Possible Malware

In my Windows XP computer, My Firefox keeps freezing.  When I am attempting to list an item on ebay, and I try to load images it will not accept the image.  When I go to other sights, like Geek Police for example, Firefox freezes.  I opened Internet Explorer and was able to use it for a few things, but when I attempted to download Chrome, Internet Explorer stopped working.  After shutting it down, I reopened Explorer, but the home page which was supposed to be ebay, was completely different, and when I clicked on a typical link I normally use withing ebay, I got error messages stating that website did not exist, and there was a list of Yahoo sites to go to instead.

I updated my Malwarebytes, but it shows no malware present.  All my spyware programs show nothing is present.

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer. 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Did this problem start recently? Did you add any new programs or equipment to the computer?

Please download AdwareCleaner onto your Desktop. AdwCleaner

Before starting AdwCleaner, close all open programs and internet browsers, then double-click on the AdwCleaner icon.



If Windows prompts you as to whether or not you wish to run AdwCleaner, please allow it to run.
When the AdwCleaner program will open, click on the Scan button as shown below.



AdwCleaner will now start to search for malicious files that may be installed on your computer.
To remove the files that were detected in the previous step, please click on the Clean button.



AdwCleaner will now prompt you to save any open files or data as the program will need to reboot the computer. Please do so and then click on the OK button. AdwCleaner will now delete all detected adware from your computer. When it is done it will display an alert that explains what PUPs (Potentially Unwanted Programs) and Adware are. Please read through this information and then press the OK button. You will now be presented with an alert that states AdwCleaner needs to reboot your computer.
Please click on the OK button to allow AdwCleaner reboot your computer.A log will be produced. Please copy and paste this log in your next reply.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• It should update automatically if the computer is connected to the internet.
  
• Click on Threat Scan and click on Scan Now.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete make sure all the infections have "quarantine" selected in the Action box.
  
• Click on "Apply actions" You may be asked to Restart your computer to completely remove the infections.
  
• When disinfection is completed you can click on "Copy to Clipboard".
  
• Paste the log in you next reply (CTRL+ V)
  

*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Security Check

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Thank you for your response.  The problem started a few days ago.  I contacted ATT because I thought there was a service issue and was informed ATT was working on a service outage.  But, after a few days of continued problems with Firefox and then Internet Explorer, I contacted ATT again and was told the service outage had been corrected within hours of my first call.  It appears I was having a malware issue all along and not a service provider issue. 

I already have MBAM installed, and last night I upgraded to a seven day free trial of their Premium service.  Should I still I reinstall MBAM?

I installed AdwCleaner, which shows to now be Malwarebytes AdwCleaner.  Below is the copy of the log file.

# AdwCleaner v6.047 - Logfile created 16/06/2017 at 17:10:10
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Teressa - PROSPERITY
# Running from : C:\Documents and Settings\Teressa\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Viewpoint
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[-] Folder deleted: C:\Documents and Settings\All Users\Application Data\avg web tuneup
[-] Folder deleted: C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[-] Folder deleted: C:\Program Files\AVG Security Toolbar
[-] Folder deleted: C:\Program Files\Viewpoint
[-] Folder deleted: C:\Program Files\avg web tuneup
[-] Folder deleted: C:\Program Files\Auslogics
[-] Folder deleted: C:\Program Files\Common Files\AVG Secure Search
[-] Folder deleted: C:\Program Files\Common Files\Viewpoint


***** [ Files ] *****

[-] File deleted: C:\END
[-] File deleted: C:\Program Files\Mozilla Firefox\avg-secure-search.xml
[-] File deleted: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File deleted: C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files\Mozilla Firefox\avg-secure-search.xml
[#] File deleted: C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[#] File deleted: C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[#] File deleted: C:\Program Files\Mozilla Firefox\avg-secure-search.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key deleted: HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.BrowserWndAPI
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.BrowserWndAPI.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.PugiObj
[-] Key deleted: HKLM\SOFTWARE\Classes\Search.PugiObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key deleted: HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMERemoteCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList
[-] Key deleted: HKLM\SOFTWARE\Classes\YPUBC.StringList.1
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YTHelper.2
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand
[-] Key deleted: HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
[-] Key deleted: HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton
[-] Key deleted: HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
[-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
[-] Key deleted: HKU\.DEFAULT\Software\AVG Security Toolbar
[-] Key deleted: HKU\.DEFAULT\Software\Viewpoint
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\IGS
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Viewpoint
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\YahooPartnerToolbar
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-500\Software\Viewpoint
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-500\Software\Yahoo\Companion
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Security Toolbar
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Viewpoint
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\IGS
[#] Key deleted on reboot: HKCU\Software\Viewpoint
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\Yahoo\YFriendsBar
[-] Key deleted: HKLM\SOFTWARE\AVG Tuneup
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\Internet Explorer\SearchScopes\{21820558-B6E6-4AFC-B488-A8EDD44A1804}
[-] Key deleted: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{21820558-B6E6-4AFC-B488-A8EDD44A1804}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\yt.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
[-] Value deleted: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[#] Value deleted on reboot: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [17605 Bytes] - [16/06/2017 17:10:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [17092 Bytes] - [16/06/2017 15:17:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [16959 Bytes] - [16/06/2017 15:50:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [17033 Bytes] - [16/06/2017 15:54:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [17107 Bytes] - [16/06/2017 16:52:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [17975 Bytes] ##########

I contacted ATT because I thought there was a service issue and was informed ATT was working on a service outage. 

What is ATT? Is this your Internet Service Provider?

Should I still I reinstall MBAM?

That should not be necessary. Please post the other logs when you get them.

Yes, ATT is AT@T, my internet service provider.  I attempted to get the Malwarebytes from the link you provided, however, I received an alert that stated I was running an old version of Windows, and that I needed to make sure I updated to Windows XP Service Pack 2.  I thought I did have Windows XP Service Pack 2.  Last Night I upgraded my Malwarebytes to a seven day premium trial, so since I couldn't get the other Malwarebytes to load, I am using the Malwarebytes I upgraded last night.  During the Malwarebytes scan, AVG has popped up alerting me that Malwarebytes is a Trojan Horse Flooder MLZ.exe.  Does this mean the Malwarebytes I am using is infected?

I am still running Malwarebytes, and have not allowed AVG to remove Malwarebytes.

Last Night after loading the Malwarebytes Premium Trial, I used it on my PC and it did not detect anything.  I went into Safe Mode, and it found PupOptional.installcore and quarantined it.

Tonight I ran the scan (not in safe mode), and below is the report.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/16/17
Scan Time: 6:54 PM
Log File: MBam.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2166
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: PROSPERITY\Teressa

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389127
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 hr, 6 min, 50 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

JRT Log Files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Microsoft Windows XP x86
Ran by Teressa (Administrator) on Sat 06/17/2017 at  6:21:10.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 24

Successfully deleted: C:\Documents and Settings\Teressa\Application Data\viewpoint (Folder)
Successfully deleted: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage (File)
Successfully deleted: C:\Documents and Settings\Teressa\Local Settings\Application Data\viewpoint (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3W5JQLI1 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\I5NTNTTF (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MD1B8ZQ9 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNZDYQWA (Temporary Internet Files Folder)
Successfully deleted: C:\Program Files\GUT12.tmp (File)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3W5JQLI1 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\I5NTNTTF (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MD1B8ZQ9 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YNZDYQWA (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\REN78.tmp (File)
Successfully deleted: C:\WINDOWS\System32\REN79.tmp (File)
Successfully deleted: C:\WINDOWS\System32\REN7A.tmp (File)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/17/2017 at  6:44:21.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Results from Security Check,

 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 2000 Service Pack 3 x86  
 Out of date service pack!!
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 AVG 2016    
 AVG     
 AVG Web TuneUp   
 AVG Protection    
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware Free Edition  
 Spybot - Search & Destroy 1.2
 AVG Web TuneUp  
 CCleaner    
 Adobe Flash Player     26.0.0.126 
 Adobe Reader XI 
 Mozilla Firefox (52.2.0)
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 59% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

I reactivated virus protection.  Still having a hard time with using browser.  Attempted to load pictures into a listing on ebay as a test, and it would not load.  Also I noted that since all the tests my memory is excessively low.

In an earlier post, you stated storage devices can get infected.  My PC has an external hard drive connected through a USB port.  My external hard drive contains important files.  Are these scans also searching for Malware in my attached external hard drive?

What should I do next?

Please defrag your hard drive and report back when that is completed. If you need help with this, please let me know.

Performed the defrag.  Tested Firefox, still hangs and will not allow me to load an image into a listing.  Checked Internet Explorer and when I type in any website address, like Ebay, I get an error message that states, "Internet Explorer cannot display the webpage", and a link to diagnose  connection problems.  I did not click on the link.

Run the Diagnostic for IE. Download a new version of FF. Uninstall and re-install FF.

This is the diagnostic report for IE,

Last diagnostic run time: 06/19/17 17:09:25 HTTP, HTTPS, FTP Diagnostic
[table style= border="1" width="640"]
[tr][td]HTTP, HTTPS, FTP connectivity

info	HTTP: Successfully connected to www.microsoft.com.
warn	HTTPS: Error 12157 connecting to www.microsoft.com: An error occurred in the secure channel support
warn	HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn	FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn	FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
error	Could not make an HTTPS connection.
error	Could not make an FTP connection.
info	Redirecting user to support call

[/td]
[/tr]
[/table]
DNS Client Diagnostic
[table style= border="1" width="640"]
[tr][td]DNS - Not a home user scenario

info	Using Web Proxy: no
info	Resolving name ok for (www.microsoft.com): yes

No DNS servers


DNS failure

[/td]
[/tr]
[/table]
Gateway Diagnostic
[table style= border="1" width="640"]
[tr][td]Gateway

info	The following proxy configuration is being used by IE: Automatically Detect Settings:Disabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info	This computer has the following default gateway entry(ies): 192.168.1.254
info	This computer has the following IP address(es): 192.168.1.248
info	The default gateway is in the same subnet as this computer
info	The default gateway entry is a valid unicast address
info	The default gateway address was resolved via ARP in 1 try(ies)
info	The default gateway was reached via ICMP Ping in 1 try(ies)
info	TCP port 80 on host 184.31.141.166 was successfully reached
info	The Internet host www.microsoft.com was successfully reached
info	The default gateway is OK

[/td]
[/tr]
[/table]
IP Layer Diagnostic
[table style= border="1" width="640"]
[tr][td]Corrupted IP routing table

info	The default route is valid
info	The loopback route is valid
info	The local host route is valid
info	The local subnet route is valid

Invalid ARP cache entries

action

The ARP cache has been flushed

[/td]
[/tr]
[/table]
IP Configuration Diagnostic
[table style= border="1" width="640"]
[tr][td]Invalid IP address

info	Valid IP address detected: 192.168.1.248

[/td]
[/tr]
[/table]
Wireless Diagnostic
[table style= border="1" width="640"]
[tr][td]Wireless - Service disabled


Wireless - User SSID


Wireless - First time setup


Wireless - Radio off


Wireless - Out of range


Wireless - Hardware issue


Wireless - Novice user


Wireless - Ad-hoc network


Wireless - Less preferred


Wireless - 802.1x enabled


Wireless - Configuration mismatch


Wireless - Low SNR

[/td]
[/tr]
[/table]
WinSock Diagnostic
[table style= border="1" width="640"]
[tr][td]WinSock status

info	All base service provider entries are present in the Winsock catalog.
info	The Winsock Service provider chains are valid.
info	Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info	Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info	Provider entry RSVP UDP Service Provider passed the loopback communication test.
info	Provider entry RSVP TCP Service Provider passed the loopback communication test.
info	Connectivity is valid for all Winsock service providers.

