2015 01:46:25 Windows Update
15-03-2015 11:49:42 Windows Update
15-03-2015 12:02:44 Windows Update
15-03-2015 12:43:05 Removed CLEAR Connection Manager.
25-03-2015 08:43:52 Windows Update
25-03-2015 09:08:23 Windows Update
25-03-2015 15:19:17 Windows Update
25-03-2015 15:28:33 Device Driver Package Install: SAMSUNG Electronics Co., Ltd. Modems
25-03-2015 15:32:37 Windows Update
25-03-2015 15:34:09 Windows Update
25-03-2015 15:36:05 Windows Update
31-03-2015 01:34:36 Windows Update
02-04-2015 01:46:51 Scheduled Checkpoint
03-04-2015 06:45:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 03:23 - 2006-09-18 14:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1EACC0DB-3753-4FCD-B320-DCAA40C7C388} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {6364DB15-0EDF-4B18-BB8A-CB8A60D0CF93} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-03] (Google Inc.)
Task: {7484D088-DB07-46D7-ADE5-A0D21973F732} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {7AD457DD-B43E-47F3-95C8-2395F93DD1B3} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - joannriner => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-10] (Microsoft Corporation)
Task: {EF932D7E-2F8C-4B60-B13B-AFDEC4EE8348} - System32\Tasks\{1B4F7A1A-869F-4136-976E-8A3864A35561} => pcalua.exe -a "C:\Users\JOANNR~1\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HF32F5AN\wmp11-windowsxp-x64-enu.exe" -d C:\Users\joannriner\Desktop
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2008-03-06 10:14 - 2008-03-06 10:14 - 05121912 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2007-12-14 21:40 - 2007-12-14 21:40 - 00090112 _____ () C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2008-08-18 10:49 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 12:03 - 2007-12-25 12:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 11:57 - 2006-10-07 11:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 17:55 - 2006-12-01 17:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2015-01-08 22:20 - 2012-01-10 22:48 - 00063488 ____R () C:\Program Files\Clearwire\ClearStick\ClearStick.exe
2012-01-09 12:28 - 2012-01-09 12:28 - 00057856 ____R () C:\Program Files\Clearwire\ClearStick\ClearStickHandler.dll
2015-03-25 09:32 - 2015-03-14 03:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-25 09:32 - 2015-03-14 03:12 - 14974280 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dl l
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3552375448-1525598448-3347412488-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\joannriner\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.43.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== Accounts: =============================
Administrator (S-1-5-21-3552375448-1525598448-3347412488-500 - Administrator - Disabled)
Guest (S-1-5-21-3552375448-1525598448-3347412488-501 - Limited - Disabled)
joannriner (S-1-5-21-3552375448-1525598448-3347412488-1000 - Administrator - Enabled) => C:\Users\joannriner
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/03/2015 04:40:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/03/2015 06:36:50 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=41.0.2272.101;lang=;guid=9521A03BB1164FB2873EEBD40E6D89DF;is_machine=1; oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\872dc953-d972-469c-8067-0cd7e4ae0fa9.dmp
Error: (04/02/2015 08:12:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/02/2015 00:24:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2015 07:13:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2015 10:32:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/01/2015 08:09:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: bd8
Start Time: 01d06c8d6187c0aa
Termination Time: 125
Error: (04/01/2015 08:07:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/31/2015 01:57:17 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=41.0.2272.101;lang=;guid=9521A03BB1164FB2873EEBD40E6D89DF;is_machine=1; oop=1;upload=1;minidump=C:\Program Files\Google\CrashReports\b4f1283a-5101-4073-96f8-a38e285c3b61.dmp
Error: (03/31/2015 01:31:56 AM) (Source: ESENT) (EventID: 490) (User: )
Description: WinMail (2800) WindowsMail0: An attempt to open the file "C:\Users\joannriner\AppData\Local\Microsoft\Windows Mail\edb.log" for read / write access failed with system error 5 (0x00000005): "Access is denied. ". The open file operation will fail with error -1032 (0xfffffbf8).

System errors:
=============
Error: (04/03/2015 06:52:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}
Error: (04/02/2015 00:32:46 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.195.1215.0
Update Source: %NT AUTHORITY59
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (04/01/2015 10:31:37 AM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/01/2015 08:05:56 AM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (03/31/2015 00:55:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.195.282.0
Update Source: %NT AUTHORITY59
Update Stage: 4.7.0205.00
Source Path: 4.7.0205.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608
Error: (03/25/2015 03:40:04 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x800f020bSAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Modem{337EAFEF-DE38-4F7E-A7B8-F1E587A051BA}200
Error: (03/25/2015 03:36:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070103SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Modem{337EAFEF-DE38-4F7E-A7B8-F1E587A051BA}200
Error: (03/25/2015 03:34:08 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: 0x80070103SAMSUNG Electronics Co., Ltd. - Other hardware - SAMSUNG Mobile USB Modem{337EAFEF-DE38-4F7E-A7B8-F1E587A051BA}200
Error: (03/25/2015 02:00:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5
Error: (03/25/2015 02:00:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5