[/td]
[/tr]
[/table]
Network Adapter Diagnostic
[table style= border="1" width="640"]
[tr][td]Network location detection

info	Using home Internet connection

Network adapter identification

info	Network connection: Name=Local Area Connection, Device=Intel(R) PRO/100 VE Network Connection, MediaType=LAN, SubMediaType=LAN
info	Ethernet connection selected

Network adapter status

info	Network connection status: Connected

[/td]
[/tr]
[/table]
HTTP, HTTPS, FTP Diagnostic
[table style= border="1" width="640"]
[tr][td]HTTP, HTTPS, FTP connectivity

warn	FTP (Passive): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
warn	HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn	HTTPS: Error 12157 connecting to www.microsoft.com: An error occurred in the secure channel support
info	HTTP: Successfully connected to www.microsoft.com.
warn	FTP (Active): Error 12029 connecting to ftp.microsoft.com: A connection with the server could not be established
error	Could not make an HTTPS connection.
error	Could not make an FTP connection.

[/td]
[/tr]
[/table]

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
  
  
• Report IE Proxy Settings
  
  
• Reset IE Proxy Settings
  
  
• List content of Hosts
  
  
• List IP Configuration
  
  
• Lst Last 10 Event Viewer Errors
  
  
• List Users, Partitions and Memory Size
  
  

Click Go and copy/paste the log (Result.txt) into your next post.

This is the MiniToolBox log,

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Teressa (administrator) on 20-06-2017 at 02:38:30
Running from "C:\Documents and Settings\Teressa\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Model: Dimension 4600i Manufacturer: Dell Computer Corporation
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Intel(R) PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration        
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : Prosperity

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Broadcast

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : attlocal.net



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : attlocal.net

        Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-0C-F1-8C-7D-78

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.248

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : Monday, June 19, 2017 5:56:24 PM

        Lease Expires . . . . . . . . . . : Tuesday, June 20, 2017 5:56:24 PM

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    google.com
Address:  172.217.6.142



Pinging google.com [216.58.218.174] with 32 bytes of data:



Reply from 216.58.218.174: bytes=32 time=30ms TTL=53

Reply from 216.58.218.174: bytes=32 time=25ms TTL=53



Ping statistics for 216.58.218.174:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 25ms, Maximum = 30ms, Average = 27ms

Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.180.149



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=67ms TTL=47

Reply from 98.138.253.109: bytes=32 time=62ms TTL=47



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 62ms, Maximum = 67ms, Average = 64ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c f1 8c 7d 78 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254   192.168.1.248      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.1.0    255.255.255.0    192.168.1.248   192.168.1.248      20
    192.168.1.248  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255    192.168.1.248   192.168.1.248      20
        224.0.0.0        240.0.0.0    192.168.1.248   192.168.1.248      20
  255.255.255.255  255.255.255.255    192.168.1.248   192.168.1.248      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/19/2017 04:32:33 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [firefox.exe!ws!]

Error: (06/17/2017 07:36:42 AM) (Source: Application Error) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]

Error: (06/17/2017 07:22:58 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:51:44 AM) (Source: Application Error) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:15:30 AM) (Source: Application Error) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a9fd6.
Processing media-specific event for [mbam.exe!ws!]

Error: (06/16/2017 03:55:21 PM) (Source: Application Error) (User: )
Description: Faulting application adwcleaner.exe, version 6.0.4.7, faulting module adwcleaner.exe, version 6.0.4.7, fault address 0x000211de.
Processing media-specific event for [adwcleaner.exe!ws!]

Error: (06/16/2017 03:52:32 PM) (Source: Application Error) (User: )
Description: Faulting application adwcleaner.exe, version 6.0.4.7, faulting module adwcleaner.exe, version 6.0.4.7, fault address 0x000211de.
Processing media-specific event for [adwcleaner.exe!ws!]

Error: (06/16/2017 03:46:08 PM) (Source: Application Error) (User: )
Description: Faulting application adwcleaner.exe, version 6.0.4.7, faulting module adwcleaner.exe, version 6.0.4.7, fault address 0x000211de.
Processing media-specific event for [adwcleaner.exe!ws!]

Error: (06/16/2017 02:00:50 PM) (Source: Application Error) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]

Error: (06/16/2017 12:37:52 AM) (Source: Application Error) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]


System errors:
=============
Error: (06/19/2017 05:56:56 PM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/19/2017 05:33:49 PM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/19/2017 03:32:24 AM) (Source: Service Control Manager) (User: )
Description: The StarOpen service failed to start due to the following error:
%%2 = The system cannot find the file specified.


Error: (06/18/2017 04:19:14 PM) (Source: Service Control Manager) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.


Microsoft Office Sessions:
=========================
Error: (06/19/2017 04:32:33 PM) (Source: Application Error)(User: )
Description: firefox.exe52.2.0.6367mozglue.dll52.2.0.63670000f3c5

Error: (06/17/2017 07:36:42 AM) (Source: Application Error)(User: )
Description: mbamtray.exe3.0.0.1068mbamtray.exe3.0.0.10680008a378

Error: (06/17/2017 07:22:58 AM) (Source: Application Error)(User: )
Description: plugin-container.exe52.2.0.6367mozglue.dll52.2.0.63670000f3c5

Error: (06/17/2017 06:51:44 AM) (Source: Application Error)(User: )
Description: plugin-container.exe52.2.0.6367mozglue.dll52.2.0.63670000f3c5

Error: (06/17/2017 06:15:30 AM) (Source: Application Error)(User: )
Description: mbam.exe3.0.0.1068qt5core.dll5.6.2.0001a9fd6

Error: (06/16/2017 03:55:21 PM) (Source: Application Error)(User: )
Description: adwcleaner.exe6.0.4.7adwcleaner.exe6.0.4.7000211de

Error: (06/16/2017 03:52:32 PM) (Source: Application Error)(User: )
Description: adwcleaner.exe6.0.4.7adwcleaner.exe6.0.4.7000211de

Error: (06/16/2017 03:46:08 PM) (Source: Application Error)(User: )
Description: adwcleaner.exe6.0.4.7adwcleaner.exe6.0.4.7000211de

Error: (06/16/2017 02:00:50 PM) (Source: Application Error)(User: )
Description: mbamtray.exe3.0.0.1068mbamtray.exe3.0.0.10680008a378

Error: (06/16/2017 12:37:52 AM) (Source: Application Error)(User: )
Description: mbamtray.exe3.0.0.1068mbamtray.exe3.0.0.10680008a378


========================= Memory info: ===================================

Percentage of memory in use: 69%
Total physical RAM: 2558.98 MB
Available physical RAM: 768.62 MB
Total Virtual: 3173.42 MB
Available Virtual: 1363.9 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:74.46 GB) (Free:26 GB) NTFS
5 Drive h: (MAR) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
7 Drive l: (My Book) (Fixed) (Total:930.86 GB) (Free:456.66 GB) NTFS

========================= Users: ========================================

User accounts for \\PROSPERITY

Administrator            ASPNET                   Guest                   
HelpAssistant            SUPPORT_388945a0         SUPPORT_3f151ab9        
Teressa                 


**** End of log ****

I provided the requested log in the above post.  I removed and reinstalled Firefox, this did not help.  I reset Firefox, this did not help.  I tried some different troubleshooting techniques within Firefox, to check extensions, etc..  What I noted is that the only extension I find is Microsoft.net frame assistant could not be verified for us in Firefox and has been disabled.  It shows it has not been updated since 2011, so I am not sure exactly when it was disabled.  Not sure if that presents a problem or not.  What I have found so far in the troubleshooting tests is that when I turn off hardware acceleration, I can load images in ebay, and I can log into Geek Police.  I attempted to see if there was an upgrade for my graphics driver, but apparently since this is to be done through Windows, I have to use IE, which is unusable at this time.

I am also running XP and I have found that IE is also very unstable. That is why I use FF and Chrome. Could you please try Chrome to see how that works for you? In the meantime, I will consult a colleague concerning this matter.

I tried Chrome, and I was able to open up Ebay and load images, and I was able to log into Geek Police and read my posts.  I did find two problems with Chrome, one at times Chrome lagged for a little while.  But, the biggest concern I had, was that I was redirected to a different site, and I wondered if there might still be Malware hiding somewhere.  In trouble shooting Firefox problems, I learned that I might need to upgrade my graphics driver.  In Firefox troubleshooting steps there was a link to click on to show me what to do to upgrade the driver.  I decided to view the page I was on in Chrome, so I could still view the instructions in case I needed to restart Firefox.  In Firefox, I copied the URL for the page I was on, and pasted it into Chrome.  The page loaded correctly and looked just like the page in Firefox.  I decided to click on the link in Chrome for the driver update.  I was taken to what appeared to be the Yahoo Search engine with a list of links to click on to download the driver update.  I clicked on one and it loaded, but then I decided not to open it for it to download.  I instead removed it from the download list.  I went back to Firefox and clicked on the same link, and it took me to a page of directions on how to go to the start menu within my computer, and update the driver within my computer which would update through IE since it was a Windows item.  So it seemed Chrome was redirecting me to potentially harmful downloads.  I did a Malwarebytes scan after, and nothing was found.

You should only download drivers from the site of the maker of your computer.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Hello there, this has been escalated to me... Once the steps above have been complete, please follow these directions...

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will produce a log called FRST.txt in the same directory the tool is run from.
  
• Please copy and paste log back here.
  
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
  

The ESET program has other options, than described above.  Should I not select any other options than Remove Found Threats, and Scan Archives.  An image is attached for you to see what I am referring to.

Thank you for your help, Super Dave!  Dr. Jay, thank you for the additional help you are providing!

You're welcome... See if these instructions help you:

ESET Online Scanner
Note : If you use Internet Explorer to get the ESET Online Scanner, you won't have to download, nor install the tool, as everything will be ran in a contextual (pop-up) window of Internet Explorer. However, for every other browsers, you will have to download and install ESET Online Scanner. In this set of instruction, I'll use Google Chrome to download it and run it (since a lot of people will do it), however, except for the download and installation procedure, the same instructions applies if you use Internet Explorer. Please note that two or three prompts will appear if you use Internet Explorer asking you to reload the page, authorize the application, execute it, etc. Accept all of them in order to run ESET Online Scanner.

• Download and execute ESET Online Scanner (on this window, click on ESET Smart Installer to trigger the download). People accessing this URL via Internet Explorer will start the integration process of ESET Online Scanner in their browser;
  
• Once the installation is done (it requires Admin Rights), check the following settings (two of them are under Advanced Settings, click on it to display them) :
  
  
  
  • Enable detection of potentially unwanted applications;
    
  • Scan archives;
    
  • Scan for potentially unsafe applications;
    
  • Optional : If you want to scan more drives, click on Change... and select the drives you want to include in the scan;
    
  
  
  
• After you're done checking these options, click on Start and ESET Online Scanner will download it's virus signature database before starting the scan;
  
  
• Once done, the scan will start automatically. Detections will appear at the bottom of the window. ESET Online Scanner can have an extremely long scan time that can last between 2 or 3 hours. So if you start the scan, do not interrupt it, let it complete until the end;
  
  
• After the scan is finished, a summary window will appear to give you the information about the scan. Then you'll have to the option to see what threads were found and to manage the threats that were quarantined;
  
  
• Click on List of found threats, it'll display every threat identified during that scan, their type and what action was taken against them. Click on Copy to clipboard to copy these results on our clipboard and post them in your next reply;
  
  
• Once you're done, click on the Back button;
  
• Check both checkboxes at the bottom: Uninstall application on close and Delete quarantined files before clicking on the Finish button;
  

Below you will find results for, ESET.  Each one shows to have been cleaned or cleaned by deleting, but the option to Uninstall application on close and Delete quarantined files was not present.  The two options were, Delete application's data on close, and Remove from quarantine.  I selected Delete application's data.  But it seems the quarantined files are still in my computer, since I could not delete them.



C:\Documents and Settings\Teressa\Application Data\Sun\Java\Deployment\cache\6.0\13\603d834d-229540c5    a variant of Java/Exploit.CVE-2011-3544.CF trojan    cleaned by deleting
C:\Documents and Settings\Teressa\Desktop\All Folders\Desk Top\InstallFreeRARExtractFrog.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    cleaned by deleting
C:\Documents and Settings\Teressa\Desktop\All Folders\DVD Tools\ashampoo_burning_studio_6_free_6.80_4312.exe    a variant of Win32/Toolbar.Conduit.AU potentially unwanted application    cleaned by deleting
C:\Documents and Settings\Teressa\Desktop\Unused Desktop Shortcuts\rminstall.exe    Win32/RegistryMechanic.B potentially unwanted application    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\android-assistant(1).exe    multiple threats,a variant of Android/Exploit.Lotoor.CX trojan,a variant of Android/Exploit.Lotoor.GW trojan,Android/Exploit.MempoDroid.A trojan,Android/Exploit.Lotoor.EF trojan,Android/Exploit.Lotoor.EZ trojan,a variant of Android/Exploit.Lotoor.GX trojan    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\android-assistant.exe    multiple threats,a variant of Android/Exploit.Lotoor.CX trojan,a variant of Android/Exploit.Lotoor.GW trojan,Android/Exploit.MempoDroid.A trojan,Android/Exploit.Lotoor.EF trojan,Android/Exploit.Lotoor.EZ trojan,a variant of Android/Exploit.Lotoor.GX trojan    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\cdbxp_setup_4.5.1.3868.exe    Win32/OpenCandy potentially unsafe application    cleaned by deleting
C:\Documents and Settings\Teressa\My Documents\Downloads\debutsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted
C:\Documents and Settings\Teressa\My Documents\Downloads\setup-trial.exe    a variant of Win32/Adware.ErrorRepair.A application    cleaned by deleting
C:\Program Files\NCH Software\Debut\uninst.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    cleaned by deleting
C:\Program Files\Netscape\Navigator 9\plugins\npMozCouponPrinter.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545124.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545125.exe    a variant of Win32/Toolbar.Conduit.AU potentially unwanted application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545126.exe    Win32/RegistryMechanic.B potentially unwanted application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545164.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    cleaned by deleting
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2788\A0545165.dll    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
L:\WD_SmartWare\5AB5B6B3949B43968DA5AFDAD605C122\C_\Documents and Settings\Teressa\Desktop\LIme Wire\angels 101 CD quality.mp3    a variant of WMA/TrojanDownloader.GetCodec.gen trojan    cleaned