Microsoft Office Sessions:
=========================
Error: (05/09/2010 09:49:24 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2015-01-07 23:06:30.654
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-07 23:06:30.420
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-07 23:06:30.186
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-07 23:06:29.967
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-01-07 23:06:29.655
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Pentium(R) Dual CPU T3400 @ 2.16GHz
Percentage of memory in use: 62%
Total physical RAM: 1915.25 MB
Available physical RAM: 725.95 MB
Total Pagefile: 4075.79 MB
Available Pagefile: 2752.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.95 MB
==================== Drives ================================
Drive c: (SQ004816V03) (Fixed) (Total:140.34 GB) (Free:90.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 3FF3ADBC)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=140.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=7.2 GB) - (Type=17)
==================== End Of Log ============================

do you have the fixlog as well?

Also,

Please advise how the PC is running now and if there are any outstanding issues.

win 7 64 bit asus p5q se plus mb now getting small faint sound through creative sound speakers everytime i use my usb logitec mouse ever since i did a full format of hd no get these sounds where are they coming from. lnt2.sys is this right can someone advise thanks i move mouse over heading in browser chrome or ie11 make faint swoosh noise in right speaker. I muted all sound in sound mapper in windows any idea please advise thanks

FR.

Dear Techguys,

:confused:

Please can a specialist techguy help me remove a stubborn infection from the family computer?

We have remnants of the snapdo malware virus as well as the spigot virus that I just canot seem to rid from our family's computer;

I've run malwarebytes, remove the infection and so on, but when I later re-run malwarebytes there STILL are 5 objects that popup again on the next scan.

Here is the info on my system:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 4063 Mb
Graphics Card: ATI Mobility Radeon HD 4570, 512 Mb
Hard Drives: C: Total - 465400 MB, Free - 386328 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: Microsoft Security Essentials, Updated and Enabled.


I attach the log on the FIVE snapdo/spigot items that, accoording to malwarebytes, are on our family computer........

One Extra question: How can I prevent reinfection?

We are becoming frightened by the way these hideus things seem to infect our family laptop without warning or us knowingly doing anything to cause it.


Thanking you in anticipation.

Kind regards

Mike9inch

Attached Files

malwarebytes snapdo log 150404B.pdf (92.8 KB)

Techguys,

My Mother-in-law has been hacked as we believe that she clicked on a link in an e-mail that she received. Shortly thereafter she received a blue screen of death (approx 3/23/15). She called her internet provider who was able to get her back up and running. She asked me to look at it and I have she has more an additional user(s) under the section that shows you the permissions and administrators. Lenovo N585 Windows 7 Home Premium SP1.

I have run AVG virus scan and spybot to know avail I have found out she is in a homegroup with one of the computers named "xbox" Anyways over my head and I seek your help

Thanks for your help
Ron

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD E1-1200 APU with Radeon(tm) HD Graphics, AMD64 Family 20 Model 2 Stepping 0
Processor Count: 2
RAM: 3689 Mb
Graphics Card: AMD Radeon HD 7310M, 384 Mb
Hard Drives: C: Total - 258962 MB, Free - 213414 MB; D: Total - 26079 MB, Free - 24275 MB;
Motherboard: LENOVO, Lenovo IdeaPad N585
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled

My browser (IE11) keeps locking up and an error message pops up saying that a problem with the page requires IE to reload the page. I use AVG Anti-Virus (free version) and Windows Defender. Windows Defender keeps getting turned off, and the AVG Antivirus keeps prompting me to reboot to apply the latest definitions, although I already have. When running HijackThis, it reported that it was denied write access to my hosts file.

I did also receive a popup to reboot to fix errors on my hard drive. After doing so, I was able to save files to my hard drive which I could not do previously (within the last day) due to "file or directory is corrupt" errors. The browser lockups still occur however, so I am skeptical that hard drive errors were the cause of my problem, but if I were knowledgeable about such things I wouldn't be here :)

Any assistance you could provide would be greatly appreciated. Following are SysInfo and HijackThis logs .

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: AMD FX(tm)-4300 Quad-Core Processor, AMD64 Family 21 Model 2 Stepping 0
Processor Count: 4
RAM: 8162 Mb
Graphics Card: AMD Radeon HD 7700 Series, 1024 Mb
Hard Drives: C: Total - 953367 MB, Free - 851856 MB;
Motherboard: MSI, 970A-G46 (MS-7693)
Antivirus: Windows Defender, Disabled

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:20:00 AM, on 4/5/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)


Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.magicmicro.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid=%7B1F1...wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ArcPluginIEBHO - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Arc Service (ArcService) - Perfect World Entertainment Inc - C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DraftSight API Service - Dassault Systèmes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater18.1.10 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8319 bytes

I have noticed in the last couple of days that I have an extraordinary amount of ram being used. 1.9 - 1.95 out of 2 Gigs. The only new process I've noticed is naviga~1.exe and from what I've researched it's a ransomware virus. But I can't find any information about removing it. Attached a screenshot of my resource monitor. Any help would be greatly appreciated.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 2
RAM: 1995 Mb
Graphics Card: Intel(R) Q45/Q43 Express Chipset, 773 Mb
Hard Drives: C: Total - 76316 MB, Free - 30296 MB;
Motherboard: Dell Inc., 0M858N
Antivirus: Microsoft Security Essentials, Updated and Enabled

Attached Images

screens.png (120.4 KB)

I recently discovered hidden accounts within my accounts like, facebook, google+, yahoo, and such. I need help getting rid of whatever is running those. I'm not computer savvy, and need lots of help please!!