FRST


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2017 01
Ran by Teressa (administrator) on PROSPERITY (22-06-2017 14:51:42)
Running from C:\Documents and Settings\Teressa\Desktop
Loaded Profiles: Teressa (Available Profiles: Teressa & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(Creative Technology Ltd) C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\WINDOWS\SYSTEM32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
(Microsoft Corporation) C:\WINDOWS\SYSTEM32\fxssvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Corel, Inc.) C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
(Microsoft® Corporation) C:\Program Files\Microsoft Works\MSWORKS.EXE
() C:\Program Files\OLYMPUS\CAMEDIA Master\Olympus Camedia.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2003-01-30] (HP)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [220288 2017-05-31] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-08-25] (Macrovision Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [263232 2017-06-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Policies\Explorer: []
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 5f000000
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Run: [cdloader] => C:\Documents and Settings\Teressa\Application Data\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Run: [Google Update] => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {0b056b56-6899-11df-9dbe-000cf18c7d78} - H:\workshop.exe
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {708fc04e-98af-11e4-9fe8-000cf18c7d78} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {7aef4004-1019-11d8-9f71-000cf18c7d78} - J:\autorun.exe
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {7bac474c-c28d-11df-9dfe-000cf18c7d78} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {874167d2-c3cb-11e1-9f2a-000cf18c7d78} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {deb3764a-db1d-11de-9d58-000cf18c7d78} - J:\LaunchU3.exe -a
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\MountPoints2: {e893ae8f-e7f1-11df-9e0f-000cf18c7d78} - "K:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\sstext3d.scr [679936 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [AutoLaunch] => C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe monthly
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2013-01-19] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  -> No File
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\setup.exe [2010-08-15] (magicJack L.P.)
Startup: C:\Documents and Settings\Teressa\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-01-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0DCE56D5-9130-4B54-B459-5C2AFE16A228}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell4me.com/myway
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell4me.com/myway
HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ebay.com/
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> {E70C0F81-A36D-4E87-A070-1623DE26DC04} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2003-03-16] ()
BHO: PPCScamBHO Class -> {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} -> No File
BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -  No File
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\TomTom\HOME\Profiles\4qqmyzdd.default [2013-05-21]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Nvu\Profiles\46itrkdl.default [2012-10-21]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Netscape\Navigator\Profiles\ro5fo0iq.default [2010-08-09]
FF Extension: (No Name) - C:\Program Files\Netscape\Navigator 9\extensions\inspector@mozilla.org [not found]
FF Extension: (No Name) - C:\Program Files\Netscape\Navigator 9\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3} [not found]
FF ProfilePath: C:\Documents and Settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859 [2017-06-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-17] [not signed]
FF HKLM\...\Thunderbird\Extensions: [avgthb@avg.com] - C:\Program Files\AVG\AVG2012\Thunderbird => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_126.dll [2017-06-15] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-12-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+(R),version=1.6.2.91 -> C:\Program Files\NOS\bin\np_gp.dll [2010-10-20] (NOS Microsystems Ltd.)
FF Plugin: @pack.google.com/Google Updater;version=14 -> C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [2011-09-13] (Google)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @yverinfo.yahoo.com/YahooVersionInfoPlugin;version=1.0.0.1 -> C:\Program Files\Yahoo!\Shared\npYVerInfo.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll [No File]
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @talk.google.com/GoogleTalkPlugin -> C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @talk.google.com/O1DPlugin -> C:\Documents and Settings\Teressa\Application Data\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=8 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll [No File]
FF Plugin HKU\S-1-5-21-2305011698-3870448665-3586125232-1007: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Teressa\Application Data\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Teressa\Application Data\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> hxxps://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Profile: C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default [2017-06-20]
CHR Extension: (AVG Secure Search) - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2017-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-20]
CHR HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.42AWFHMO6FPQSCDKOVTDJDJWOI - C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [143776 2017-02-24] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-15] (Adobe Systems Incorporated) [File not signed]
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [264432 2017-06-18] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [5782800 2017-06-18] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [1189720 2017-05-31] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-20] (SEIKO EPSON CORPORATION)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [48368 2009-09-03] (NOS Microsystems Ltd.)
S3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3398608 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetSvc; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [143360 2003-03-03] (Intel(R) Corporation) [File not signed]
S3 Pml Driver; C:\WINDOWS\System32\HPHipm09.exe [77824 2003-01-30] (HP)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
R2 WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [53520 2000-06-26] (Microsoft Corporation) [File not signed]
S3 WsDrvInst; C:\Program Files\Wondershare\MobileTrans\DriverInstall.exe [103824 2015-08-07] (Wondershare)
S4 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 Andbus; C:\WINDOWS\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\WINDOWS\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\WINDOWS\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\WINDOWS\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
S3 AndnetBus; C:\WINDOWS\System32\DRIVERS\lgandnetbus.sys [15744 2015-01-21] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\System32\DRIVERS\lgandnetdiag.sys [24576 2015-01-26] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\System32\DRIVERS\lgandnetmodem.sys [29696 2015-01-26] (LG Electronics Inc.)
S3 andnetndis; C:\WINDOWS\System32\DRIVERS\lgandnetndis.sys [70784 2015-01-21] (LG Electronics Inc.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2002-08-14] (Adaptec)
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiskx.sys [135872 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdriverx.sys [260616 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidshx.sys [151024 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgblogx.sys [270344 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbunivx.sys [43992 2017-06-18] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [35264 2017-06-18] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [109056 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr.sys [61888 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [63280 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [765704 2017-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [483736 2017-06-18] (AVG Technologies CZ, s.r.o.)
R3 avgStmXP; C:\WINDOWS\system32\drivers\avgStmXP.sys [182208 2017-06-18] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [280928 2017-06-18] (AVG Technologies CZ, s.r.o.)
R3 BCMModem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [1101696 2003-08-29] (Broadcom Corporation)
S3 Dot4 HPH09; C:\WINDOWS\System32\DRIVERS\hphid409.sys [50800 2003-01-30] (HP)
S3 Dot4Print HPH09; C:\WINDOWS\System32\DRIVERS\hphipr09.sys [16112 2003-01-30] (HP)
S3 Dot4Storage HPH09; C:\WINDOWS\System32\Drivers\hphs2k09.sys [50211 2003-01-30] (Hewlett-Packard)
S3 Dot4Usb HPH09; C:\WINDOWS\System32\drivers\hphius09.sys [18864 2003-01-30] (HP)
R3 dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [18816 2010-01-29] (RIF) [File not signed]
S3 EL90XBC; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [59936 2017-05-25] ()
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation)
S3 GT680x; C:\WINDOWS\System32\Drivers\gt680x.sys [18120 2001-11-08] (   ) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-03-07] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-03-07] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-03-07] (HP)
S3 i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [161020 2004-08-04] (Intel(R) Corporation)
S3 iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [12415 2004-08-04] (Intel(R) Corporation)
S3 iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [12127 2004-08-04] (Intel(R) Corporation)
S3 iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [11775 2004-08-04] (Intel(R) Corporation)
S3 iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [12063 2004-08-04] (Intel(R) Corporation)
S3 iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [19455 2004-08-04] (Intel(R) Corporation)
S3 iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [29311 2004-08-04] (Intel(R) Corporation)
S3 iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [19551 2004-08-04] (Intel(R) Corporation)
S3 iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [33599 2004-08-04] (Intel(R) Corporation)
S3 iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [23615 2004-08-04] (Intel(R) Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [147232 2017-06-16] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [39840 2017-06-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [220576 2017-06-19] (Malwarebytes)
S3 OlCamudp; C:\WINDOWS\System32\Drivers\olcamudp.sys [10379 2000-02-08] (OLYMPUS Optical Co.,Ltd.) [File not signed]
R1 omci; C:\WINDOWS\System32\DRIVERS\omci.sys [17217 2002-11-08] (Dell Computer Corporation) [File not signed]
R3 P16X; C:\WINDOWS\System32\drivers\P16X.sys [1330048 2003-09-22] (Creative Technology Ltd.)
S1 P3; C:\WINDOWS\System32\DRIVERS\p3.sys [42752 2008-04-13] (Microsoft Corporation)
S3 pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [47360 2010-03-17] (VSO Software) [File not signed]
R2 PfModNT; C:\WINDOWS\System32\PfModNT.sys [6752 1999-12-17] (Creative Technology Ltd.) [File not signed]
S3 PLTurbh; C:\WINDOWS\System32\drivers\plturbh.sys [16384 2009-07-01] (Prolific Technology Inc.)
R3 PLTurbo; C:\WINDOWS\System32\drivers\plturbo.sys [16640 2009-07-01] (Prolific Technology Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-20] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2013-01-19] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [717296 2010-01-30] () [File not signed]
S3 bvrp_pci; no ImagePath
S3 iAimTV2; System32\DRIVERS\wATV03nt.sys [X]
S3 ivusb; system32\DRIVERS\ivusb.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S2 StarOpen; no ImagePath
S3 wanatw; System32\DRIVERS\wanatw4.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: Ip6FwHlp -> no filepath.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-22 14:51 - 2017-06-22 14:55 - 00025557 _____ C:\Documents and Settings\Teressa\Desktop\FRST.txt
2017-06-22 14:50 - 2017-06-22 14:51 - 00000000 ____D C:\FRST
2017-06-22 14:50 - 2017-06-22 14:50 - 01778688 _____ (Farbar) C:\Documents and Settings\Teressa\Desktop\FRST.exe
2017-06-20 23:42 - 2017-06-20 23:42 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\ESET
2017-06-20 21:46 - 2017-06-20 21:48 - 06754944 _____ (ESET spol. s r.o.) C:\Documents and Settings\Teressa\Desktop\esetonlinescanner_enu.exe
2017-06-20 02:38 - 2017-06-20 02:39 - 00012405 _____ C:\Documents and Settings\Teressa\Desktop\MTB.txt
2017-06-20 02:35 - 2017-06-20 02:35 - 00892416 _____ (Farbar) C:\Documents and Settings\Teressa\Desktop\MiniToolBox(1).exe
2017-06-19 19:27 - 2017-06-22 07:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-19 19:27 - 2017-06-19 19:27 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-19 19:27 - 2017-06-19 19:27 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2017-06-18 16:32 - 2017-06-18 16:32 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2017-06-18 16:06 - 2017-06-22 04:23 - 00000296 ____H C:\WINDOWS\Tasks\Antivirus Emergency Update.job
2017-06-18 16:06 - 2017-06-18 16:07 - 00182208 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstmxp.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00483736 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00280928 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00109056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00063280 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00061888 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr.sys
2017-06-18 16:06 - 2017-06-18 16:04 - 00035264 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00765704 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00270344 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00260616 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00151024 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00135872 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiskx.sys
2017-06-18 16:06 - 2017-06-18 16:03 - 00043992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
2017-06-18 16:04 - 2017-06-18 16:03 - 00331896 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-06-18 15:53 - 2017-06-18 15:53 - 00000629 _____ C:\Documents and Settings\All Users\Desktop\AVG.lnk
2017-06-18 11:12 - 2017-06-18 11:12 - 00010374 _____ C:\Documents and Settings\Teressa\Desktop\Defragment VolumeC.txt
2017-06-16 18:08 - 2017-06-22 14:08 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\New Folder (7)
2017-06-16 15:10 - 2017-06-16 17:10 - 00000000 ____D C:\AdwCleaner
2017-06-16 12:41 - 2017-06-16 12:41 - 00001317 _____ C:\Documents and Settings\Administrator.PROSPERITY\Desktop\Mbam Results.txt
2017-06-16 00:42 - 2017-06-16 00:42 - 00147232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-16 00:36 - 2017-06-19 18:00 - 00039840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-16 00:36 - 2017-06-19 17:59 - 00220576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-16 00:35 - 2017-06-16 00:35 - 00001715 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes.lnk
2017-06-16 00:35 - 2017-06-16 00:35 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes
2017-06-16 00:35 - 2017-05-25 11:58 - 00059936 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-06-16 00:34 - 2017-06-16 00:34 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-15 21:33 - 2017-06-15 21:33 - 00000000 __SHD C:\Documents and Settings\Administrator.PROSPERITY\PrivacIE
2017-06-15 18:18 - 2017-06-15 18:18 - 00000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Local Settings\Application Data\Google
2017-06-15 18:17 - 2017-06-17 02:16 - 00622720 _____ C:\WINDOWS\ntbtlog.txt
2017-06-15 05:20 - 2017-06-15 05:38 - 00002306 _____ C:\Documents and Settings\Teressa\Start Menu\Programs\Google Chrome.lnk
2017-06-15 05:20 - 2017-06-15 05:38 - 00002300 _____ C:\Documents and Settings\Teressa\Desktop\Google Chrome.lnk
2017-06-08 16:45 - 2017-06-08 16:45 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Games
2017-05-27 16:17 - 2017-05-27 16:18 - 00000136 _____ C:\Documents and Settings\Teressa\Desktop\Gmail.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-22 14:55 - 2003-12-28 17:52 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Temp
2017-06-22 14:28 - 2012-10-25 16:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-06-22 14:27 - 2011-05-23 01:01 - 00000986 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job
2017-06-22 14:06 - 2002-09-30 06:10 - 00002489 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
2017-06-22 14:01 - 2010-01-07 14:31 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-06-22 12:15 - 2015-02-27 13:15 - 00000514 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job
2017-06-22 12:01 - 2003-12-15 07:42 - 00032422 _____ C:\WINDOWS\SchedLgU.Txt
2017-06-22 11:18 - 2010-06-08 16:03 - 00000868 _____ C:\WINDOWS\Tasks\Google Software Updater.job
2017-06-22 06:01 - 2015-02-27 13:14 - 00000514 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job
2017-06-22 05:30 - 2004-07-13 16:43 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Unused Desktop Shortcuts
2017-06-22 02:27 - 2011-05-23 01:01 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job
2017-06-22 02:24 - 2003-12-15 07:41 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-06-21 18:51 - 2016-09-20 06:05 - 00000314 ____H C:\WINDOWS\Tasks\AVG EUpdate Task.job
2017-06-21 17:45 - 2006-02-05 11:54 - 00000000 ____D C:\Documents and Settings\Teressa\My Documents\My PSP Files
2017-06-21 17:44 - 2008-11-11 18:48 - 00002375 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Corel Paint Shop Pro X.lnk
2017-06-21 16:01 - 2010-01-07 14:31 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-06-20 02:47 - 2007-08-18 10:10 - 00000000 ____D C:\WINDOWS\network diagnostic
2017-06-20 02:10 - 2002-09-03 10:00 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2017-06-19 19:36 - 2015-04-13 23:53 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Old Firefox Data
2017-06-19 19:27 - 2012-04-28 11:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-06-19 18:01 - 2010-09-10 04:09 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\magicJack
2017-06-19 17:57 - 2014-03-30 15:41 - 00000226 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2017-06-19 17:57 - 2013-06-02 23:52 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2017-06-19 17:57 - 2003-12-15 07:41 - 00004330 ____C C:\WINDOWS\ModemLog_BCM V.92 56K Modem.txt
2017-06-19 17:57 - 2003-12-15 07:38 - 00001170 ____C C:\WINDOWS\system32\WPA.DBL
2017-06-19 17:56 - 2003-12-15 07:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-19 17:55 - 2003-12-28 17:52 - 00000178 ___SH C:\Documents and Settings\Teressa\NTUSER.INI
2017-06-19 17:55 - 2003-12-28 17:52 - 00000000 ____D C:\Documents and Settings\Teressa
2017-06-19 17:43 - 2013-10-28 20:28 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\mjusbsp
2017-06-19 17:42 - 2013-10-28 20:29 - 00000996 _____ C:\Documents and Settings\Teressa\Desktop\magicJack.lnk
2017-06-19 17:42 - 2010-12-09 18:01 - 00001002 _____ C:\Documents and Settings\Teressa\Start Menu\Programs\magicJack.lnk
2017-06-19 03:41 - 2016-06-10 08:05 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\AVG
2017-06-19 03:30 - 2015-06-02 09:36 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\Avg
2017-06-19 03:30 - 2011-05-11 13:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2017-06-19 02:48 - 2011-02-27 04:26 - 00000472 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2017-06-18 18:36 - 2010-01-07 14:36 - 00000000 ____D C:\Documents and Settings\Teressa\Local Settings\Application Data\Temp
2017-06-18 17:39 - 2015-08-15 19:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avg
2017-06-18 16:26 - 2003-12-15 07:23 - 00000000 ___HD C:\WINDOWS\INF
2017-06-18 16:01 - 2009-03-13 13:19 - 00000000 ____D C:\Program Files\AVG
2017-06-18 08:59 - 2009-12-21 16:24 - 00000000 ____C C:\Documents and Settings\Teressa\Local Settings\Application Data\prvlcl.dat
2017-06-18 01:14 - 2017-05-14 07:52 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\New Folder
2017-06-18 00:50 - 2015-10-01 16:54 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Mary Powers That Be
2017-06-18 00:50 - 2015-08-08 07:26 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\All Custody
2017-06-18 00:46 - 2017-05-03 01:50 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Fence 1
2017-06-18 00:42 - 2016-10-12 17:04 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\Copies Audio.Ebooks OverDrive
2017-06-18 00:37 - 2015-02-03 13:23 - 00000000 ____D C:\Documents and Settings\Teressa\Desktop\All Folders
2017-06-17 23:15 - 2003-12-28 17:52 - 00000000 ___RD C:\Documents and Settings\Teressa\My Documents
2017-06-17 22:58 - 2004-01-12 02:45 - 00096768 ____C C:\Documents and Settings\Teressa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-17 22:57 - 2012-06-03 09:34 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\vlc
2017-06-17 22:04 - 2012-04-09 19:29 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\uTorrent
2017-06-17 19:10 - 2007-10-26 01:56 - 00000000 ____D C:\ConverterOutput
2017-06-17 19:09 - 2012-04-13 11:44 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\dvdcss
2017-06-17 05:48 - 2008-04-13 20:15 - 00000178 __SHC C:\Documents and Settings\Administrator.PROSPERITY\NTUSER.INI
2017-06-16 12:36 - 2009-06-18 17:04 - 00000000 ____D C:\Documents and Settings\Administrator.PROSPERITY\Local Settings\temp
2017-06-16 00:34 - 2014-11-16 04:26 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2017-06-16 00:34 - 2008-10-22 02:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2017-06-15 21:33 - 2008-04-13 20:15 - 00000000 ____D C:\Documents and Settings\Administrator.PROSPERITY
2017-06-15 16:31 - 2008-08-14 21:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-06-15 06:44 - 2012-10-25 16:00 - 00803328 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2017-06-15 06:44 - 2011-05-12 23:24 - 00144896 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2017-06-15 06:41 - 2003-12-15 07:23 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 03:57 - 2010-08-12 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2160329$
2017-06-13 17:12 - 2003-12-15 07:41 - 00525020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-13 15:37 - 2004-03-19 02:18 - 00000000 __SHD C:\Documents and Settings\Teressa\UserData
2017-06-08 15:00 - 2014-03-30 15:41 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2017-06-06 00:32 - 2007-07-15 17:19 - 00000000 ____D C:\vpp_temp
2017-05-27 20:29 - 2013-10-08 19:41 - 00000000 ____D C:\Documents and Settings\Teressa\Application Data\eM Client
2017-05-26 18:42 - 2008-07-28 23:50 - 00000000 ____D C:\Documents and Settings\Teressa\My Documents\Ebay Templates

==================== Files in the root of some directories =======

2013-06-26 06:54 - 2014-06-23 16:39 - 0003728 ____C () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2007-07-18 01:36 - 2007-07-18 01:36 - 0000336 ____C () C:\Program Files\temp995.bat
2010-03-16 16:28 - 2011-09-05 01:35 - 0000162 ____C () C:\Documents and Settings\Teressa\Application Data\default.rss
2010-06-13 00:31 - 2010-06-13 00:31 - 0000000 ____C () C:\Documents and Settings\Teressa\Application Data\downloads.m3u
2010-03-17 23:45 - 2014-04-15 03:00 - 0087608 ____C () C:\Documents and Settings\Teressa\Application Data\inst.exe
2010-03-02 04:11 - 2010-03-02 04:16 - 0000699 ____C () C:\Documents and Settings\Teressa\Application Data\moyea_dia.log
2010-03-17 23:45 - 2014-04-15 03:00 - 0007887 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.cat
2010-03-17 23:45 - 2014-04-15 03:00 - 0001144 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.inf
2010-03-17 23:45 - 2014-04-15 03:00 - 0000033 ____C () C:\Documents and Settings\Teressa\Application Data\pcouffin.log
2010-03-17 23:45 - 2014-04-15 03:00 - 0047360 ____C (VSO Software) C:\Documents and Settings\Teressa\Application Data\pcouffin.sys
2004-01-12 02:45 - 2017-06-17 22:58 - 0096768 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-05 02:15 - 2015-02-05 02:15 - 0026900 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\dt.dat
2009-12-21 16:24 - 2017-06-18 08:59 - 0000000 ____C () C:\Documents and Settings\Teressa\Local Settings\Application Data\prvlcl.dat
2012-01-15 15:59 - 2012-05-06 17:10 - 0000031 __SHC () C:\Documents and Settings\All Users\Application Data\.zreglib
2007-12-11 04:17 - 2017-05-16 13:29 - 0013296 ____C () C:\Documents and Settings\All Users\Application Data\hpzinstall.log
2010-09-17 23:41 - 2010-09-17 23:41 - 0000133 ____C () C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
2007-08-18 09:36 - 2007-08-18 09:36 - 0001751 ____C () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Some files in TEMP:
====================
2017-05-16 13:18 - 2009-11-25 05:23 - 1710720 ____N (Hewlett-Packard) C:\Documents and Settings\Teressa\Local Settings\Temp\hpzmsi01.exe
2017-05-16 13:18 - 2009-11-25 05:23 - 1639552 ____N (Hewlett-Packard) C:\Documents and Settings\Teressa\Local Settings\Temp\hpzscr01.EXE
2017-05-16 13:18 - 2009-11-25 05:23 - 0467072 ____N (Hewlett-Packard) C:\Documents and Settings\Teressa\Local Settings\Temp\hpzswp01.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Addition


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-06-2017 01
Ran by Teressa (22-06-2017 14:56:47)
Running from C:\Documents and Settings\Teressa\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) (2003-12-28 22:52:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2305011698-3870448665-3586125232-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.PROSPERITY
ASPNET (S-1-5-21-2305011698-3870448665-3586125232-1008 - Limited - Enabled)
Guest (S-1-5-21-2305011698-3870448665-3586125232-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-2305011698-3870448665-3586125232-1006 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2305011698-3870448665-3586125232-1002 - Limited - Disabled)
SUPPORT_3f151ab9 (S-1-5-21-2305011698-3870448665-3586125232-1005 - Limited - Disabled)
Teressa (S-1-5-21-2305011698-3870448665-3586125232-1007 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Teressa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
AV: AVG Antivirus (Enabled - Up to date) {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
ABBYY FineReader 4.0 Sprint (HKLM\...\ABBYY FineReader 4.0 Sprint) (Version:  - )
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.0.5 - LSoft Technologies)
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 26.0.0.126 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Audacity 1.3.13 (Unicode) (HKLM\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
AutoUpdate (HKLM\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
AVG (Version: 1.191.1 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG Antivirus) (Version: 17.4.3014 - AVG Technologies)
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 4.3.8.510 - AVG Technologies)
Backuptrans Android SMS + MMS Transfer 3.2.16 (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Backuptrans Android SMS + MMS Transfer) (Version: 3.2.16 - Backuptrans)
Banctec Service Agreement (Version: 1.00.00 - Dell) Hidden
Banctec Service Agreement (Version: 1.00.0005 - Dell) Hidden
BCM V.92 56K Modem (HKLM\...\BCM V.92 56K Modem) (Version:  - )
bitcontrol® MPEG-2 Video Decoder v2.1 (HKLM\...\bcMPEG2dec) (Version: 2.1 - BitCtrl Systems GmbH)
Bonjour (HKLM\...\{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}) (Version: 1.0.105 - Apple Inc.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
C6200_Help (Version: 90.0.189.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.0 - Corel Inc)
Critical Update for Windows Media Player 11 (KB959772) (HKLM\...\KB959772_WM11) (Version:  - Microsoft Corporation)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 (HKLM\...\Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1) (Version:  - Cucusoft, Inc.)
Dell Digital Jukebox Driver (HKLM\...\Dell Digital Jukebox Driver) (Version:  - )
Dell Media Experience (HKLM\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version:  - )
Dell Networking Guide (Version: 1.00.0001 - Dell) Hidden
Dell Solution Center (HKLM\...\{11F1920A-56A2-4642-B6E0-3B31A12C9288}) (Version: 1.00.0000 - Dell)
DivX (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.0 - DivXNetworks, Inc.)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DS21Patch (Version: 1.00.0000 - Dell) Hidden
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVD43 Plug-in v1.0.0.5 (HKLM\...\DVD43 Plug-in_is1) (Version:  - )
DVD43 v4.6.0 (HKLM\...\DVD43_is1) (Version:  - )
DVDSentry (HKLM\...\{98DF85D9-96C0-4F57-A92E-C3539477EF5E}) (Version: 1.00.0000 - Dell)
eM Client (HKLM\...\{224024F1-88C6-4E06-9AF6-39FF47347338}) (Version: 7.0.30068.0 - eM Client Inc.)
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.4.2 (HKLM\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
Fax (Version: 120.0.194.000 - Hewlett-Packard) Hidden
FileZilla Client 3.6.0.2 (HKLM\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
FMW 1 (Version: 1.203.1 - AVG Technologies) Hidden
Google Chrome (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.5 - Google Inc.) Hidden
Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GPL Ghostscript 8.50 (HKLM\...\GPL Ghostscript 8.50) (Version:  - )
GPL Ghostscript Fonts (HKLM\...\GPL Ghostscript Fonts) (Version:  - )
Help and Support Customization (Version: 1.00.0000 - Dell) Hidden
hp photosmart printer series (Remove only) (HKLM\...\hp photosmart printer series) (Version:  - )
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
Intel(R) PROSet (HKLM\...\{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}) (Version: 6.05.2001 - Intel)
Internet Explorer Default Page (Version: 1.00.03 - Dell Inc.) Hidden
iPhone Data Recovery  (HKLM\...\iPhone Data Recovery) (Version:  - Tenorshare, Inc.)
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.14.1 - LG Electronics)
LightScribe System Software (HKLM\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
magicJack (HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Menu Templates - Pack 1 (Version: 9.4.4.0 - Nero AG) Hidden
Menu Templates - Starter Kit (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Client Profile Basic SP2 Version 1.0.1.22 (HKLM\...\{10E4121C-8181-4217-8DA9-6CD38DDC34F9}_is1) (Version: 1.0.1.22 - Wondershare, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Data Access Components KB870669 (HKLM\...\KB870669) (Version:  - Microsoft Corporation)
Microsoft Office Excel Viewer 2003 (HKLM\...\{90840409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Picture It! Photo 7.0 (HKLM\...\{369B36BE-3D64-4641-9AEA-808D436FE132}) (Version: 7.0.0.0000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM\...\WebPost) (Version:  - )
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
Modem Helper (HKLM\...\{7F142D56-3326-11D5-B229-002078017FBF}) (Version:  - )
Movie Templates - Starter Kit (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 52.2.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.2.0 ESR (x86 en-US)) (Version: 52.2.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.0 - Mozilla)
MSN Music Assistant (HKLM\...\MSN Music Assistant) (Version:  - )
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music DVD Creator 2.0 (HKLM\...\DVDCreator.exe_is1) (Version:  - Copyright (C) 2003-2007 BlazeVideo,Inc.)
MusicIP Mixer 1.8.1 (HKLM\...\MusicIP Mixer_is1) (Version:  - MusicIP)
Musicmatch® Jukebox (HKLM\...\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}) (Version: 9.00.5100 - )
Nero 9 Essentials (HKLM\...\{2102f84f-010e-4510-aa29-4f92f55eaeea}) (Version:  - Nero AG)
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
OLYMPUS CAMEDIA Master 2.01 (HKLM\...\OLYMPUS CAMEDIA Master 2.0) (Version:  - )
OpenOffice 4.0.1 (HKLM\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0 (HKLM\...\{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1) (Version:  - Orban, Inc.)
OverDrive for Windows (HKLM\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
SBC Self Support Tool (HKLM\...\SBC.MCCInstall) (Version:  - )
Shockwave (HKLM\...\Shockwave) (Version:  - )
Sound Blaster Live! (HKLM\...\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}) (Version:  - )
Spybot - Search & Destroy 1.2 (HKLM\...\Spybot - Search & Destroy_is1) (Version: 1.2 - PepiMK Software)
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.15.0.1000 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
The Print Shop (HKLM\...\The Print Shop 10.0) (Version:  - )
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
USBFast (HKLM\...\{AED142A8-96EA-42DE-B212-60BFC98D6CC7}) (Version: 1.3.0.19 - Plextor)
VideoLAN VLC media player 0.8.6c (HKLM\...\VLC media player) (Version: 0.8.6c - VideoLAN Team)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Page Creator (HKLM\...\Web Page Creator) (Version:  - )
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.7.0017.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wondershare Helper Compact 2.5.0 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare MobileTrans ( Version 7.3.2 ) (HKLM\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 7.3.2 - Wondershare)
Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\WINDOWS\system32\msinet.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{699DDBCC-DC7E-11D0-BCF7-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\WINDOWS\system32\msstdfmt.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\WINDOWS\system32\msvbvm60.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\1.3.33.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\WINDOWS\SYSTEM32\COMDLG32.OCX (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\WINDOWS\system32\mscomct2.ocx (Microsoft Corporation)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Antivirus Emergency Update.job => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG EUpdate Task.job => C:\Program Files\AVG\Setup AVG Technologies   ጃ  0 ߡ   3     
     0
ߡ   3      
    
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{2DA93B1C-588C-41AB-B213-93B8D77F7D04}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job => C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Documents and Settings\Teressa\NetHood\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co

ShortcutWithArgument: C:\Documents and Settings\Teressa\Desktop\Unused Desktop Shortcuts\Yahoo! Mail.lnk -> C:\WINDOWS\SYSTEM32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\ymmapi.dll,OpenURL hxxp://mail.yahoo.com/?.redir=ymmapi9