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Celeron(R) CPU B840 @ 1.90GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 3979 Mb
Graphics Card: Intel(R) HD Graphics, 1797 Mb
Hard Drives: C: Total - 280007 MB, Free - 159899 MB;
Motherboard: Hewlett-Packard, 17F3
Antivirus: Microsoft Security Essentials, Updated and Enabled

RogueKiller V10.5.8.0 [Mar 30 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : user [Administrator]
Started from : C:\Users\user\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/05/2015 12:25:08

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] E206E.exe(2920) -- C:\ProgramData\{fde390e2-0b63-4adf-fde3-390e20b64388}\E206E.exe[-] -> Killed [TermProc]
[Suspicious.Path] Rurouni Kenshin_ The Legend Ends English Subtitles.exe(3032) -- C:\ProgramData\{f801907e-2449-590d-f801-1907e24441f8}\Rurouni Kenshin_ The Legend Ends English Subtitles.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 12 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56508;https=127.0.0.1:56508 -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56508;https=127.0.0.1:56508 -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56508;https=127.0.0.1:56508 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:56508;https=127.0.0.1:56508 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideD esktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 2
RAM: 3892 Mb
Graphics Card: Intel(R) HD Graphics, 1722 Mb
Hard Drives: C: Total - 51200 MB, Free - 12034 MB; D: Total - 251992 MB, Free - 14380 MB;
Motherboard: FUJITSU, FJNBB06
Antivirus: Microsoft Security Essentials, Updated and Enabled

I ran an emsisoft emergency kit and it showed "settings disabled task manager and disabled registry tools"
I then put in to google "How to enable these settings" There were lots of answers, but most of them were for websites that had hidden charges and downloads. Can anyone point me in right direction to do this setting problem?

Hello!
About 3 weeks ago, after my nephew downloaded something on my computer, I started getting pop-up ads telling me that I had a virus and needed to call some number to get help getting it off the PC. I had never seen anything like it before, but I surmised it was a scam and that clicking on the ad would either infect the computer or lead to some lengthy spiel where I was asked for money. I got rid of it. I then ran Anti-Malware Bytes, AVG and TrendMicro, and each program returned a clean log. However, since then, every so often, the ad pops up again when I am visiting places that I KNOW are not infected. And today, I had a problem with Google Chrome where it suddenly would bring up bookmarks every time I hit the home button. I need to find out if there is something on this PC and get rid of it if there is. Can someone please help? Thanks in advance.

Here is my TSG log:
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 32 bit
Processor: AMD Athlon(tm) II X2 B24 Processor, x64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 3071 Mb
Graphics Card: ATI Radeon HD 4200, 368 Mb
Hard Drives: C: Total - 950654 MB, Free - 917567 MB;
Motherboard: Hewlett-Packard, 3047h
Antivirus: AVG AntiVirus Free Edition 2015, Updated and Enabled

Hi. I have a new system and I've decided I'm going to stay away from cracked software this time around.
I was a little hesitant but I've installed my old hdd into the new system as a backup drive. It still has the OS installed and a lot of cracked software on it. I plan on formatting the drive but had installed it to make some final backups. Is my new clean OS being compromised having the old hdd installed? Will formatting the drive rid the drive of any malware for good?
I guess I should probably scan my backups as well. What software would be recommended?

Hi,

I'm new to this website and am hoping for help with this issue with my gaming laptop.... Long story short, Norton wouldn't update, so I thought Norton was just stupid with errors because I tried so many things to get it to work with no luck. I ignored it for a good while, bought Starcraft 2 recently to play it, but noticed the game had so much trouble downloading the maps and would freeze my laptop completely a few times.... I pulled a ticket for a member of Blizzard's support team to help me, and they told me to remove my Malwarebytes and SuperAntiSpyware (since I had Norton) to see if it would help. It didn't help.... so I reinstalled Malwarebytes to find out that it wouldn't update, then I tried updating other stuff, nothing would update. I'm not very good at posting tech problems on forums, so if you ask me to provide logs or any files that might provide you with information to help me out, please explain it to me thoroughly, I can be a bit slow about those kinds of things. Also, I want to be cautious not to give out info that could jeopardize my safety... Thank you. Please ask for any details and we can talk about it. I'm on Windows 8.1.

Specs: http://www.msi.com/product/nb/GX70-3...-specification