==================== Loaded Modules (Whitelisted) ==============

2017-06-18 16:03 - 2017-06-18 16:03 - 00171344 _____ () C:\Program Files\AVG\Antivirus\JsonRpcServer.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00178120 _____ () C:\Program Files\AVG\Antivirus\event_routing_rpc.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00224352 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2017-06-19 08:00 - 2017-06-19 08:00 - 05678080 _____ () C:\Program Files\AVG\Antivirus\defs\17061902\algo.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00685784 _____ () C:\Program Files\AVG\Antivirus\ffl2.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00231760 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2017-06-22 07:41 - 2017-06-22 07:41 - 05678592 _____ () C:\Program Files\AVG\Antivirus\defs\17062200\algo.dll
2007-06-09 20:30 - 2007-06-09 20:30 - 00372736 _____ () C:\WINDOWS\system32\portmon.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00136048 _____ () c:\Program Files\AVG\Antivirus\vaarclient.dll
2012-11-29 16:59 - 2012-11-29 16:59 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2003-05-30 10:00 - 2013-01-02 01:49 - 01292288 _____ () C:\WINDOWS\System32\quartz.dll
2002-12-12 01:14 - 2008-04-13 19:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2002-08-29 06:00 - 2008-04-13 19:11 - 00498742 _____ () C:\WINDOWS\system32\dxmasf.dll
2002-12-12 01:14 - 2013-01-02 01:49 - 00148992 ____C () C:\WINDOWS\System32\mpg2splt.ax
2002-12-12 01:14 - 2014-02-05 03:55 - 00562688 ____C () C:\WINDOWS\System32\qedit.dll
2003-05-30 10:00 - 2008-04-13 19:11 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 00992760 _____ () C:\Program Files\AVG\Antivirus\AvChrome.dll
2017-06-18 16:03 - 2017-06-18 16:03 - 48936448 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2016-10-31 18:45 - 2016-10-31 18:45 - 00321208 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll
2016-11-28 06:32 - 2016-11-28 06:28 - 48920064 _____ () C:\Program Files\AVG\UiDll\2623\libcef.dll
2017-06-15 06:44 - 2017-06-15 06:44 - 20064256 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_26_0_0_126.dll
2011-03-23 03:15 - 2000-09-14 08:20 - 01191936 _____ () C:\Program Files\OLYMPUS\CAMEDIA Master\Olympus Camedia.exe
2011-03-23 03:15 - 2000-08-28 15:17 - 00045056 ____C () C:\Program Files\OLYMPUS\CAMEDIA Master\ISXCatalogServer.dll
2011-03-23 03:15 - 2000-08-28 15:19 - 00376832 ____C () C:\Program Files\OLYMPUS\CAMEDIA Master\OLYMPUSCAMERASERVER.DLL
2011-03-23 03:15 - 2000-08-28 15:21 - 00421888 ____C () C:\Program Files\OLYMPUS\CAMEDIA Master\OLYMPUSDISKSERVER.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 [124]
AlternateDataStreams: C:\Documents and Settings\Teressa\Desktop\Moonlight Heat.odt:com.dropbox.attributes [168]
AlternateDataStreams: C:\Documents and Settings\Teressa\Desktop\Voice Test 1.wav:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\avg.com -> hxxps://www.update.avg.com
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\avg.cz -> hxxps://backup.avg.cz
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\magicjack.com -> hxxps://my.magicjack.com
IE trusted site: HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\...\talk4free.com -> hxxps://reg.talk4free.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2002-08-29 06:00 - 2009-04-05 19:49 - 00000860 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2305011698-3870448665-3586125232-1007\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Teressa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.1.254
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk => C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk => C:\WINDOWS\pss\CallWave.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk => C:\WINDOWS\pss\Google Updater.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk => C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk => C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Dropbox.lnk => C:\WINDOWS\pss\Dropbox.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Sonic INSTALLit! Setup.lnk => C:\WINDOWS\pss\Sonic INSTALLit! Setup.lnkStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKCALREM.LNK => C:\WINDOWS\pss\WKCALREM.LNKStartup
MSCONFIG\startupfolder: C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKSCAL.EXE => C:\WINDOWS\pss\WKSCAL.EXEStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AnyDVD => C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCMSMMSG => BCMSMMSG.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: diagent => "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
MSCONFIG\startupreg: Dropbox Update => "C:\Documents and Settings\Teressa\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: dvd43 => C:\Program Files\dvd43\dvd43_tray.exe
MSCONFIG\startupreg: DVDSentry => C:\WINDOWS\System32\DSentry.exe
MSCONFIG\startupreg: GhostStartTrayApp =>
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPHmon03 => C:\WINDOWS\System32\hphmon03.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: mmtask => C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
MSCONFIG\startupreg: Motive SmartBridge => C:\PROGRA~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NAV CfgWiz =>
MSCONFIG\startupreg: Norton SystemWorks => "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\Media Experience\PCMService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sonic RecordNow! =>
MSCONFIG\startupreg: Spotify => "C:\Documents and Settings\Teressa\Application Data\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Documents and Settings\Teressa\Application Data\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: UpdateManager => "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
MSCONFIG\startupreg: updateMgr => "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
MSCONFIG\startupreg: UpdReg => C:\WINDOWS\UpdReg.EXE
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
MSCONFIG\startupreg: YBrowser => C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YPager.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YServer.exe] => Enabled:Yahoo! FT Server
StandardProfile\AuthorizedApplications: [C:\Program Files\WinMX\WinMX.exe] => Enabled:WinMX Application
StandardProfile\AuthorizedApplications: [C:\Program Files\Messenger\msmsgs.exe] => Enabled:Windows Messenger
StandardProfile\AuthorizedApplications: [C:\Program Files\SmartFTP Client\SmartFTP.exe] => Enabled:SmartFTP Client 2.5
StandardProfile\AuthorizedApplications: [C:\Program Files\LimeWire\LimeWire.exe] => Enabled:LimeWire
StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avginet.exe] => Enabled:avginet.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avgamsvr.exe] => Enabled:avgamsvr.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Grisoft\AVG7\avgcc.exe] => Enabled:avgcc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe] => Enabled:Yahoo! Messenger
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\fxsclnt.exe] => Enabled:Microsoft  Fax Console
StandardProfile\AuthorizedApplications: [C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe] => Enabled:AT&T Yahoo! Music Jukebox
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgui.exe] => Enabled:AVG Free User Interface
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgemc.exe] => Enabled:avgemc.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgupd.exe] => Enabled:avgupd.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG8\avgnsx.exe] => Enabled:avgnsx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\CallWave\IAM.exe] => Enabled:CallWave
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe] => Enabled:hpqscnvw.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe] => Enabled:hpqcopy2.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe] => Enabled:hpqnrs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe] => Enabled:hpqphotocrm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe] => Enabled:hpqpsapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe] => Enabled:hpofxs08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe] => Enabled:hpqfxt08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe] => Enabled:hpqpse.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe] => Enabled:hpqusgm.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe] => Enabled:hpqusgh.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\HP Software Update\hpwucli.exe] => Enabled:hpwucli.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe] => Enabled:smartwebprintexe.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice Test
StandardProfile\AuthorizedApplications: [C:\WINDOWS\SYSTEM32\rundll32.exe] => Enabled:Run a DLL as an App
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2012\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe] => Enabled:Google Talk Plugin
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] => Enabled:hpqtra08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe] => Enabled:hpqste08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe] => Enabled:hpofxm08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe] => Enabled:hposfx08.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe] => Enabled:hposid01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe] => Enabled:hpzwiz01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe] => Enabled:hpoews01.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe] => Enabled:hpiscnapp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe] => Enabled:hpqkygrp.exe
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Temp\7zS11CD\HPDiagnosticCoreUI.exe] => Enabled:HPSAPS
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Application Data\Spotify\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\Av\avgmfapx.exe] => Enabled:AVG Installer
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\Event Manager\EEventManager.exe] => Enabled:EEventManager.exe
StandardProfile\AuthorizedApplications: [H:\Network\EpsonNetSetup\ENEASYAPP.EXE] => Enabled:EpsonNet Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\EPSON Software\ECPrinterSetup\ENPApp.exe] => Enabled:Epson Connect Printer Setup
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer.exe] => Enabled:Teamviewer Remote Control Application
StandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control Service
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Local Settings\Application Data\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Teressa\Application Data\mjusbsp\magicJack.exe] => Enabled:magicJack
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
DomainProfile\GloballyOpenPorts: [139:TCP] => Enabled:@xpsp2res.dll,-22004
DomainProfile\GloballyOpenPorts: [445:TCP] => Enabled:@xpsp2res.dll,-22005
DomainProfile\GloballyOpenPorts: [137:UDP] => Enabled:@xpsp2res.dll,-22001
DomainProfile\GloballyOpenPorts: [138:UDP] => Enabled:@xpsp2res.dll,-22002
DomainProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
DomainProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22002
StandardProfile\GloballyOpenPorts: [5070:UDP] => Enabled:UDP

==================== Restore Points =========================

16-05-2017 06:21:04 System Checkpoint
17-05-2017 15:30:41 System Checkpoint
18-05-2017 18:15:07 System Checkpoint
20-05-2017 00:51:42 System Checkpoint
21-05-2017 10:13:59 System Checkpoint
22-05-2017 23:02:31 System Checkpoint
24-05-2017 06:06:36 System Checkpoint
25-05-2017 06:25:10 System Checkpoint
26-05-2017 15:27:06 System Checkpoint
27-05-2017 16:38:30 System Checkpoint
28-05-2017 18:37:08 System Checkpoint
29-05-2017 19:59:53 System Checkpoint
31-05-2017 06:25:19 System Checkpoint
01-06-2017 06:49:36 System Checkpoint
02-06-2017 16:15:59 System Checkpoint
04-06-2017 02:45:27 System Checkpoint
06-11-2003 15:45:19 System Checkpoint
04-06-2017 23:40:36 System Checkpoint
06-06-2017 02:20:59 System Checkpoint
07-06-2017 02:49:40 System Checkpoint
08-06-2017 06:15:58 System Checkpoint
09-06-2017 06:45:00 System Checkpoint
10-06-2017 11:23:01 System Checkpoint
11-06-2017 12:44:26 System Checkpoint
12-06-2017 13:53:34 System Checkpoint
13-06-2017 16:19:39 System Checkpoint
14-06-2017 03:01:05 Software Distribution Service 3.0
15-06-2017 04:03:16 Restore Operation
15-06-2017 16:34:11 Restore Operation
15-06-2017 16:50:54 Restore Operation
15-06-2017 16:59:21 Restore Operation
15-06-2017 17:07:29 Restore Operation
15-06-2017 17:17:19 Restore Operation
15-06-2017 17:25:54 Restore Operation
15-06-2017 17:34:22 Restore Operation
15-06-2017 17:51:53 Restore Operation
16-06-2017 18:52:21 System Checkpoint
17-06-2017 06:22:10 JRT Pre-Junkware Removal
17-06-2017 15:37:38 JRT Pre-Junkware Removal
18-06-2017 16:09:48 Installed Windows XP Wdf01009.
18-06-2017 16:23:20 Removed AVG
18-06-2017 16:31:46 Removed AVG 2016
19-06-2017 20:31:03 System Checkpoint
21-06-2017 00:45:31 System Checkpoint
22-06-2017 03:26:54 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2017 01:27:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module comctl32.dll, version 5.82.2900.6028, fault address 0x000192f2.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/21/2017 07:19:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/21/2017 06:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module comctl32.dll, version 5.82.2900.6028, fault address 0x0001a8be.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/21/2017 04:35:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x00011689.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/20/2017 02:54:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application olympus camedia.exe, version 0.0.0.0, faulting module comctl32.dll, version 5.82.2900.6028, fault address 0x00007092.
Processing media-specific event for [olympus camedia.exe!ws!]

Error: (06/19/2017 04:32:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application firefox.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [firefox.exe!ws!]

Error: (06/17/2017 07:36:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbamtray.exe, version 3.0.0.1068, faulting module mbamtray.exe, version 3.0.0.1068, fault address 0x0008a378.
Processing media-specific event for [mbamtray.exe!ws!]

Error: (06/17/2017 07:22:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:51:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 52.2.0.6367, faulting module mozglue.dll, version 52.2.0.6367, fault address 0x0000f3c5.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (06/17/2017 06:15:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application mbam.exe, version 3.0.0.1068, faulting module qt5core.dll, version 5.6.2.0, fault address 0x001a9fd6.
Processing media-specific event for [mbam.exe!ws!]


System errors:
=============
Error: (06/19/2017 05:56:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/19/2017 05:33:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/19/2017 03:32:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The StarOpen service failed to start due to the following error:
The system cannot find the file specified.

Error: (06/18/2017 04:19:14 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The avgbIDSAgent service terminated with service-specific error 3758213661 (0xE001CA1D).

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:41 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\AVG\Antivirus\setup\iplugins\IStats.dll.
Reference error message: The operation completed successfully.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Avast.VC110.CRT.
Reference error message: The referenced assembly is not installed on your system.
.

Error: (06/18/2017 04:11:19 PM) (Source: SideBySide) (EventID: 32) (User: )
Description: Dependent Assembly Avast.VC110.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

 
 
 = = = = = = = = = = = = = = = = = = = =   M e m o r y   i n f o   = = = = = = = = = = = = = = = = = = = = = = = = = = =  
 
 
 
 P r o c e s s o r :     I n t e l ( R )   P e n t i u m ( R )   4   C P U   2 . 6 0 G H z
 
 P e r c e n t a g e   o f   m e m o r y   i n   u s e :   5 5 %
 
 T o t a l   p h y s i c a l   R A M :   2 5 5 8 . 9 8   M B
 
 A v a i l a b l e   p h y s i c a l   R A M :   1 1 2 8 . 7 9   M B
 
 T o t a l   V i r t u a l :   3 1 7 3 . 4 2   M B
 
 A v a i l a b l e   V i r t u a l :   1 6 1 5 . 3 2   M B
 
 
 
 = = = = = = = = = = = = = = = = = = = =   D r i v e s   = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 
 
 D r i v e   c :   ( )   ( F i x e d )   ( T o t a l : 7 4 . 4 6   G B )   ( F r e e : 2 5 . 0 5   G B )   N T F S   = = > [ d r i v e   w i t h   b o o t   c o m p o n e n t s   ( W i n d o w s   X P ) ]
 
 D r i v e   h :   ( M A R )   ( C D R O M )   ( T o t a l : 0 . 6 3   G B )   ( F r e e : 0   G B )   C D F S
 
 D r i v e   l :   ( M y   B o o k )   ( F i x e d )   ( T o t a l : 9 3 0 . 8 6   G B )   ( F r e e : 4 5 6 . 6 6   G B )   N T F S
 
 
 
 = = = = = = = = = = = = = = = = = = = =   M B R   &   P a r t i t i o n   T a b l e   = = = = = = = = = = = = = = = = = =
 
 
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 D i s k :   0   ( M B R   C o d e :   W i n d o w s   X P )   ( S i z e :   7 4 . 5   G B )   ( D i s k   I D :   9 D C 9 6 E 9 E )
 
 P a r t i t i o n   1 :   ( N o t   A c t i v e )   -   ( S i z e = 3 9   M B )   -   ( T y p e = D E )
 
 P a r t i t i o n   2 :   ( A c t i v e )   -   ( S i z e = 7 4 . 5   G B )   -   ( T y p e = 0 7   N T F S )
 
 
 
 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
 
 D i s k :   1   ( M B R   C o d e :   W i n d o w s   X P )   ( S i z e :   9 3 0 . 9   G B )   ( D i s k   I D :   0 0 3 6 D F 2 1 )
 
 P a r t i t i o n   1 :   ( N o t   A c t i v e )   -   ( S i z e = 9 3 0 . 9   G B )   -   ( T y p e = 0 7   N T F S )
 
 
 
 = = = = = = = = = = = = = = = = = = = =   E n d   o f   A d d i t i o n . t x t   = = = = = = = = = = = = = = = = = = = = = = = = = = = =

See this page on instructions to download and use ComboFix: https://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log(s) back here for review once done running. Any questions, please notify me before making any deliberate decisions.

ComboFix 17-05-16.14 - Teressa 06/22/2017  23:20:35.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2559.1887 [GMT -5:00]
Running from: c:\documents and settings\Teressa\Desktop\ComboFix.exe
AV: AVG Antivirus *Disabled/Updated* {81C62321-3C2A-4A1A-BF2F-52ED23B22B8B}
AV: Malwarebytes *Disabled/Updated* {D4AC7077-9720-47B0-8B38-DFAF3AA21DB6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Start Menu\Programs\Startup\Setup.exe
c:\documents and settings\Teressa\Application Data\inst.exe
c:\documents and settings\Teressa\GoToAssistDownloadHelper.exe
c:\documents and settings\Teressa\My Documents\~WRL0003.tmp
c:\documents and settings\Teressa\My Documents\~WRL0004.tmp
c:\documents and settings\Teressa\My Documents\~WRL0005.tmp
c:\documents and settings\Teressa\My Documents\~WRL0057.tmp
c:\documents and settings\Teressa\My Documents\~WRL0103.tmp
c:\documents and settings\Teressa\My Documents\~WRL0211.tmp
c:\documents and settings\Teressa\My Documents\~WRL0604.tmp
c:\documents and settings\Teressa\My Documents\~WRL1261.tmp
c:\documents and settings\Teressa\My Documents\~WRL1708.tmp
c:\documents and settings\Teressa\My Documents\~WRL2155.tmp
c:\documents and settings\Teressa\My Documents\~WRL2616.tmp
c:\documents and settings\Teressa\My Documents\~WRL2802.tmp
c:\documents and settings\Teressa\My Documents\~WRL2959.tmp
c:\documents and settings\Teressa\My Documents\~WRL3850.tmp
c:\documents and settings\Teressa\My Documents\~WRL3982.tmp
c:\documents and settings\Teressa\My Documents\~WRL3994.tmp
c:\documents and settings\Teressa\My Documents\Con63B.tmp
c:\documents and settings\Teressa\Recent\Internet Radio on Yahoo! Music.url
c:\documents and settings\Teressa\Recent\Music Videos & More on Yahoo! Music.url
c:\documents and settings\Teressa\WINDOWS
C:\Logo.sys
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc1.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc10.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc11.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc12.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc13.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc14.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc15.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc16.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc17.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc18.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc19.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc2.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc20.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc21.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc22.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc23.jpg
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc3.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc4.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc5.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc6.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc7.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc8.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\Dc9.JPG
c:\recycler(2)\S-1-5-21-2305011698-3870448665-3586125232-1007(2)\INFO2
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\iun6002.exe
c:\windows\msdownld.tmp
c:\windows\patch.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\01adf5d15d97b6e4.fb
c:\windows\system32\Cache\02b95cd2aa334bac.fb
c:\windows\system32\Cache\15f3598777c6dac2.fb
c:\windows\system32\Cache\19e3385f14d9c159.fb
c:\windows\system32\Cache\1e0094425ba202ae.fb
c:\windows\system32\Cache\232b9ead903778ac.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2aacccb09fa2936b.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\336eaebf57489d5f.fb
c:\windows\system32\Cache\33f8d6fecf685019.fb
c:\windows\system32\Cache\3524a3af08338341.fb
c:\windows\system32\Cache\3667b0c35d2626f2.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3af4c95f9d1dd886.fb
c:\windows\system32\Cache\3c259ad1282f8f3a.fb
c:\windows\system32\Cache\437c7c64c91b53dd.fb
c:\windows\system32\Cache\48b06b9147afe953.fb
c:\windows\system32\Cache\4ca5f3f4716ef8be.fb
c:\windows\system32\Cache\4cc7e5e43d487072.fb
c:\windows\system32\Cache\4ea7207fdee54a68.fb
c:\windows\system32\Cache\569adf128ac79dc1.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6924b8a080aba9f8.fb
c:\windows\system32\Cache\6b280a50882c71c8.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6e75f2e7ca63d88f.fb
c:\windows\system32\Cache\77af3f161fcfc107.fb
c:\windows\system32\Cache\82e6b873b8f9143e.fb
c:\windows\system32\Cache\868a83c988574375.fb
c:\windows\system32\Cache\8d1fbe47f181c6f7.fb
c:\windows\system32\Cache\919f4c616acd2a0d.fb
c:\windows\system32\Cache\9297368afa358903.fb
c:\windows\system32\Cache\9414897813416f22.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9ce3d1a8a170a741.fb
c:\windows\system32\Cache\9e8c265ef34fbc2e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\aa800fad876be2e4.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b233a95127f6083d.fb
c:\windows\system32\Cache\b996746ccefb0862.fb
c:\windows\system32\Cache\b9da13ecddef75f6.fb
c:\windows\system32\Cache\bd74a965b6f2401d.fb
c:\windows\system32\Cache\bea1dfad97e41284.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c265976e30d02c76.fb
c:\windows\system32\Cache\c2f29fecd911835b.fb
c:\windows\system32\Cache\c3cab96cf2c9e1a0.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d548ec59186e4d0e.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dc5791a6f060f776.fb
c:\windows\system32\Cache\dc6913fd72a07ec2.fb
c:\windows\system32\Cache\dfde4200972f200a.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e490277da17aa845.fb
c:\windows\system32\Cache\e4eae1582049203a.fb
c:\windows\system32\Cache\e5c5fdaff7bcd6e2.fb
c:\windows\system32\Cache\e89661a14daf6719.fb
c:\windows\system32\Cache\e8b1dc89a419fa72.fb
c:\windows\system32\Cache\ee87071ae4bcb1cf.fb
c:\windows\system32\Cache\ef3280fa67020706.fb
c:\windows\system32\Cache\f3d8af81b4e75268.fb
c:\windows\system32\Cache\f777207749809af7.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\EV02
c:\windows\system32\ntnet.drv
c:\windows\system32\SETB3C.tmp
c:\windows\system32\SETB41.tmp
c:\windows\system32\SETB48.tmp
c:\windows\system32\SETB51.tmp
c:\windows\system32\SETB53.tmp
c:\windows\system32\SETB55.tmp
c:\windows\system32\SETB56.tmp
c:\windows\system32\setb9.tmp
c:\windows\wmsysprx.prx
c:\windows\XSxS
C:\WindowsXP-KB944781-x86-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-05-23 to 2017-06-23  )))))))))))))))))))))))))))))))
.
.
2017-06-22 19:50 . 2017-06-22 19:59    --------    d-----w-    C:\FRST
2017-06-21 04:42 . 2017-06-21 04:42    --------    d-----w-    c:\documents and settings\Teressa\Local Settings\Application Data\ESET
2017-06-18 21:04 . 2017-06-18 21:03    331896    ----a-w-    c:\windows\system32\avgBoot.exe
2017-06-16 20:10 . 2017-06-16 22:10    --------    d-----w-    C:\AdwCleaner
2017-06-16 05:42 . 2017-06-16 05:42    147232    ----a-w-    c:\windows\system32\drivers\MBAMChameleon.sys
2017-06-16 05:36 . 2017-06-23 02:37    39840    ----a-w-    c:\windows\system32\drivers\mbam.sys
2017-06-16 05:36 . 2017-06-23 02:36    220576    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-16 05:35 . 2017-05-25 16:58    59936    ----a-w-    c:\windows\system32\drivers\mbae.sys
2017-06-16 05:34 . 2017-06-16 05:34    --------    d-----w-    c:\program files\Malwarebytes
2017-06-16 02:33 . 2017-06-16 02:33    --------    d-sh--w-    c:\documents and settings\Administrator.PROSPERITY\PrivacIE
2017-06-15 23:18 . 2017-06-15 23:18    --------    d-----w-    c:\documents and settings\Administrator.PROSPERITY\Local Settings\Application Data\Google
2017-06-04 04:38 . 2017-06-04 04:38    17404160    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-15 11:44 . 2012-10-25 21:00    803328    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2017-06-15 11:44 . 2011-05-13 04:24    144896    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2007-07-18 06:36 . 2007-07-18 06:36    336    -c--a-w-    c:\program files\temp995.bat
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-03-21 13:15    576408    ----a-w-    c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Teressa\Application Data\mjusbsp\cdloader2.exe" [2014-07-04 51592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="c:\windows\system32\dumprep 0 -k" [X]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2003-01-31 196608]
"AvgUi"="c:\program files\AVG\Framework\Common\avguirnx.exe" [2017-05-31 220288]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
"AVGUI.exe"="c:\program files\AVG\Antivirus\AvLaunch.exe" [2017-06-18 263232]
.
c:\documents and settings\Teressa\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2016-10-31 823992]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-01-20 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CallWave.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
backup=c:\windows\pss\CallWave.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup=c:\windows\pss\SBC Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^Sonic INSTALLit! Setup.lnk]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\Sonic INSTALLit! Setup.lnk
backup=c:\windows\pss\Sonic INSTALLit! Setup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Teressa^Start Menu^Programs^Startup^WKSCAL.EXE]
path=c:\documents and settings\Teressa\Start Menu\Programs\Startup\WKSCAL.EXE
backup=c:\windows\pss\WKSCAL.EXEStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    -c--a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 09:59    122880    ----a-w-    c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01    135264    ----a-w-    c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-24 01:34    827904    -c--a-w-    c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
2003-08-13 16:27    28672    -c--a-w-    c:\windows\SYSTEM32\DSentry.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2015-08-30 15:32    144200    ----atw-    c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17    49152    ----a-w-    c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-31 00:55    311296    ----a-w-    c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-08-25 16:11    221184    ----a-w-    c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 16:44    81920    -c--a-w-    c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-08-20 18:25    2363392    ----a-w-    c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2006-01-17 18:03    53248    ----a-w-    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2003-12-10 10:52    380928    ----a-w-    c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12    1695232    ----a-w-    c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2003-04-24 22:58    4616192    -c--a-w-    c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2003-08-27 01:47    204800    -c----w-    c:\program files\Dell\Media Experience\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-28 22:37    68856    ----a-w-    c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00    90112    ------w-    c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-10-31 21:38    2072928    ----a-w-    c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Teressa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Teressa\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Documents and Settings\\Teressa\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5070:UDP"= 5070:UDP:UDP
.
R0 avgbidsh;avgbidsh;\SystemRoot\\SystemRoot\system32\drivers\avgbidshx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgbidshx.sys [?]
R0 avgblog;avgblog;\SystemRoot\\SystemRoot\system32\drivers\avgblogx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgblogx.sys [?]
R0 avgbuniv;avgbuniv;\SystemRoot\\SystemRoot\system32\drivers\avgbunivx.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgbunivx.sys [?]
R0 avgRvrt;avgRvrt;\SystemRoot\\SystemRoot\system32\drivers\avgRvrt.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgRvrt.sys [?]
R0 avgVmm;avgVmm;\SystemRoot\\SystemRoot\system32\drivers\avgVmm.sys --> \SystemRoot\\SystemRoot\system32\drivers\avgVmm.sys [?]
R0 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [1/30/2010 12:05 AM 717296]
R1 avgbdisk;avgbdisk;c:\windows\SYSTEM32\DRIVERS\avgbdiskx.sys [6/18/2017 4:06 PM 135872]
R1 avgbidsdriver;avgbidsdriver;c:\windows\SYSTEM32\DRIVERS\avgbidsdriverx.sys [6/18/2017 4:06 PM 260616]
R1 avgRdr;avgRdr;c:\windows\SYSTEM32\DRIVERS\avgRdr.sys [6/18/2017 4:06 PM 61888]
R1 avgSnx;avgSnx;c:\windows\SYSTEM32\DRIVERS\avgSnx.sys [6/18/2017 4:06 PM 765704]
R1 avgSP;avgSP;c:\windows\SYSTEM32\DRIVERS\avgSP.sys [6/18/2017 4:06 PM 483736]
R1 MBAMChameleon;MBAMChameleon;c:\windows\SYSTEM32\DRIVERS\MBAMChameleon.sys [6/16/2017 12:42 AM 147232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [5/28/2008 11:33 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 11:33 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [8/4/2010 3:39 AM 143776]
R2 AVG Antivirus;AVG Antivirus;c:\program files\AVG\Antivirus\AVGSvc.exe [6/18/2017 4:03 PM 264432]
R2 avgMonFlt;avgMonFlt;c:\windows\SYSTEM32\DRIVERS\avgMonFlt.sys [6/18/2017 4:06 PM 109056]
R2 avgsvc;AVG Service;c:\program files\AVG\Framework\Common\avgsvcx.exe [5/31/2017 2:46 PM 1189720]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [8/10/2016 4:20 AM 142432]
R3 avgStmXP;avgStmXP;c:\windows\SYSTEM32\DRIVERS\avgstmxp.sys [6/18/2017 4:06 PM 182208]
R3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\SYSTEM32\DRIVERS\plturbo.sys [6/15/2010 9:40 PM 16640]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [11/5/2010 2:53 PM 11520]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\MBAMService.exe [6/16/2017 12:35 AM 3398608]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\SYSTEM32\DRIVERS\lgandbus.sys [6/30/2015 9:05 AM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\SYSTEM32\DRIVERS\lganddiag.sys [6/30/2015 9:05 AM 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\SYSTEM32\DRIVERS\lgandgps.sys [6/30/2015 9:05 AM 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\SYSTEM32\DRIVERS\lgandmodem.sys [6/30/2015 9:05 AM 25088]
S3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\SYSTEM32\DRIVERS\lgandnetbus.sys [6/30/2015 9:05 AM 15744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\SYSTEM32\DRIVERS\lgandnetdiag.sys [6/30/2015 9:05 AM 24576]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\SYSTEM32\DRIVERS\lgandnetmodem.sys [6/30/2015 9:05 AM 29696]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\SYSTEM32\DRIVERS\lgandnetndis.sys [6/30/2015 9:05 AM 70784]
S3 avgbIDSAgent;avgbIDSAgent;c:\program files\AVG\Antivirus\aswidsagent.exe [6/18/2017 4:03 PM 5782800]
S3 avgHwid;avgHwid;c:\windows\SYSTEM32\DRIVERS\avgHwid.sys [6/18/2017 4:06 PM 35264]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\SYSTEM32\DRIVERS\hphius09.sys [1/30/2003 7:55 PM 18864]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/29/2002 6:00 AM 14336]
S3 OlCamudp;OLYMPUS Digital Camera;c:\windows\SYSTEM32\DRIVERS\olcamudp.sys [2/7/2004 2:53 PM 10379]
S3 pcouffin;VSO Software pcouffin;c:\windows\SYSTEM32\DRIVERS\pcouffin.sys [3/17/2010 11:45 PM 47360]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\SYSTEM32\DRIVERS\plturbh.sys [6/15/2010 9:40 PM 16384]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 11:33 AM 12872]
S3 WsDrvInst;Wondershare Driver Install Service;c:\program files\Wondershare\MobileTrans\DriverInstall.exe [8/14/2015 10:28 PM 103824]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08
getPlusHelper    REG_MULTI_SZ       getPlusHelper
nosGetPlusHelper    REG_MULTI_SZ       nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2017-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-25 11:44]
.
2017-06-23 c:\windows\Tasks\Antivirus Emergency Update.job
- c:\program files\AVG\Antivirus\AvEmUpdate.exe [2017-06-18 21:03]
.
2017-06-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-07 15:10]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:59]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 00:59]
.
2017-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007Core.job
- c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 15:32]
.
2017-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2305011698-3870448665-3586125232-1007UA.job
- c:\documents and settings\Teressa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-15 15:32]
.
2017-06-23 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2017-06-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-14 01:59]
.
2017-06-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d042d7f0-b447-43c2-9df7-c1b4590c06cf.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-01-20 04:30]
.
2017-06-23 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d45f8666-238a-4a83-b91b-5f0b7c6e7bce.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-01-20 04:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
Trusted Zone: avg.com\www.update
Trusted Zone: avg.cz\backup
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Teressa\Application Data\Mozilla\Firefox\Profiles\ddcwdccw.default-1497918994859\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKU-Default-RunOnce-AutoLaunch - c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe
MSConfigStartUp-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AnyDVD - c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-Dropbox Update - c:\documents and settings\Teressa\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Spotify - c:\documents and settings\Teressa\Application Data\Spotify\Spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\documents and settings\Teressa\Application Data\Spotify\SpotifyWebHelper.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
MSConfigStartUp-UpdateManager - c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
MSConfigStartUp-YBrowser - c:\progra~1\Yahoo!\browser\ybrwicon.exe
AddRemove-AVG Web TuneUp - c:\program files\AVG Web TuneUp\UNINSTALL.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2017-06-22 23:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2305011698-3870448665-3586125232-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2017-06-22  23:46:47
ComboFix-quarantined-files.txt  2017-06-23 04:46
ComboFix2.txt  2009-06-18 22:04
.
Pre-Run: 26,920,128,512 bytes free
Post-Run: 27,495,890,944 bytes free
.
- - End Of File - - 5607C939C2D465E5E36BF2D8FCAFDD8E
8F558EB6672622401DA993E1E865C861

Above is the ComboScan Results.  However it failed to install the Recovery Console, but I went ahead with the scan.

TDSSKiller

• Download TDSSKiller from BleepingComputer, then move the executable file on your Desktop;
  
• Right-click on tdsskiller.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  
• Accept the End User Licence Agreement (EULA) and the KSN Statement;
  
• Once the application is done initializing, click on the Change parameters button;
  
• In addition to the current checked boxes, check these two as well:
  
  
  
  • Verify file digital signature;
    
  • Detect TDLFS file system;
    
  
  
  
• Once done, click on Ok then click on Start scan;
  
• After the scan is complete, click on the Report button, in the top right corner;
  
• A report window will open with the scan log. Copy and paste it in your next reply;
  

---

We need to perform a scan with HitmanPro

• Please download HitmanPro from here (32-bit) or here (64-bit).
  
• Double click on to start the program. (Windows Vista/7/8 users: Accept UAC warning if it is activated)
  Note: If HitmanPro refuses to start then please hold down Ctrl when starting HitmanPro to activate Force Breach.
  
• When HitmanPro's main screen appears, choose Next.
  
• Place a checkmark in I accept the terms of the license agreement, then click Next.
  
• Choose No, I only want to perform a one-time scan on this computer, then click Next.
  
• Wait for HitmanPro to finish scanning your computer. This should take about 5 to 10 minutes.
  
• When the scan is finished, all detected items will be displayed.
  
• Referring to the screenshot below, click on the dropdown menu of an item in the list (if any) -> choose Apply to all -> click Ignore <= IMPORTANT!
  [img=https://i.imgur.com/Iph88Ru.png]
  
• This should apply the "Ignore" function to all detected items in the list. Then click Next.
  
• Click Save log at the bottom of the HitmanPro window, and save the opened file to your Desktop.
  [img=https://i.imgur.com/SreJ8pi.png]
  
• Please Copy and Paste the contents of the log in your next reply.
  

---

Please launch Malwarebytes scanner which you have installed on your computer.

• On the Dashboard, select Settings.
  
• Click on Protection.
  
• Ensure that Scan for rootkits is checked. If not, check it.
  
• If you are notified the Database is out of date, click Update Now.
  
• Click Scan now.
  
• When completed, click the down arrow on Export Log and select Text file (*.txt).
  
• Save the file to your desktop as MBAM.txt.
  
• Click Apply Actions, then restart your computer, if requested.
  
• Please copy and paste the contents of MBAM.txt into your next reply. Also, indicate if it was successful.
  

There is not a live link for Hitman Pro, above

Sorry, I found the link

TDSSKILLER, does not provide an option to copy the log file.  I can highlight, but I can not right click, copy.  I tried alt print, and that only captures the screen showing.  The scan showed no threats found.

HitmanPro results,

MBam Summary Log

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/24/17
Scan Time: 4:07 AM
Log File: Mbam.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2221
License: Trial

-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: PROSPERITY\Teressa

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384774
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 hr, 52 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Internet Explorer still has connection problems.  This is what I get when I select Diagnose,

Please open Notepad (type notepad in the search box)

Next copy and paste the text inside the code box below into notepad:

• Name the file as fixit.bat, making sure save as type is set to " All Files ".
  
• Right click on fixit.bat & Run as admin <-- IMPORTANT.
  
• Reboot your computer.
  
• Post the fixit.txt log (on your desktop) for my review.
  

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.

Still have the same problem with Internet Explorer

resetting Internet Explorer settings: https://support.microsoft.com/en-us/help/17441/windows-internet-explorer-change-reset-settings

The reset had no effect.

Okay, we will not give up. Let us keep going, it's just those things had to be out of the way initially in hopes they solve...

If you have copies of any of these tools, delete the old copies and download new copies. Both tools have had recent updates.

Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.

• Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  
• Follow the prompts and let this process run uninterrupted.
  
• This scan can take a while, depending on your System specs.
  
• Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.


Please also manually reboot your machine after this procedure.

Please download Malwarebytes' AdwCleaner onto your Desktop.

• Double click on AdwCleaner_xxxx.exe to run the tool.
  
• Click on Scan.
  
• After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  
• You can find the logfile at C:\AdwCleaner[Sx].txt as well.
  

Do not forget to re-enable your previously switched off protection software!

This is the JRT results,

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by Teressa (Administrator) on Sat 07/15/2017 at 14:06:44.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/15/2017 at 14:14:57.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And... AdwCleaner...?

This is Adwcleaner

# AdwCleaner v6.047 - Logfile created 16/07/2017 at 00:50:00
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-19.1 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : Teressa - PROSPERITY
# Running from : C:\Documents and Settings\Teressa\Desktop\adwcleaner_6.047.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [18055 Bytes] - [16/06/2017 17:10:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [17092 Bytes] - [16/06/2017 15:17:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [16959 Bytes] - [16/06/2017 15:50:56]
C:\AdwCleaner\AdwCleaner[S2].txt - [17033 Bytes] - [16/06/2017 15:54:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [17107 Bytes] - [16/06/2017 16:52:07]
C:\AdwCleaner\AdwCleaner[S4].txt - [1553 Bytes] - [16/07/2017 00:45:30]
C:\AdwCleaner\AdwCleaner[S5].txt - [1474 Bytes] - [16/07/2017 00:50:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1547 Bytes] ##########

Please download Hitman Pro

• After the download completes please double click the program to run it.
  
• Accept the terms of the license agreement and click Next
  
• Let the scan run. It will not take long
  
• When the scan finishes, and all the files have been uploaded to the Scan Cloud, click Next
  
• Click Next again. At the bottom left you will see Export Scan Results To XML File. Click that and save it in a convenient location
  
• Upload log.xml here for review please